Lucene search
K

316 matches found

RedHat Linux
RedHat Linux
added 5 days ago2 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.5AI score0.00805EPSS
Exploits2References10
OSV
OSV
added 2026/06/26 1:14 a.m.2 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.7AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 12:28 p.m.76 views

CVE-2026-1933

Samba CVE-2026-1933 involves missing SMB-layer access checks for NTFS-style reparse points on read-only = yes shares. Authenticated users with underlying filesystem write permissions can create or delete reparse point metadata via SMB, potentially altering SMB-visible file behavior (e.g., convert...

7.1CVSS5.7AI score0.00862EPSS
Exploits0References14Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.8 views

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4138)

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...

7.5CVSS7.2AI score0.01149EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.8 views

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4330)

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...

7.5CVSS7.2AI score0.00805EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.15 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS5.7AI score0.00805EPSS
Exploits2References10
NVD
NVD
added 2025/11/15 7:15 a.m.10 views

CVE-2025-12849

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

5.3CVSS0.0031EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in sagitta-antares-winston-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ddd0b309f243a59e5c481a498f75eb1c403e12809499a7c5b5fee2a091da4f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in load-abstract-final-static-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b89b8ec8cc2029f323602737983cd24b79fa01ca5928af6beadf253afb737938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-187496 Malicious code in install-enif-blitz-supervisor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36141e3666f8c066649d564f1f74956d7c95b2120dc6f9c0abec69c4a3bfb1b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.7 views

MAL-2025-189016 Malicious code in quark-charon-hercules-lepton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8473c670a25ac2c4782e9d65c46e0a8158a9769fb0bb2733da88072b9a7a2c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-185879 Malicious code in boolean-reject-balance-sun-slow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 436d2a7d547003a68729e3922ccf2d7012044960c4bae007727f0bb68cb43ce9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.6 views

Malicious code in itale-dci-rrusysyt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f42093684a00b5d297d4b3b23901d99c50a178355920d27359621806336f66b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.4 views

Malicious code in sonic-kots-jab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 975ceccb1ae753ee364dfbc705ca4d08f8da7d611142720a0f0c650b25596c6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.6 views

Malicious code in imuay-agig-iyucauaugafg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec5110549c90735003ccf89029f171fe9c000e134c5167da507d77e55aa285b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 10:25 p.m.5 views

MAL-2025-183296 Malicious code in kiudt-acavog-fafiufug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8c0ebd2c1e6d9fcf3738cff65387dab6ad9671f71575a8d13a06f8491e6d571 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.5 views

Malicious code in flights-lutuiog-aloinalia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f1205e59dc44f36ddb82dc35382403d48ceb7c77ba6ed18626576e0ca12a8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 10:25 p.m.5 views

MAL-2025-184740 Malicious code in oloc-yg-uti (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad297d01c85dcf88cf00d8a2120c0e31a17046e1d1c36088b184406c11ae8d8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 10:25 p.m.5 views

MAL-2025-182768 Malicious code in indea-fodio-agajonaifau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b05c3bf67a6c1b261f4747c2c02086b6f03a9548bedb924846a9a1bd034b8957 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 10:25 p.m.6 views

MAL-2025-183566 Malicious code in lomi-fuis-fas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3154af47d48c9c2f5035c03e1b635eec4392ff595555bb653782ba557756df21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder