Lucene search
+L

2879 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.13 views

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

9.1CVSS5.6AI score0.00418EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.3AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.15 views

CVE-2026-39306

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...

7.3CVSS5.6AI score0.00291EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 3:47 p.m.12 views

CVE-2026-48092

A flaw was found in 7-Zip, a file archiver. This vulnerability, affecting 32-bit builds, involves a heap memory disclosure caused by an integer overflow in the SquashFS ReadBlock function. An attacker can exploit this by providing a specially crafted archive, which, when processed, allows the...

8.1CVSS5.5AI score0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 1:51 p.m.4 views

SUSE-SU-2026:22085-1 Security update for dpkg

This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...

7.5CVSS5.2AI score0.00418EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 1:51 p.m.11 views

SUSE-SU-2026:22046-1 Security update for dpkg

This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...

7.5CVSS5.4AI score0.00418EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 1:47 p.m.7 views

OPENSUSE-SU-2026:20909-1 Security update for dpkg

This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...

7.5CVSS5.4AI score0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.27 views

PT-2026-47044

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description Two path traversal issues in the Network Installation Service NIS allow an unauthenticated network attacker to read package archive files and write arbitrary files to any...

10CVSS6.4AI score0.00709EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Altium Enterprise Server 安全漏洞

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. There is a security vulnerability in the Altium Enterprise Server Network Installation Service. This vulnerability stems from path traversal, allowing unauthenticated network...

10CVSS5.5AI score0.00709EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.25 views

7-Zip >= 9.18 < 26.01 SquashFS Integer Overflow (GHSL-2026-115_GHSL-2026-122)

The version of 7-Zip installed on the remote Windows host is = 9.18 and prior to 26.01. It is, therefore, potentially affected by a vulnerability: - An integer overflow in the SquashFS fragment offset handling can lead to a crash when processing a crafted SquashFS archive. This vulnerability only...

8.1CVSS5.6AI score0.00324EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 4:20 p.m.11 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getfilteredattrs function tarfile.datafilter component that computes a symlink's directory before stripping trailing slashes. An attacker can write files outside the intended extraction directory by crafting...

6.9CVSS6.2AI score0.00622EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 a.m.14 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:30 a.m.11 views

EUVD-2026-34215

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:30 a.m.8 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-fs vulnerabilities (USN-8367-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8367-1 advisory. It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this iss...

8.7CVSS6AI score0.02186EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...

8.8CVSS5.2AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46153

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/03 3:2 p.m.11 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 2:3 p.m.17 views

EUVD-2026-33932

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

7.5CVSS5.9AI score0.00402EPSS
Exploits0References2
Mageia
Mageia
added 2026/06/02 5:23 a.m.22 views

Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5.5CVSS5.7AI score0.0043EPSS
Exploits1References4
Rows per page
Query Builder