5563 matches found
Identity Exposure Management: Risks and Response
Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...
CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
DEBIAN-CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
UBUNTU-CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
FastNetMon 安全漏洞
FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...
CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
GHSA-GGXF-37HM-9WQF instagrapi: Unsafe signup challenge path handling in instagrapi
instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...
instagrapi: Unsafe signup challenge path handling in instagrapi
instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...
PT-2026-42861
Name of the Vulnerable Software and Affected Versions aiograpi versions prior to 0.9.10 Description The software accepts server-supplied signup challenge paths and uses them to construct request URLs without first validating that the paths are relative Instagram API paths. If an attacker influenc...
SUSE CVE-2026-43499
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...
EUVD-2026-31358
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016711)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016711 advisory. Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests ...
Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016609)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016609 advisory. Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest...
9front 安全漏洞
9front is an open-source class Unix distributed operating system based on Plan 9. 9front has a security vulnerability, which stems from respecting the default values provided by the website for HTML file upload forms. This vulnerability could allow attackers to create websites with malicious...
CVE-2026-8240
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
Snappy: Binary path is never shell-escaped due to an inverted is_executable check
Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and...