Lucene search
K

346 matches found

OSV
OSV
added 2026/03/12 6:16 p.m.7 views

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.8AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/12 5:59 p.m.3 views

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.8AI score0.00164EPSS
Exploits0References9
CVE
CVE
added 2026/03/12 5:59 p.m.104 views

CVE-2025-13462

CVE-2025-13462 concerns the Python tarfile module: it would normalize AREGTYPE (\x00) blocks to DIRTYPE even when processing GNU LONGNAME/LONGLINK multiblock members, which could cause a crafted tar archive to be interpreted differently from other implementations. Affected stack/impact are descri...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-25023

Name of the Vulnerable Software and Affected Versions tarfile module affected versions not specified Description The 'tarfile' module incorrectly normalizes AREGTYPE blocks to DIRTYPE when processing multi-block members like GNUTYPE LONGNAME or GNUTYPE LONGLINK. This can cause crafted tar archive...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References114
RedhatCVE
RedhatCVE
added 2026/03/11 11:57 p.m.3 views

CVE-2026-31838

A flaw was found in Istio. This vulnerability in Envoy's Role-Based Access Control RBAC header matching could allow an attacker to bypass authorization policies. By crafting requests with multiple header values, an attacker could cause Envoy to misinterpret the header, leading to unauthorized...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/04 9:31 a.m.6 views

EUVD-2026-9380

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

7.8CVSS5.9AI score0.00213EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 9:15 a.m.5 views

CVE-2026-27444

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/04 9:15 a.m.3 views

CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS6.1AI score0.0078EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:47 a.m.3 views

CVE-2026-27444

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

7.8CVSS5.9AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 8:45 a.m.4 views

CVE-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

5.4CVSS5.8AI score0.0078EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005380 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient...

7.3CVSS6AI score0.00531EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 1:16 a.m.11 views

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...

6.5CVSS0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4506 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path in github.com/open-policy-agent/opa-envoy-plugin

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsedpath in github.com/open-policy-agent/opa-envoy-plugin...

7.1CVSS5.3AI score0.0038EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : wget-1.21.1-8.el9_4 (AXSA:2024-8748:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8748:02 advisory. wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 Tenable has extracted the preceding description block directly from the...

9.1CVSS7.5AI score0.00672EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : wget-1.19.5-12.el8_10 (AXSA:2024-8669:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8669:01 advisory. wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 Tenable has extracted the preceding description block directly from the...

9.1CVSS8.2AI score0.00672EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1098)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to...

5.9CVSS6.1AI score0.00575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1057)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar implementation would...

7.5CVSS6.4AI score0.00611EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.1 views

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1078)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to...

5.9CVSS6.1AI score0.00575EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.6 views

CVE-2019-18624

Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO aka Right to Left Override approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and...

9.8CVSS7AI score0.01407EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-14946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This...

4.8CVSS6.3AI score0.00118EPSS
Exploits0References4
Rows per page
Query Builder