5520 matches found
ROOT-APP-NPM-CVE-2026-31802 CVE-2026-31802 in @rootio/tar - Patched by Root
Root has patched CVE-2026-31802 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-26960 CVE-2026-26960 in @rootio/tar - Patched by Root
Root has patched CVE-2026-26960 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-28863 CVE-2024-28863 in @rootio/tar - Patched by Root
Root has patched CVE-2024-28863 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-23745 CVE-2026-23745 in @rootio/tar - Patched by Root
Root has patched CVE-2026-23745 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-29786 CVE-2026-29786 in @rootio/tar - Patched by Root
Root has patched CVE-2026-29786 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-64118 CVE-2025-64118 in @rootio/tar - Patched by Root
Root has patched CVE-2025-64118 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-24842 CVE-2026-24842 in @rootio/tar - Patched by Root
Root has patched CVE-2026-24842 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-23950 CVE-2026-23950 in @rootio/tar - Patched by Root
Root has patched CVE-2026-23950 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
CVE-2026-12482
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...
CVE-2026-12482
CVE-2026-12482 affects keras-team/keras v3.12.0. A path-traversal issue arises in tar extraction: symlink entries bypass the is_path_in_dir validation used for regular files in keras/src/utils/file_utils.py due to imperfect filter_safe_tarinfos. This allows crafting a malicious tar to place or re...
CVE-2026-12482 Path Traversal via Symlink Name Validation Bypass in keras-team/keras
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...
CVE-2026-12482
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...
EUVD-2026-43620
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...
EUVD-2026-43554
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
CVE-2026-62239 FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
CVE-2026-55852 Frappe: TarSlip RCE in Package Import
Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. This issue is fixed in versions 16.23.0 and 15.112.0...
CVE-2026-15028
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
EUVD-2026-42865
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...