CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

MINI-GR34-GG4Q-8P8R

Bulletin has no description...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

CVE-2025-15515

The CVE relates to an authentication flaw in a feature of the EasyShare module that can lead to data leakage when conditions on a local network are met. According to the entry, the issue has a CVSS v4.0 base score of 6.9 (Medium) with an Adjacent attack vector, Low attack complexity, no privilege...

[SECURITY] Fedora 42 Update: dnf5-5.2.18.0-2.fc42

DNF5 is a command-line package manager that automates the process of installi ng, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments...

PT-2026-25299

CVE-2026-32455 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects ... https://t.co/yGGoLxAaYH...

ROS-20260313-73-0038

A vulnerability in the unregistervlandev function of the 8021q Module component of the Linux operating system kernel is related to the failure to free memory after an effective lifetime. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

SAP NetWeaver AS ABAP Missing Authorization Check (3704740)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a missing authorization check vulnerability as referenced in the SAP Security Patch Day March 2026: - Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticat...

PT-2026-25151

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

EUVD-2026-11706

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

GO-2026-4689 Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth

Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

EUVD-2026-11627

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

DEBIAN-CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

UBUNTU-CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462

CVE-2025-13462 concerns the Python tarfile module: it would normalize AREGTYPE (\x00) blocks to DIRTYPE even when processing GNU LONGNAME/LONGLINK multiblock members, which could cause a crafted tar archive to be interpreted differently from other implementations. Affected stack/impact are descri...

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...