CVE-2026-33646

CVE-2026-33646 affects Mise: prior to 2026.3.10, Processed .tool-versions with Tera where exec() is registered, allowing arbitrary code execution when a malicious .tool-versions file is parsed during shell CD hooks. Unlike .mise.toml, .tool-versions is not trusted in non-paranoid mode, so an atta...

CVE-2026-33646

creationtimestamp| type| source ---|---|--- 2026-06-12 15:56:16+00:00| published-proof-of-concept| https://github.com/jdx/mise/security/advisories/GHSA-fjj5-v948-whjj 2026-06-26 19:05:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7na4xe2m2c...

RockyLinux 8 : libtar (RLSA-2023:2898)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2898 advisory. libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname CVE-2021-33644 libtar: memory leak found in thread...

EUVD-2025-33646

Malicious code in mad-1.4.2.2.2.8 npm...

Linux Distros Unpatched Vulnerability : CVE-2021-33646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The thread function doesn't free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak. CVE-2021-33646 Note that Nessus relies o...

CVE-2024-33646

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting XSS.This issue affects Sticky Anything: from n/a through 2.1.5...

CBL Mariner 2.0 Security Update: libtar (CVE-2021-33646)

The version of libtar installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33646 advisory. - The thread function doesn't free a variable t-thbuf.gnulongname after allocating memory, which may cause a...

CVE-2024-33646

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting XSS.This issue affects Sticky Anything: from n/a through 2.1.5...

CVE-2024-33646

CVE-2024-33646 (Sticky Anything, Toast plugin) affects the WordPress plugin Sticky Anything (Toast Stick Anything) up to version 2.1.5. The connected documents indicate a Missing Authorization issue that allows a CSRF attack to trigger a Cross‑Site Scripting (XSS) condition. The description from ...

CVE-2024-33646 WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting XSS.This issue affects Sticky Anything: from n/a through 2.1.5...

WordPress Sticky Anything Plugin <= 2.1.5 is vulnerable to Broken Access Control

Software Sticky Anything Type Plugin Vulnerable versions = 2.1.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33646 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da01f8f0e18d Credits Dimas Maulana Required...

CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11

CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11. A patched version of the package is available...

Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2023-2224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libtar security update

1.2.20-17 - fix use-after-free bugs introduced by incorrect memleak fixes CVE-2021-33640 1.2.20-16 - fix memory leaks through gnulongname,link CVE-2021-33645 CVE-2021-33646 - fix out-of-bounds read in gnulongname,link CVE-2021-33643 CVE-2021-33644...

RHEL 8 : libtar (RHSA-2023:2898)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2898 advisory. The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the...

Moderate: Red Hat Security Advisory: libtar security update

An update for libtar is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2023:2898 Moderate: libtar security update

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...

Moderate: libtar security update

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...

Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2023-1753)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : libtar (EulerOS-SA-2023-1753)

According to the versions of the libtar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a...