58787 matches found
CVE-2019-25744
creationtimestamp| type| source ---|---|--- 2026-06-04 14:59:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhv7ynaap26...
CVE-2026-10840
creationtimestamp| type| source ---|---|--- 2026-06-04 14:21:53+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116692281779225455...
CVE-2026-7774
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774
The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...
PSF-2026-26
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-10861
An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...
CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url
An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...
CVE-2026-9491
creationtimestamp| type| source ---|---|--- 2026-06-04 13:20:18+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnhpnwevta2j...
CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...
CVE-2026-10856
CVE-2026-10856 concerns an open redirect in the MISP dashboard button widget due to a URL validation flaw. A crafted relative-looking URL could be accepted as a local path while browsers treat it as an external URL, especially when paths begin with /\ and browsers normalize backslashes to slashes...
CVE-2026-50214
creationtimestamp| type| source ---|---|--- 2026-06-04 11:34:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhjqgwkbs2b...
CVE-2026-8916
creationtimestamp| type| source ---|---|--- 2026-06-04 11:10:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhiexchxv2b...
CVE-2026-47306
creationtimestamp| type| source ---|---|--- 2026-06-04 10:52:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhhfenxnv2e...
CVE-2026-10305
creationtimestamp| type| source ---|---|--- 2026-06-04 10:50:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhhbjo3ab2b...
CVE-2026-50208
creationtimestamp| type| source ---|---|--- 2026-06-04 10:46:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhh2l5poa2b...
CVE-2026-50209
creationtimestamp| type| source ---|---|--- 2026-06-04 10:42:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhgug667e2m...
CVE-2026-7310
creationtimestamp| type| source ---|---|--- 2026-06-04 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-05...