57 matches found
CVE-2026-20706
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...
CVE-2026-20706 Gitea repository archive downloads bypass token scope checks
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...
GO-2026-5334 Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea
Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea...
PT-2026-46722
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in MHTML MIME HTML, a web page archive format allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specifi...
Linux Distros Unpatched Vulnerability : CVE-2026-9903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer...
EulerOS Virtualization 2.13.0 : libarchive (EulerOS-SA-2025-2583)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdta...
JLSEC-2025-248 A vulnerability has been identified in the libarchive library
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...
EUVD-2002-1372
Malware in sbrugna...
EUVD-2025-17575
Malicious code in bioql PyPI...
EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2025-2145)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially...
CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic
wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...
Linux Distros Unpatched Vulnerability : CVE-2025-41242
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework MVC applications can be vulnerable to a Path Traversal Vulnerability when deployed on a non-compliant Servlet container. An application can be...
CVE-2025-41242
CVE-2025-41242 is a path traversal vulnerability in Spring Framework MVC when deployed on a non‑compliant Servlet container. An app is at risk if it is WAR‑deployed or uses an embedded container, the container does not reject suspicious URI sequences, and the app serves static resources via Sprin...
EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2025-1958)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involve...
Linux Distros Unpatched Vulnerability : CVE-2025-5916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC...
OESA-2025-1658 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
OESA-2025-1657 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
SUSE CVE-2025-5916
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...