CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

959 matches found

Veracode•added 2025/06/05 11:3 a.m.•6 views

Path Traversal

Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...

9.4CVSS5.9AI score0.01184EPSS

Exploits11References16Affected Software2

SUSE CVE•added 2025/06/05 4:23 a.m.•9 views

SUSE CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.6AI score0.00607EPSS

Exploits1References21

SUSE CVE•added 2025/06/05 3:23 a.m.•5 views

SUSE CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

8.2CVSS7.6AI score0.01109EPSS

Exploits7References22

SUSE CVE•added 2025/06/05 3:23 a.m.•8 views

SUSE CVE-2025-4330

8.2CVSS7.6AI score0.00728EPSS

Exploits2References22

SUSE CVE•added 2025/06/05 3:23 a.m.•7 views

SUSE CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

8.2CVSS6.7AI score0.00474EPSS

Exploits1References18

SUSE CVE•added 2025/06/04 3:2 a.m.•9 views

SUSE CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

8.4CVSS7.7AI score0.01184EPSS

Exploits11References22

RedhatCVE•added 2025/06/03 2:54 p.m.•11 views

CVE-2025-4517

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01184EPSS

Exploits11References9

RedhatCVE•added 2025/06/03 2:51 p.m.•11 views

CVE-2024-12718

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters. Mitigation Mitigatio...

7.6CVSS6.6AI score0.00607EPSS

Exploits1References10

RedhatCVE•added 2025/06/03 2:44 p.m.•8 views

CVE-2025-4435

A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms. Mitigation Mitigation for this issue is either not available or the currently available options do not...

7.5CVSS6.5AI score0.00474EPSS

Exploits1References8