CVE-2025-7050 Use-your-Drive | Google Drive plugin for WordPress <= 3.3.1- Unauthenticated Stored Cross-Site Scripting via File Metadata

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-7050 Use-your-Drive | Google Drive plugin for WordPress <= 3.3.1- Unauthenticated Stored Cross-Site Scripting via File Metadata

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2025-31907 · WordPress · Use-Your-Drive | Google Drive

Name of the Vulnerable Software and Affected Versions: Use-your-Drive | Google Drive plugin for WordPress versions prior to 3.3.2 Description: The Use-your-Drive | Google Drive plugin for WordPress is susceptible to Stored Cross-Site Scripting via the title parameter in file metadata. Insufficien...

Linux Distros Unpatched Vulnerability : CVE-2024-12718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory. You...

CBL Mariner 2.0 Security Update: python3 (CVE-2024-12718)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12718 advisory. - Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with...

CBL Mariner 2.0 Security Update: python3 (CVE-2025-4138)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4138 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

K000152599: Python tarfile vulnerability CVE-2024-12718

Security Advisory Description Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

SUSE SLES12 Security Update : python36 (SUSE-SU-2025:02297-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02297-1 advisory. - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 -...

Bypass extraction filter to modify file metadata outside extraction directory

...

BIT-PYTHON-MIN-2025-4330 Extraction filter bypass for linking outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

BIT-PYTHON-MIN-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

BIT-PYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

TencentOS Server 3: python3.11 (TSSA-2025:0520)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0520 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0107: python3 (ALINUX3-SA-2025:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-12718: Allows modifying some file...

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

AlmaLinux 9 : python3.9 (ALSA-2025:10136)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10136 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...