96 matches found
CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...
GHSA-VMF3-W455-68VH node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...
CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...
EUVD-2025-209857
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...
CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...
GO-2026-4822 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab...
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...
Use of Cache Containing Sensitive Information
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to aggressive cache headers being set by default when processing uploads with ImageSharp, which can cause intermediary caches or...
MiracleLinux 9 : rpm-4.16.1.3-27.el9_3 (AXSA:2024-7473:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7473:01 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...
EUVD-2019-8951
Malware in sbrugna...
kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 byte...
MAL-2024-12101 Malicious code in ing-feat-business-intermediary-lease-calculator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ae63e9378c4493de34d242aa3a415d841799fe6e51f503848c1408c8dfe5e44 The OpenSSF Package Analysis project identified 'ing-feat-business-intermediary-lease-calculator' @ 1.1.0 npm as malicious. It is considered...
MikroTik RouterOS Confused Deputy (CVE-2019-3924)
MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...