Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43267

e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...

8.1CVSS5.8AI score0.00297EPSS
Exploits0References5
NVD
NVD
added 2026/04/24 6:16 p.m.5 views

CVE-2026-41140

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

8.7CVSS0.00294EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:10 p.m.3 views

CVE-2026-41140

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

2.3CVSS5.4AI score0.00294EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/24 5:10 p.m.38 views

CVE-2026-41140

CVE-2026-41140 affects Poetry (Python dependency manager). The vulnerability is in extractall(), src/poetry/utils/helpers.py:410-426, which allowed tarball extraction without path traversal protection on Python versions where tarfile.data_filter is unavailable. Affected supported Poetry/Python ra...

8.7CVSS5.3AI score0.00294EPSS
Exploits0References5
OSV
OSV
added 2026/04/24 5:10 p.m.2 views

CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

2.3CVSS6.2AI score0.00294EPSS
Exploits0References7
Rows per page
Query Builder