Directory Traversal

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archive containing a...

Exploit for CVE-2025-4138

CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...

PT-2026-6872

Name of the Vulnerable Software and Affected Versions tracker-extract version 3.7.1-1ubuntu0.1 tracker-miner-fs version 3.7.1-1ubuntu0.1 Description The software can crash when processing specific malformed MP3 files. This could lead to a denial of service or potentially allow for arbitrary code...

CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

Bypassing AI Control Protocols Via Agent-As-A-Proxy Attacks

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection IPI attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought CoT and tool-use actions to ensure alignment with user intent. We demonstrate that these...

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

PT-2026-5854

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

GNOME localsearch 安全漏洞

GNOME localsearch is a file search engine developed under the GNOME open-source framework. GNOME localsearch has a security vulnerability, which stems from a buffer overflow issue during the processing of specially crafted MP3 files by the tracker-extract-mp3 module. This vulnerability could lead...

mtkclient

🚀 mtkclient - Easily Flash and Repair Mediatek Devices !Dow...

Directory Traversal

Overview apple/container is an A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon. Affected versions of this package are vulnerable to Directory Traversal via the extractContents function. An attack...

Medium: libtiff

Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. CVE-2022-3598...

MiracleLinux 9 : tcpdump-4.99.0-9.el9 (AXSA:2024-8003:03)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8003:03 advisory. tcpslice: use-after-free in extractslice CVE-2021-41043 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 7 : icoutils-0.31.3-1.el7 (AXSA:2017-1531:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1531:01 advisory. The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the...

GHSA-XG9W-VG3G-6M68 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

Summary A path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. CWE: CWE-22 Improper...

Directory Traversal

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

EUVD-2026-2012

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...