Lucene search
K

101 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-41140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path...

8.7CVSS5.8AI score0.00294EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/25 12:4 p.m.6 views

CVE-2026-41140

A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote attacker to perform a path traversal attack. By crafting a malicious software package, the extractall function in Poetry can be tricked into writing files to unintended locations on the system. This...

8.7CVSS5.1AI score0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 5:10 p.m.10 views

EUVD-2026-25578

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

2.3CVSS5.3AI score0.00294EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 2:35 p.m.7 views

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal via the extractall function in src/poetry/utils/helpers.py that extracts sdist tarballs without path traversal protection on Python versions where...

8.7CVSS6.4AI score0.00294EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.9 views

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

7.8CVSS5.9AI score0.00575EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/18 11:37 a.m.351 views

Exploit for Path Traversal in Python

CVE-2007-4559 — TarSlip: The 15-Year Directory Traversal...

9.8CVSS6.3AI score0.27095EPSS
Exploits3
OSV
OSV
added 2026/04/18 1:36 a.m.1 views

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS6.2AI score0.00575EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:36 a.m.6 views

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS5.9AI score0.00575EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/18 1:36 a.m.25 views

CVE-2026-40491

CVE-2026-40491 affects the gdown library (Python) prior to 5.2.2. A path traversal flaw in the extractall function fails to sanitize archive member filenames, allowing files to be written outside the destination directory and potentially enabling arbitrary file overwrite and Remote Code Execution...

7.8CVSS5.9AI score0.00575EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/18 1:36 a.m.7 views

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

7.8CVSS5.8AI score0.00575EPSS
Exploits1
EUVD
EUVD
added 2026/04/18 1:36 a.m.4 views

EUVD-2026-23642

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS5.9AI score0.00575EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/18 1:36 a.m.34 views

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS0.00575EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/18 1:36 a.m.7 views

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS5.9AI score0.00575EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.10 views

gdown 安全漏洞

gdown is a Google Drive file download tool developed by Kentaro Wada. Versions of gdown prior to 5.2.2 contained security vulnerabilities; these vulnerabilities stemmed from the extractall function’s path traversal vulnerability, which could lead to arbitrary file overwriting and remote code...

7.8CVSS6.3AI score0.00575EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. Wh...

7.8CVSS6AI score0.00575EPSS
Exploits1References3
OSV
OSV
added 2026/04/14 1:11 a.m.2 views

GHSA-76HW-P97H-883F gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

Summary The gdown library tested on v5.2.1 is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside...

6.5CVSS6AI score0.00575EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/14 1:11 a.m.5 views

gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

Summary The gdown library tested on v5.2.1 is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside...

7.8CVSS6AI score0.00575EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/08 12:4 a.m.3 views

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal in the safeextractall function. An attacker can write files outside the intended extraction directory by crafting a malicious tar archiv...

6.5CVSS6.3AI score0.00255EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.18 views

pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass

Summary The safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended...

9.8CVSS6.9AI score0.27095EPSS
Exploits4References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:48 p.m.2 views

CVE-2026-39306

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...

7.3CVSS6.1AI score0.00291EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder