665 matches found
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
EUVD-2026-4133
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive...
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
CVE-2026-24049 affects the Python wheel tool. In versions 0.40.0–0.46.1, the unpack function mishandles file permissions after extraction by naively using the archive header filename for chmod, potentially allowing a malicious wheel to modify permissions on sensitive files (e.g., /etc/passwd, SSH...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
PT-2026-3917
Name of the Vulnerable Software and Affected Versions wheel versions 0.40.0 through 0.46.1 Description The 'wheel' package, a tool for manipulating Python wheel files, contains a flaw in the unpack function. This flaw allows for file permission modification through mishandling of file permissions...
Wheel security vulnerabilities
“wheel” is a command-line tool open-sourced by Python Packaging Authority. Versions of “wheel” prior to 0.46.1 contain security vulnerabilities. These vulnerabilities stem from the error handling of file permissions by the decompression function after extracting files, which may lead to privilege...
Linux Distros Unpatched Vulnerability : CVE-2026-24049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to...
wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file...
MiracleLinux 9 : python-wheel-0.36.2-8.el9 (AXSA:2023-6974:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6974:01 advisory. python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli CVE-2022-40898 Tenable has extracted the preceding...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
CVE-2026-0808: The Spin Wheel WordPress plugin (versions up to 2.1.0) allows unauthenticated, client-side prize manipulation bySending a modified prize_index parameter; server-side validation/randomization is missing. Wordfence notes the issue and indicates patches have been applied; ensure upgra...
EUVD-2026-3143
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...