CVE-2024-0131 |
Description: NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
![]() |
Description: The first Apple-notarized porn app, "Hot Tub," is now available to iPhone users in Europe through the alternative app marketplace, AltStore PAL. [...]
February 4th, 2025 (5 months ago)
|
CVE-2025-24959 |
Description: Impact
This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1.
An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through dotenv.stringify are particularly vulnerable.
Patches
This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability.
Workarounds
If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to dotenv.stringify. Specifically, avoid using ", ', and backticks in values, or enforce strict validation of environment variables before usage.
References
Issue Report
Security Policy
Google Vulnerability Disclosure
Patch
References
https://github.com/google/zx/security/advisories/GHSA-qwp8-x4ff-5h87
https://nvd.nist.gov/vuln/detail/CVE-2025-24959
https://github.com/google/zx/pull/1094
https://github.com/google/zx/commit/5ba714d14ecf0555a74d4db96622840ac19839c5
https://github.com/webpod/envapi/blob/v0.2.1/src/main/ts/envapi.ts#L74-L77
https://github.com/advisories/GHSA-qwp8-x4ff-5h87
EPSS Score: 0.04%
February 3rd, 2025 (5 months ago)
|
![]() |
February 3rd, 2025 (5 months ago)
|
![]() |
February 3rd, 2025 (5 months ago)
|
![]() |
February 3rd, 2025 (5 months ago)
|
![]() |
February 3rd, 2025 (5 months ago)
|
![]() |
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
February 3rd, 2025 (5 months ago)
|
![]() |
Description: Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, continued to thrive in a record-breaking year for ransomware.
February 3rd, 2025 (5 months ago)
|
![]() |
Description: Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. [...]
February 3rd, 2025 (5 months ago)
|