58774 matches found
EUVD-2025-210067
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...
GHSA-QFWV-87QJ-98XQ
creationtimestamp| type| source ---|---|--- 2026-06-04 16:10:59+00:00| seen| https://gist.github.com/alon710/e01fe3eef2f4071e63ac4580c1c830af...
CVE-2026-10810
creationtimestamp| type| source ---|---|--- 2026-06-04 15:19:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhwd46ag22x...
CVE-2026-10806
creationtimestamp| type| source ---|---|--- 2026-06-04 15:15:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhw3glr5g2b...
CVE-2026-50076
creationtimestamp| type| source ---|---|--- 2026-06-04 15:00:10+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnhvaiggnp2z 2026-06-04 22:00:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnimqlnbzi2f...
CVE-2019-25744
creationtimestamp| type| source ---|---|--- 2026-06-04 14:59:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhv7ynaap26...
CVE-2026-10840
creationtimestamp| type| source ---|---|--- 2026-06-04 14:21:53+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116692281779225455...
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774
The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...
PSF-2026-26
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-10861
An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...
CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url
An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...
CVE-2026-9491
creationtimestamp| type| source ---|---|--- 2026-06-04 13:20:18+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnhpnwevta2j...
CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...
CVE-2026-10856
CVE-2026-10856 concerns an open redirect in the MISP dashboard button widget due to a URL validation flaw. A crafted relative-looking URL could be accepted as a local path while browsers treat it as an external URL, especially when paths begin with /\ and browsers normalize backslashes to slashes...
CVE-2026-50214
creationtimestamp| type| source ---|---|--- 2026-06-04 11:34:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhjqgwkbs2b...
CVE-2026-8916
creationtimestamp| type| source ---|---|--- 2026-06-04 11:10:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhiexchxv2b...