2 matches found
CVE-2026-7774
A flaw was found in the tarfile.datafilter function within the Python tarfile module. A remote attacker could exploit this vulnerability by providing a specially crafted tar archive containing malicious link entries, such as symlinks with empty or directory-like names. This bypass allows the...
CVE-2026-44705
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....