CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 10t-images-to-pdf (=1.0.3) +12795 more potentially affected by CVE-2026-23950 via tar (>=7.0.0 <=7.5.3)

tar NPM version =7.0.0, =0.1.0-dev.0de2bc6, =0.0.1, =3.1.2, =1.0.1, =4.11.0, =1.0.1, =1.31.1, =2.0.0, =0.1.0, =0.1.0, =1.7.0-beta.7, =0.1.0, =0.1.7 and more Source cves: CVE-2026-23950 Source advisory: SNYK:JS-TAR-15038581...

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

DEBIAN-CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2026-23745

node-tar (Tar for Node.js) vulnerability CVE-2026-23745: the library fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false, allowing bypass of extraction root restrictions and leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning ...

PT-2026-3329

Name of the Vulnerable Software and Affected Versions node-tar versions = 7.5.2 Description The node-tar library fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false, which is the default secure behavior. This allows malicious archives to bypass...

CVE-2024-57695

An issue in Agnitum Outpost Security Suite 7.5.3 3942.608.1810 and 7.6 3984.693.1842 allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 4164.652.1856 from December 17, 2012...

Parse Server 代码问题漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions 4.2.0 through 7.5.3 and 8.0.0 through 8.3.1-alpha.1, which stems from improper handling of the uri...

Authorization Bypass Through User-Controlled Key

Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the identity parameter when saving user-submitted data. An attacker can gain unauthorized access and modify sensitive...

CVE-2025-46233 WordPress Sirv plugin <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sirv CDN and Image Hosting Sirv sirv allows Stored XSS.This issue affects Sirv: from n/a through = 7.5.3...

CVE-2025-46233 WordPress Sirv plugin <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sirv CDN and Image Hosting Sirv sirv allows Stored XSS.This issue affects Sirv: from n/a through = 7.5.3...

LibreOffice 7.4 < 7.4.7 / 7.5 < 7.5.3 Array Index UnderFlow (macOS)

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used 'floating frames' linked to external files, would lo...

Vulnerabilities fixed in LibreOffice

The Document Foundation has fixed two vulnerabilities in LibreOffice. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly execute code with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious document to...

PT-2023-2959

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 7.4.7 LibreOffice versions prior to 7.5.3 Description The issue is related to improper access control in the editor components of LibreOffice, allowing an attacker to craft a document that loads external links...

RHEL 7 : Red Hat Single Sign-On 7.5.3 security update on RHEL 7 (Moderate) (RHSA-2022:6782)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6782 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...