Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...

CVE-2026-3256

creationtimestamp| type| source ---|---|--- 2026-03-28 19:36:20+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mi5expw7ul26 2026-03-31 21:19:21+00:00| published-proof-of-concept| Telegram/fvcDlylB6Q78KniI1pBDCXqCziRIFy6eVM6L3PvvuY9d-E4...

MiracleLinux 3 : freetype-2.2.1-28.1.0.2.AXS3 (AXSA:2011-339:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-339:01 advisory. The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments...

CVE-2025-54166

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...

MINI-3256-RWG7-G8XR

Bulletin has no description...

CVE-2025-3256

A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has bee...

CVE-2025-3256

creationtimestamp| type| source ---|---|--- 2025-04-04 16:36:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10484 2025-04-04 20:31:59+00:00| seen| https://t.me/cvedetector/22146...

CVE-2025-3256

CVE-2025-3256 affects xujiangfei admintwo 1.0. The vulnerability resides in the /user/updateSet functionality, where manipulation of the email parameter leads to improper access controls. This could enable a remote attacker to bypass authorization. Publicly disclosed exploit information is noted ...

CVE-2025-3256 xujiangfei admintwo updateSet access control

A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has bee...

Linux Distros Unpatched Vulnerability : CVE-2022-3256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in GitHub repository vim/vim prior to 9.0.0530. CVE-2022-3256 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2024-3256

creationtimestamp| type| source ---|---|--- 2025-02-14 10:01:37+00:00| seen| Telegram/SSQQvuTMC2yxwy3WUDL9mpvBY4nHXgisDBAu4mkujYvFMs 2025-02-27 20:25:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5778...

CGA-JGVM-9X3C-3256

Bulletin has no description...

Fedora 37 : vim (2022-4bc60c32a2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-4bc60c32a2 advisory. Security fix for CVE-2022-3705 2139842 - vim upgrade broke :! for displaying terminal output ---- patchlevel 803 ---- The newest upstream commit...

CVE-2024-3256 SourceCodester Internship Portal Management System edit_activity.php sql injection

A vulnerability has been found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/editactivity.php. The manipulation of the argument activityid leads to sql injection. The attack can be...

CVE-2024-3256

CVE-2024-3256 affects SourceCodester Internship Portal Management System 1.0. The vulnerability is an SQL injection in the admin/edit_activity.php file, triggered by the activity_id parameter. It is exploitable remotely, with public disclosure noted in sources. Multiple feeds (NVD, Red Hat, CVE l...

CVE-2024-3256 SourceCodester Internship Portal Management System edit_activity.php sql injection

A vulnerability has been found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/editactivity.php. The manipulation of the argument activityid leads to sql injection. The attack can be...

Ubuntu: Security Advisory (USN-6420-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6420-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6420-1 advisory. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening ...

BELL-CVE-2022-3256 CVE-2022-3256 does not affect BellSoft software

Bulletin has no description...