CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 4 days ago•6 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS

Exploits0References5

RedHat Linux•added 4 days ago•5 views

dotnet: .NET: Local file tampering via link following vulnerability

6.2CVSS5.8AI score0.00388EPSS

Exploits0References5

RedHat Linux•added 4 days ago•5 views

dotnet: .NET: Local file tampering via link following vulnerability

6.2CVSS5.8AI score0.00388EPSS

Exploits0References5

OSV•added 2026/06/19 9:15 p.m.•4 views

GHSA-F9M7-VC86-P6JJ go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination)

Impact The go.qbee.io/transport library is affected by a symlink-chain path traversal vulnerability in its extractTar routine. The library's path validation is strictly lexical and fails to account for on-disk symlinks created earlier in the extraction process. Consequently, a crafted tar archive...

6CVSS5.8AI score

AstraLinux•added 2026/06/19 11:10 a.m.•8 views

Astra Linux – Vulnerability in node-tar

The npm package “tar” also known as node-tar in versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent the extraction of absolute file paths by converting absolute paths into relative...

8.2CVSS7AI score0.15014EPSS

Exploits1References2

Positive Technologies•added 2026/06/19 12:0 a.m.•12 views

PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

9.6CVSS6.7AI score0.00324EPSS

Exploits1References8

RedhatCVE•added 2026/06/05 7:29 p.m.•7 views

CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS5.5AI score0.0061EPSS

RedhatCVE•added 2026/06/05 7:12 p.m.•9 views

CVE-2026-44340

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS5.5AI score0.00433EPSS

Exploits1References1

NVD•added 2026/06/04 4:17 a.m.•13 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS0.00122EPSS

Vulnrichment•added 2026/06/04 2:27 a.m.•7 views

CVE-2026-41010

ATTACKERKB•added 2026/06/04 2:27 a.m.•5 views

CVE-2026-41010

Cvelist•added 2026/06/04 2:27 a.m.•42 views

CVE-2026-41010

8.7CVSS0.00122EPSS

CVE•added 2026/06/04 2:27 a.m.•18 views

CVE-2026-41010

The CVE describes a shell command-injection in BOSH Director during ReleaseJob#unpack: the code constructs a shell command using a name value taken verbatim from attacker-supplied release.MF and interpolates it into tar -C … -xf …, then executes via /bin/sh -c. Although the directory is created w...

Cvelist•added 2026/06/04 2:26 a.m.•37 views

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

8.7CVSS0.00116EPSS

ATTACKERKB•added 2026/06/04 2:26 a.m.•5 views

CVE-2026-41011

8.7CVSS5.8AI score0.00116EPSS

CVE•added 2026/06/04 2:26 a.m.•23 views

CVE-2026-41011

The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...

8.7CVSS5.8AI score0.00116EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46136

ReleaseJobunpack builds job dir = File.join@release dir, 'jobs', name and job tgz = File.join@release dir, 'jobs', "name.tgz" where name returns @job meta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then...