Lucene search
+L

79 matches found

OSV
OSV
added 2025/12/17 10:9 p.m.7 views

CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

6.5CVSS6.8AI score0.07957EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.9 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0085

Malware in sbrugna...

9.1CVSS9AI score0.01667EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-1205

Malware in sbrugna...

5CVSS6.1AI score0.01473EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6111

Malware in sbrugna...

6.5CVSS6.4AI score0.00949EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/18 9:0 p.m.6 views

Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

8.5CVSS7.2AI score0.0024EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/18 4:21 p.m.3 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS7.2AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2025/08/06 9:15 p.m.7 views

CVE-2025-51056

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...

8.2CVSS0.00517EPSS
Exploits2References1
CVE
CVE
added 2025/08/06 12:0 a.m.21 views

CVE-2025-51056

CVE-2025-51056 describes an Unrestricted File Upload in Bottinelli Informatical Vedo Suite 2024.17, exploitable via the insecure uploadPreviews() function at /api_vedo/colorways_preview. The vulnerability allows remote authenticated attackers to write to arbitrary filesystem paths and can lead to...

8.2CVSS7.3AI score0.00517EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2025/07/10 9:2 a.m.15 views

BIT-PYTHON-MIN-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS9.7AI score0.01227EPSS
Exploits11References13
OSV
OSV
added 2025/06/24 7:26 a.m.7 views

SUSE-SU-2025:02074-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: - CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4516: use-after-free in the unicode-escape decoder when...

9.4CVSS8.7AI score0.0188EPSS
Exploits14References21
Ubuntu
Ubuntu
added 2025/06/19 12:22 p.m.11 views

USN-7583-1: Python vulnerabilities

It was discovered that Python incorrectly handled tar archive extraction with the filtering option. An attacker could possibly use this issue to modify files in arbitrary filesystem locations and cause data loss...

9.4CVSS7AI score0.01227EPSS
Exploits14
RedhatCVE
RedhatCVE
added 2025/06/03 2:54 p.m.14 views

CVE-2025-4517

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01227EPSS
Exploits11References9
NVD
NVD
added 2025/06/03 1:15 p.m.16 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS0.01227EPSS
Exploits11References12
OSV
OSV
added 2025/06/03 1:15 p.m.11 views

ALPINE-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS8AI score0.01227EPSS
Exploits11References1
CVE
CVE
added 2025/06/03 12:58 p.m.1217 views

CVE-2025-4517

CVE-2025-4517 concerns the tarfile module: when extracting untrusted tar archives using TarFile.extractall() or TarFile.extract() with filter set to "data" (or "tar"), it allows arbitrary filesystem writes outside the extraction directory. The description and connected advisories confirm this is ...

9.4CVSS9.7AI score0.01227EPSS
Exploits11References12
OSV
OSV
added 2025/06/03 12:58 p.m.8 views

CVE-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.3AI score0.01227EPSS
Exploits11References15
AlpineLinux
AlpineLinux
added 2025/06/03 12:58 p.m.19 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.7AI score0.01227EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 a.m.5 views

CVE-2018-1002150

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...

9.1CVSS6.9AI score0.01667EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-16874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Go before 1.10.6 and 1.11.x before 1.11.3, the go get command is vulnerable to directory traversal when executed with the import path of a malicious Go packa...

8.1CVSS7.2AI score0.05039EPSS
Exploits0References3
Rows per page
Query Builder