Lucene search
K

211 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

pyLoad 路径遍历漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained a path traversal vulnerability. This vulnerability stemmed from the safeextractall function, which used os.path.commonprefix for path traversal checks. Instead of performing path-level...

6.5CVSS5.8AI score0.00255EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-32808

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS5.8AI score0.00327EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 4:39 a.m.1 views

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal during the password verification of encrypted 7z archives with non-encrypted headers. An attacker can delete arbitrary files outside the...

8.1CVSS6.5AI score0.00327EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 1:45 a.m.27 views

CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS0.00327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 1:45 a.m.4 views

CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS5.8AI score0.00327EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:45 a.m.4 views

CVE-2026-32808

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS5.8AI score0.00327EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/19 2:16 a.m.6 views

CVE-2026-27670

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...

5.8CVSS0.00081EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 11:44 p.m.7 views

EUVD-2026-10403

node-tar Symlink Path Traversal via Drive-Relative Linkpath...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3
Github Security Blog
Github Security Blog
added 2026/03/10 6:31 p.m.6 views

Vaadin: Specially crafted ZIP archives can escape the intended extraction directory

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

6.8CVSS5.8AI score0.00342EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/10 7:44 a.m.3 views

DEBIAN-CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

5.5CVSS7.5AI score0.00253EPSS
Exploits4References1
OSV
OSV
added 2026/03/10 7:44 a.m.12 views

UBUNTU-CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3
OSV
OSV
added 2026/03/09 9:11 p.m.4 views

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References4
Vulnrichment
Vulnrichment
added 2026/03/09 9:11 p.m.3 views

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References2
OSV
OSV
added 2026/03/07 4:15 p.m.5 views

AZL-79553 CVE-2026-29786 affecting package tar 1.35-2

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.6CVSS6.1AI score0.00408EPSS
Exploits2References1
NVD
NVD
added 2026/03/07 4:15 p.m.5 views

CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.6CVSS0.00408EPSS
Exploits2References5
OSV
OSV
added 2026/03/07 4:15 p.m.4 views

UBUNTU-CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.6CVSS5.8AI score0.00408EPSS
Exploits2References4
OSV
OSV
added 2026/03/07 3:32 p.m.3 views

CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.2CVSS5.7AI score0.00408EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:32 p.m.4 views

CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.2CVSS5.7AI score0.00408EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/03/07 3:32 p.m.63 views

CVE-2026-29786

CVE-2026-29786 — node-tar hardlink path-traversal Affected: node-tar (Node.js tar handling) prior to version 7.5.10. Summary: tar can be tricked into creating a hardlink outside the extraction directory by using a drive-relative link target (e.g., C:../target.txt), enabling file overwrite outside...

8.6CVSS5.7AI score0.00408EPSS
Exploits2References5Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.10 views

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression developed by isaacs. Versions of node-tar prior to 7.5.10 had a post-installation link vulnerability. This vulnerability stemmed from the possibility of creating hard links pointing outside the extraction directory, which could lea...

8.2CVSS6.5AI score0.00408EPSS
Exploits2References2
Rows per page
Query Builder