Lucene search
K

65 matches found

OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-MIN-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:10 a.m.4 views

BIT-LIBPYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/23 4:4 p.m.5 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
CVE
CVE
added 2026/06/23 4:4 p.m.40 views

CVE-2026-11940

CVE-2026-11940 concerns tarfile.extractall() in Python’s tarfile handling where a crafted archive can bypass the filter for data/tar and cause a symlink outside the destination directory to be created by abusing a hardlink referencing a deeper symlink. The extraction fallback validates the symlin...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/23 4:4 p.m.44 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00613EPSS
Exploits0References8
NVD
NVD
added 2026/06/10 10:16 p.m.13 views

CVE-2026-45380

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:0 p.m.19 views

CVE-2026-45380

The CVE-2026-45380 issue affects bit7z (a cross-platform C++ static library for archive handling). A one-byte off-by-one bug in SafeOutPathBuilder::restoreSymlink() (prior to 4.0.12) enables crafting a .7z archive that, when extracted on non-Windows, creates a symlink escaping the extraction dire...

3.6CVSS5.5AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:0 p.m.11 views

EUVD-2026-36116

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS5.5AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48534

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS5.5AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45696

These are all security issues fixed in the sshfs-3.7.6-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.00031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45697

These are all security issues fixed in the sshfs-3.7.6-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.00021EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:18 p.m.11 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

5.8AI score0.00193EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 8:15 a.m.8 views

CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.14 views

RHEL 10 : grafana (RHSA-2026:19134)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19134 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana:...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References8
RustSec
RustSec
added 2026/05/16 12:0 p.m.15 views

OCI layer symlink escape → arbitrary host write

Affected versions of boxlite extract OCI image layer tarballs without fully containing path resolution to the extraction root. A crafted layer containing a symlink whose target is an absolute on-host path e.g. escape - /tmp followed by a file entry that resolves through that symlink e.g...

9.6CVSS5.8AI score0.00482EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/16 12:0 p.m.8 views

RUSTSEC-2026-0148 OCI layer symlink escape → arbitrary host write

Affected versions of boxlite extract OCI image layer tarballs without fully containing path resolution to the extraction root. A crafted layer containing a symlink whose target is an absolute on-host path e.g. escape - /tmp followed by a file entry that resolves through that symlink e.g...

10CVSS5.8AI score0.00482EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 12:1 p.m.10 views

RLSA-2026:11711 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.8CVSS7.3AI score0.00621EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 12:0 p.m.10 views

RLSA-2026:11507 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.8CVSS7.4AI score0.00621EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 8:57 p.m.12 views

OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root

Summary OpenShell FS bridge writes stay pinned to the sandbox mount root Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap...

9.6CVSS5.8AI score0.02442EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder