BIT-PYTHON-MIN-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

GHSA-X2XQ-QHJF-5MVG DDEV has ZipSlip path traversal in tar and zip archive extraction

Summary The DDEV local dev tool has unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. This flaw allows users to download and extract archives from remote sources without path validation. Vulnerable Code pkg/archive/archive.go:235 Untar: go fullPath :=...

CLSA-2025-1766232351 libarchive: Fix of 3 CVEs

CVE-2025-5916: fix signed integer overflow in WARC format reader - CVE-2025-5917: fix buffer overflow in buildustarentry for PAX format - CVE-2025-5918: prevent skipping past EOF in archive file reading...

PT-2026-5047

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.7 Description The node-tar software has an issue where the security check for hardlink entries uses different path resolution logic than the actual hardlink creation process. This discrepancy allows a malicious T...

RHEL 9 : tar (RHSA-2026:0067)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0067 advisory. The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: Tar path traversal CVE-2025-45582 F...

EUVD-2019-5982

Malware in sbrugna...

EUVD-2015-8782

Malware in sbrugna...

EUVD-2017-5319

Malware in sbrugna...

EUVD-2021-1013

Malware in sbrugna...

EUVD-2025-7441

Malicious code in bioql PyPI...

CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

CVE-2024-53142

CVE-2024-53142: Linux kernel initramfs fix for filename buffer overrun. Root cause: during initramfs cpio extraction, the do_name() path passed a non-zero-terminated filename to kernel file operations, allowing trailing bytes from uninitialized memory to be incorporated into a created path. Impac...

SUSE: Security Advisory (SUSE-SU-2017:2546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites

A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found here not sure why format of the slides is screwed :D:...

CVE-2017-14121

The DecodeNumber function in unrarlib.c in unrar 0.0.1 aka unrar-free or unrar-gpl suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references...

Symantec Norton Antivirus bufffer overflow

Buffer overflow on oversized filename inside archive...