Lucene search
K

5520 matches found

OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-31802 CVE-2026-31802 in @rootio/tar - Patched by Root

Root has patched CVE-2026-31802 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

5.5CVSS5.8AI score0.00253EPSS
Exploits4
OSV
OSV
added yesterday11 views

ROOT-APP-NPM-CVE-2026-26960 CVE-2026-26960 in @rootio/tar - Patched by Root

Root has patched CVE-2026-26960 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

7.1CVSS5.5AI score0.00288EPSS
Exploits1
OSV
OSV
added yesterday6 views

ROOT-APP-NPM-CVE-2024-28863 CVE-2024-28863 in @rootio/tar - Patched by Root

Root has patched CVE-2024-28863 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

6.5CVSS7.1AI score0.00929EPSS
Exploits1
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2026-23745 CVE-2026-23745 in @rootio/tar - Patched by Root

Root has patched CVE-2026-23745 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.00334EPSS
Exploits2
OSV
OSV
added yesterday6 views

ROOT-APP-NPM-CVE-2026-29786 CVE-2026-29786 in @rootio/tar - Patched by Root

Root has patched CVE-2026-29786 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

6.3CVSS5.8AI score0.00408EPSS
Exploits2
OSV
OSV
added yesterday4 views

ROOT-APP-NPM-CVE-2025-64118 CVE-2025-64118 in @rootio/tar - Patched by Root

Root has patched CVE-2025-64118 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

4.7CVSS5.4AI score0.00128EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2026-24842 CVE-2026-24842 in @rootio/tar - Patched by Root

Root has patched CVE-2026-24842 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

8.2CVSS5.4AI score0.00541EPSS
Exploits1
OSV
OSV
added yesterday7 views

ROOT-APP-NPM-CVE-2026-23950 CVE-2026-23950 in @rootio/tar - Patched by Root

Root has patched CVE-2026-23950 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

8.8CVSS5.4AI score0.00233EPSS
Exploits1
NVD
NVD
added yesterday7 views

CVE-2026-12482

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-12482

CVE-2026-12482 affects keras-team/keras v3.12.0. A path-traversal issue arises in tar extraction: symlink entries bypass the is_path_in_dir validation used for regular files in keras/src/utils/file_utils.py due to imperfect filter_safe_tarinfos. This allows crafting a malicious tar to place or re...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-12482 Path Traversal via Symlink Name Validation Bypass in keras-team/keras

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-12482

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-43620

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-43554

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-62239 FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS0.00129EPSS
Exploits0References4
OSV
OSV
added 5 days ago2 views

CVE-2026-55852 Frappe: TarSlip RCE in Package Import

Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. This issue is fixed in versions 16.23.0 and 15.112.0...

8.6CVSS6.1AI score0.00457EPSS
Exploits0References11
NVD
NVD
added 5 days ago7 views

CVE-2026-15028

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS0.00203EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS0.00203EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 days ago7 views

CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS6.2AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42865

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS6.2AI score0.00203EPSS
Exploits0References4
Rows per page
Query Builder