CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

Veracode•added 2026/03/25 10:14 a.m.•2 views

Improper Handling Of Symbolic Links

github.com/argoproj/argo-workflows is vulnerable to Improper Handling Of Symbolic Links. The vulnerability is due to flawed validation in the untar process when resolving symbolic links, which allows an attacker to overwrite critical files such as /var/run/argo/argoexec with a malicious script th...

8.1CVSS7.1AI score0.00089EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2026/03/10 12:0 a.m.•0 views

EulerOS 2.0 SP13 : tar (EulerOS-SA-2026-1263)

According to the versions of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must...

4.1CVSS5.9AI score0.0013EPSS

Exploits1References2

NVD•added 2026/01/20 3:16 p.m.•2 views

CVE-2025-12985

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...

8.4CVSS0.00024EPSS

Exploits0References1

OSV•added 2026/01/16 11:59 a.m.•5 views

OESA-2026-1096 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...

4.1CVSS6.9AI score0.0013EPSS

Exploits1References2

OSV•added 2026/01/16 11:59 a.m.•6 views

OESA-2026-1095 tar security update

4.1CVSS6.9AI score0.0013EPSS

Exploits1References2

RedhatCVE•added 2026/01/07 9:18 a.m.•9 views

CVE-2025-1555

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the publ...

7.5CVSS6.7AI score0.0004EPSS

Exploits0References1

Veracode•added 2025/12/13 7:42 a.m.•4 views

Arbitrary File Upload

open-webui is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded file content types and user-controlled filenames, which allows an attacker to overwrite critical files and potentially execute arbitrary code...

8.1CVSS8.1AI score0.02108EPSS

Exploits0References4Affected Software1

Snyk•added 2025/12/09 7:41 a.m.•3 views

Insecure Temporary File

Overview net.sf.robocode:robocode.battle is a Build the best - destroy the rest! Affected versions of this package are vulnerable to Insecure Temporary File via the createTempFile function. An attacker can execute arbitrary code or overwrite critical files by manipulating the temporary file...

9.3CVSS7.8AI score0.00057EPSS

Exploits0References2

GithubExploit•added 2025/11/19 7:56 p.m.•253 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 introduction below versions v0.9.0 ar...

6.8CVSS7.7AI score0.00132EPSS

Exploits22

OSV•added 2025/11/03 3:23 p.m.•2 views

JLSEC-2025-197 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.9AI score0.0013EPSS

Exploits1References6