Lucene search
K

116 matches found

RedHat Linux
RedHat Linux
added 2026/07/07 8:17 p.m.2 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.1AI score0.0032EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 4:54 p.m.5 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 7:55 a.m.8 views

EUVD-2026-41827

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

5.3CVSS6AI score0.00451EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 8:16 p.m.8 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

10CVSS0.0024EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.17 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1839)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1839 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

8CVSS6.2AI score0.0032EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/21 1:38 p.m.12 views

Malicious code in jsonschema-viewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/20 6:23 p.m.3 views

SUSE-SU-2026:22300-1 Security update for python-pip

This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...

8CVSS7.3AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:17 p.m.2 views

OPENSUSE-SU-2026:20993-1 Security update for python-pip

This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...

8CVSS5.9AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.16 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/01 2:15 p.m.11 views

GHSA-Q53Q-5R4J-5729 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

8.7CVSS5.9AI score0.00058EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/01 2:15 p.m.21 views

rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

5.9AI score0.00058EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45490

Summary EntryPoint::FromStr in rattler conda types performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

8.7CVSS5.9AI score0.00058EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 7:26 p.m.28 views

GHSA-4GG8-GXPX-9RPH uv is vulnerable to arbitrary file write through entry point names

Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...

6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 7:26 p.m.42 views

uv is vulnerable to arbitrary file write through entry point names

Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...

6.2AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-47548

Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under console scripts or gui scripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...

6AI score
Exploits0References3
CVE
CVE
added 2026/05/28 2:28 p.m.25 views

CVE-2026-44358

The CVE-2026-44358 affects Espressif Shared GitHub DangerJS, a reusable GitHub Action for Espressif projects. Before 1.0.1, the action’s entrypoint.sh invoked DangerJS from the caller’s workspace after copying the fork’s checkout, creating an untrusted search path for binary and Node.js module re...

8.2CVSS6AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...

4.1CVSS5.9AI score0.0032EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities arise from the system’s testing entry point using File.realpath ...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in edk2

Existing checks in SmmEntryPoint will not catch underflow when calculating BufferSize...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29109

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

5.8AI score0.00199EPSS
Exploits0References2
Rows per page
Query Builder