Lucene search
K

453 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/11 8:27 p.m.5 views

CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS6.2AI score0.00682EPSS
Exploits2References5
CVE
CVE
added 2026/02/11 8:27 p.m.31 views

CVE-2026-26157

BusyBox contains an incomplete path sanitization vulnerability in its archive extraction utilities that can, under certain conditions, cause arbitrary file overwrites outside the target directory and may enable code execution through modification of sensitive system files. The description does no...

7CVSS6.2AI score0.00682EPSS
Exploits2References6
Debian CVE
Debian CVE
added 2026/02/11 8:27 p.m.7 views

CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS7.8AI score0.00682EPSS
Exploits2
SUSE Linux
SUSE Linux
added 2026/02/11 8:30 a.m.2 views

Security update for python313-wheel

This update for python313-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

7.7CVSS5.7AI score0.00311EPSS
Exploits2References4
OSV
OSV
added 2026/02/11 8:30 a.m.6 views

SUSE-SU-2026:0425-1 Security update for python313-wheel

This update for python313-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...

7.1CVSS5.9AI score0.00311EPSS
Exploits2References3
SUSE Linux
SUSE Linux
added 2026/02/11 8:30 a.m.1 views

Security update for python-wheel

This update for python-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

7.7CVSS5.7AI score0.00311EPSS
Exploits2References4
OSV
OSV
added 2026/02/11 8:30 a.m.2 views

SUSE-SU-2026:0424-1 Security update for python-wheel

This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...

7.1CVSS5.9AI score0.00311EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-7665

Name of the Vulnerable Software and Affected Versions BusyBox affected versions not specified Description A flaw exists in BusyBox’s archive extraction utilities due to incomplete path sanitization. An attacker can create malicious archives that, when extracted under specific conditions, may allo...

7.2CVSS6.4AI score0.02793EPSS
Exploits6References36
OpenVAS
OpenVAS
added 2026/02/09 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2026:20217-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.3AI score0.00311EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.2 views

openSUSE 16 Security Update : python-wheel (openSUSE-SU-2026:20147-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20147-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable has extracted the preceding...

7.1CVSS7.5AI score0.00311EPSS
Exploits2References3
OSV
OSV
added 2026/02/02 9:49 a.m.3 views

OPENSUSE-SU-2026:20147-1 Security update for python-wheel

This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...

7.1CVSS5.9AI score0.00311EPSS
Exploits2References2
OSV
OSV
added 2026/02/02 9:48 a.m.2 views

SUSE-SU-2026:20217-1 Security update for python-wheel

This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...

7.1CVSS5.9AI score0.00311EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.6 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 12:31 a.m.3 views

GHSA-GF2C-JWCJ-X929 vlt Mishandles Path Sanitization for tar

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References7
OSV
OSV
added 2026/01/27 11:15 p.m.5 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 10:14 p.m.5 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : nodejs:14 (AXSA:2021-2448:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2448:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits5References9
Vulnrichment
Vulnrichment
added 2026/01/16 10:0 p.m.1 views

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS5.5AI score0.00334EPSS
Exploits2References2
EUVD
EUVD
added 2026/01/16 10:0 p.m.7 views

EUVD-2026-2909

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS6.4AI score0.00334EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/01/16 9:16 p.m.25 views

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...

8.2CVSS7.6AI score0.00334EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder