CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added yesterday•4 views

BIT-PYTHON-MIN-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.4AI score0.00028EPSS

Exploits0References5

OSV•added yesterday•4 views

BIT-LIBPYTHON-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

6.9CVSS5.5AI score0.00028EPSS

Exploits0References5

EUVD•added 5 days ago•6 views

EUVD-2026-34282

6.9CVSS5.8AI score0.00028EPSS

CVE•added 5 days ago•12 views

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

6.9CVSS5.8AI score0.00028EPSS

Exploits0References4

OSV•added 5 days ago•7 views

RLSA-2026:21676 Important: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...

Rockylinux•added 5 days ago•6 views

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. I...

Tenable Nessus•added 5 days ago•6 views

Exploits0

RockyLinux 10 : cockpit (RLSA-2026:21676)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...

NVD•added 6 days ago•5 views

CVE-2026-20175

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS0.00021EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•6 views

CVE-2026-20175

6.1CVSS6.1AI score0.00021EPSS

Exploits0References2Affected Software1

EUVD•added 6 days ago•7 views

EUVD-2026-34136

6.1CVSS6.1AI score0.00021EPSS

Exploits0References1

Positive Technologies•added 6 days ago•10 views

PT-2026-45986

Name of the Vulnerable Software and Affected Versions Cisco Finesse affected versions not specified Description Insufficient validation of user-supplied input for HTTP requests allows an unauthenticated remote attacker to load arbitrary files from remote locations into an active user session. An...

6.1CVSS6.1AI score0.00021EPSS

Exploits0References4

OSV•added 2026/05/30 6:3 p.m.•12 views

RLSA-2026:21468 Important: cockpit security update

Rockylinux•added 2026/05/30 6:3 p.m.•10 views

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

Tenable Nessus•added 2026/05/30 12:0 a.m.•5 views

Exploits0

RockyLinux 9 : cockpit (RLSA-2026:21468)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21468 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

Rockylinux•added 2026/05/29 6:0 a.m.•11 views

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

OSV•added 2026/05/29 6:0 a.m.•7 views

Exploits0

RLSA-2026:21700 Important: cockpit security update

Tenable Nessus•added 2026/05/29 12:0 a.m.•8 views

RockyLinux 8 : cockpit (RLSA-2026:21700)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

Tenable Nessus•added 2026/05/29 12:0 a.m.•9 views

RHEL 9 : cockpit (RHSA-2026:21392)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21392 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...