Lucene search
K

91 matches found

Snyk
Snyk
added 2026/03/19 12:30 a.m.12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the extraction process of tar archives due to improper validation of archive entry paths. An attacker can overwrite arbitrary files on the filesystem by supplying a crafted tar.gz file containing directory travers...

9.1CVSS7.7AI score0.00852EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.7 views

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

8.3CVSS6.6AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2025/11/24 4:15 p.m.13 views

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

8.3CVSS0.00218EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 3:11 p.m.15 views

CVE-2025-44018

CVE-2025-44018 affects the GL.iNet GL-AXT1800 OTA Update mechanism (firmware 4.7.0). A specially crafted .tar enables a firmware downgrade, which a motivated attacker could trigger via a man‑in‑the‑middle scenario. Cisco Talos documents the vulnerable version (GL-AXT1800 4.7.0) and assigns CVSS v...

8.3CVSS6.5AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 3:11 p.m.5 views

EUVD-2025-198804

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

8.3CVSS6.4AI score0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-10677

Malware in sbrugna...

5.5CVSS5.3AI score0.0133EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2015-8780

Malware in sbrugna...

5.5CVSS6.8AI score0.05379EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2015-8788

Malware in sbrugna...

5.5CVSS6.5AI score0.02214EPSS
Exploits1References21
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2015-8789

Malware in sbrugna...

5.5CVSS6.5AI score0.02028EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-20321

Malware in sbrugna...

8.1CVSS7.4AI score0.01127EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-20320

Malware in sbrugna...

9.1CVSS8.3AI score0.01331EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54315

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.02186EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0022

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00221EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:0 p.m.5 views

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

...

6.5CVSS7AI score0.00221EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.7 views

CVE-2020-5738

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/uploadvpntar interface...

9CVSS7.1AI score0.05424EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/27 6:31 p.m.12 views

tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File

An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...

7.5CVSS7.2AI score0.02186EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/08 6:30 p.m.8 views

keras Path Traversal vulnerability

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS6.9AI score0.00221EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/01/08 6:30 p.m.1 views

GHSA-CJGQ-5QMW-RCJ6 keras Path Traversal vulnerability

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.9CVSS7.2AI score0.00221EPSS
Exploits0References6
OSV
OSV
added 2025/01/08 5:15 p.m.4 views

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS7.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/08 12:0 a.m.6 views

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

5.4AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder