CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

958 matches found

Python 3.10.x / 3.11.x / 3.12.x / 3.13.x < 3.13.14 / 3.14.x < 3.14.6 Path Traversal

The version of Python installed on the remote Windows host is affected by a path traversal vulnerability. tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction...

6.9CVSS5.3AI score0.00606EPSS

Exploits0References4

OSV•added 2026/06/08 8:13 a.m.•5 views

BIT-PYTHON-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.4AI score0.00606EPSS

Exploits0References10

OSV•added 2026/06/08 8:13 a.m.•5 views

BIT-PYTHON-MIN-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

6.9CVSS5.4AI score0.00606EPSS

Exploits0References10

OSV•added 2026/06/08 8:9 a.m.•5 views

BIT-LIBPYTHON-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

6.9CVSS5.5AI score0.00606EPSS

Exploits0References10

Tenable Nessus•added 2026/06/08 12:0 a.m.•5 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1774)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1774 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result ...

7.5CVSS5.5AI score0.0079EPSS

Exploits1References12

Amazon•added 2026/06/08 12:0 a.m.•6 views

Medium: python3.14

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

9.8CVSS5.4AI score0.0079EPSS

Exploits1

Microsoft CVE•added 2026/06/07 8:3 a.m.•3 views

tarfile.data_filter path traversal bypass allows writing outside the extraction directory

...

6.9CVSS5.3AI score0.00606EPSS

Exploits0

Snyk•added 2026/06/04 4:20 p.m.•7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getfilteredattrs function tarfile.datafilter component that computes a symlink's directory before stripping trailing slashes. An attacker can write files outside the intended extraction directory by crafting...

6.9CVSS6.2AI score0.00606EPSS

Exploits0References2

NVD•added 2026/06/04 4:16 p.m.•7 views

CVE-2026-7774

6.9CVSS0.00606EPSS

Exploits0References9

OSV•added 2026/06/04 4:16 p.m.•9 views

UBUNTU-CVE-2026-7774

6.9CVSS5.3AI score0.00606EPSS

Exploits0References9

ATTACKERKB•added 2026/06/04 2:21 p.m.•4 views

CVE-2026-7774

6.9CVSS5.8AI score0.00606EPSS

Exploits0References4

CVE•added 2026/06/04 2:21 p.m.•23 views

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

6.9CVSS5.8AI score0.00606EPSS

Exploits0References9

Cvelist•added 2026/06/04 2:21 p.m.•41 views

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

6.9CVSS0.00606EPSS

Exploits0References8

EUVD•added 2026/06/04 2:21 p.m.•6 views

EUVD-2026-34282

6.9CVSS5.8AI score0.00606EPSS

Exploits0References3

Vulnrichment•added 2026/06/04 2:21 p.m.•6 views

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

6.9CVSS5.8AI score0.00606EPSS

Exploits0References3

OSV•added 2026/06/04 2:21 p.m.•4 views

PSF-2026-26

6.9CVSS5.8AI score0.00606EPSS

Exploits0References8

Debian CVE•added 2026/06/04 2:21 p.m.•5 views

CVE-2026-7774

6.9CVSS5.8AI score0.00606EPSS

Exploits0

CNNVD•added 2026/06/04 12:0 a.m.•2 views

Python 安全漏洞

Python is an open-source, object-oriented programming language developed by the Python Foundation. This language features extensibility, support for modules and packages, and compatibility with multiple platforms. There are security vulnerabilities in Python, where the tarfile.datafilter can be...

6.9CVSS5.3AI score0.00606EPSS

Exploits0References4

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-46262

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The tarfile.data filter can be bypassed using crafted link entries, such as symlinks with empty or directory-like names. This allows a malicious tar archive to redirect subsequent archive...

6.9CVSS5.6AI score0.00606EPSS

Exploits0References10

Tenable Nessus•added 2026/05/22 12:0 a.m.•9 views

RockyLinux 8 : python3 (RLSA-2025:14560)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:14560 advisory. cpython: Cpython infinite loop when parsing a tarfile CVE-2025-8194 Tenable has extracted the preceding description block directly from the RockyLinux security...

7.5CVSS5.8AI score0.00586EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by