Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2026/05/16 5:34 a.m.7 views

Directory Traversal

OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...

9.4CVSS6.2AI score0.00107EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/07/19 12:0 a.m.4 views

Azure Linux 3.0 Security Update: python3 (CVE-2025-4138)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4138 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

7.5CVSS7.1AI score0.00273EPSS
Exploits7References2
Amazon
Amazonadded 2025/06/23 12:0 a.m.7 views

Important: python3.11

Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

9.4CVSS8.1AI score0.01012EPSS
Exploits14
AlpineLinux
AlpineLinuxadded 2025/06/03 12:59 p.m.7 views

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.8AI score0.0079EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2025/06/03 12:59 p.m.8 views

CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8.5AI score0.00273EPSS
Exploits7
AlpineLinux
AlpineLinuxadded 2025/06/03 12:58 p.m.12 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.7AI score0.00403EPSS
Exploits11
Positive Technologies
Positive Technologiesadded 2025/06/03 12:0 a.m.5 views

PT-2025-23607

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description This vulnerability allows modification of file metadata e.g., last modified or file permissions of files outside the intended extraction directory when using the tarfile module to extract untrusted ta...

10CVSS7.3AI score0.01639EPSS
Exploits14References238
Rows per page
Query Builder