CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

Zed < 0.225.9 Symlink Escape (CVE-2026-27967)

The version of Zed installed on the remote host is prior to 0.225.9. It is, therefore, affected by a symlink escape vulnerability: - A symlink escape vulnerability exists in the Zed Agent file tools readfile, editfile that allows reading and writing files outside the project directory when a...

CVE-2025-9065

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

CVE-2025-9065 Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...