Lucene search
K

96 matches found

Cvelist
Cvelist
added 2026/06/22 2:55 p.m.34 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
OSV
OSV
added 2026/06/15 5:19 p.m.9 views

GHSA-VMF3-W455-68VH node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.5AI score0.00107EPSS
Exploits1References2
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:13 p.m.9 views

EUVD-2025-209857

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:13 p.m.6 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/26 8:33 p.m.7 views

GO-2026-4822 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab

PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab...

4.3CVSS5.8AI score0.00273EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/10 12:24 a.m.14 views

@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...

10CVSS5.8AI score0.00552EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/09 9:12 p.m.4 views

CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...

9CVSS5.6AI score0.00552EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/09 9:12 p.m.3 views

CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...

9CVSS5.5AI score0.00552EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/22 6:6 p.m.2 views

Use of Cache Containing Sensitive Information

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to aggressive cache headers being set by default when processing uploads with ImageSharp, which can cause intermediary caches or...

3.1CVSS5.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : rpm-4.16.1.3-27.el9_3 (AXSA:2024-7473:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7473:01 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...

6.7CVSS7AI score0.00491EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8951

Malware in sbrugna...

9.8CVSS7.5AI score0.03955EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2025/05/13 2:12 p.m.6 views

kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 byte...

7.8CVSS6.9AI score0.00203EPSS
Exploits0References5
OSV
OSV
added 2024/12/23 8:56 a.m.2 views

MAL-2024-12101 Malicious code in ing-feat-business-intermediary-lease-calculator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ae63e9378c4493de34d242aa3a415d841799fe6e51f503848c1408c8dfe5e44 The OpenSSF Package Analysis project identified 'ing-feat-business-intermediary-lease-calculator' @ 1.1.0 npm as malicious. It is considered...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.27 views

MikroTik RouterOS Confused Deputy (CVE-2019-3924)

MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...

7.5CVSS7.4AI score0.15697EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2024/02/01 12:39 p.m.3 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/30 1:30 p.m.5 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/25 11:15 a.m.3 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/25 11:1 a.m.5 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/25 9:1 a.m.4 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
Rows per page
Query Builder