CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

6.9CVSS5.9AI score0.00117EPSS

Exploits0References1

Vulnrichment•added 2026/03/20 7:6 a.m.•3 views

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

5.1CVSS7.3AI score0.00397EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 6:8 a.m.•4 views

SUSE CVE-2008-2105

emailin.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE...

3.5CVSS7AI score0.00967EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:1 a.m.•3 views

SUSE CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS8.6AI score0.01617EPSS

Exploits0References7

RedHat Linux•added 2022/11/21 11:11 a.m.•3 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS

Exploits0References6

ATTACKERKB•added 2022/08/12 3:15 p.m.•1 views

CVE-2022-37041

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ZCS 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of...

7.5CVSS7.1AI score0.0053EPSS

Exploits0References3

RedHat Linux•added 2016/07/26 5:18 a.m.•0 views

chromium-browser: content-security-policy bypass

6.5CVSS7.4AI score0.01617EPSS

Exploits0References5