314 matches found
CVE-2026-1933
Samba CVE-2026-1933 involves missing SMB-layer access checks for NTFS-style reparse points on read-only = yes shares. Authenticated users with underlying filesystem write permissions can create or delete reparse point metadata via SMB, potentially altering SMB-visible file behavior (e.g., convert...
Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4138)
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...
Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4330)
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
CVE-2025-12849
The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...
Malicious code in load-abstract-final-static-pipe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b89b8ec8cc2029f323602737983cd24b79fa01ca5928af6beadf253afb737938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189016 Malicious code in quark-charon-hercules-lepton (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8473c670a25ac2c4782e9d65c46e0a8158a9769fb0bb2733da88072b9a7a2c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185879 Malicious code in boolean-reject-balance-sun-slow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 436d2a7d547003a68729e3922ccf2d7012044960c4bae007727f0bb68cb43ce9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187496 Malicious code in install-enif-blitz-supervisor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36141e3666f8c066649d564f1f74956d7c95b2120dc6f9c0abec69c4a3bfb1b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sagitta-antares-winston-dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ddd0b309f243a59e5c481a498f75eb1c403e12809499a7c5b5fee2a091da4f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in itale-dci-rrusysyt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f42093684a00b5d297d4b3b23901d99c50a178355920d27359621806336f66b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183296 Malicious code in kiudt-acavog-fafiufug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8c0ebd2c1e6d9fcf3738cff65387dab6ad9671f71575a8d13a06f8491e6d571 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184393 Malicious code in modiov-kihoan-afmcauxabtr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 037d579bfe30f44cf77187b5e2ae6022111e5141157db23d6175bdf3cbb60962 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185325 Malicious code in unise-kiat-bida (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 799c4dd38a502e4a3e432412686e407a46d3a46b1fcf894b194dfaddc7679351 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184714 Malicious code in oloc-uyg-ugoyugxechafi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b919be1375dd4d8cabfc3066c51b2573e1094291c609b147d14e9548a7a1050f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183707 Malicious code in manu-oib-gisosaugaiug1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e52771ed39b52ef9a6db31976a79e8e949872fb85d9bcb2066ceb008e64fc48 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in imuay-agig-iyucauaugafg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec5110549c90735003ccf89029f171fe9c000e134c5167da507d77e55aa285b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in flights-lutuiog-aloinalia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f1205e59dc44f36ddb82dc35382403d48ceb7c77ba6ed18626576e0ca12a8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184573 Malicious code in odasv-kinu-bivoyicaguab (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99b09206b70eefbf83137bc8ceb989d68dc35f6065185f7f61a4fa62e613ed52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183566 Malicious code in lomi-fuis-fas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3154af47d48c9c2f5035c03e1b635eec4392ff595555bb653782ba557756df21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...