CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1271 matches found

OSV•added 2026/03/12 6:16 p.m.•1 views

DEBIAN-CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.2AI score0.00021EPSS

Exploits0References1

NVD•added 2026/03/12 6:16 p.m.•1 views

CVE-2025-13462

2CVSS0.00021EPSS

Exploits0References9

OSV•added 2026/03/12 6:16 p.m.•1 views

CVE-2025-13462

2CVSS5.8AI score

Exploits0References6

UbuntuCve•added 2026/03/12 6:16 p.m.•1 views

CVE-2025-13462

2CVSS5.9AI score0.00021EPSS

Exploits0References1

OSV•added 2026/03/12 6:16 p.m.•1 views

UBUNTU-CVE-2025-13462

2CVSS5.8AI score0.00021EPSS

Exploits0References2

Cvelist•added 2026/03/12 5:59 p.m.•26 views

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

2CVSS0.00021EPSS

Exploits0References9

OSV•added 2026/03/12 5:59 p.m.•1 views

PSF-2026-10

2CVSS5.8AI score0.00021EPSS

Exploits0References8

Debian CVE•added 2026/03/12 5:59 p.m.•3 views

CVE-2025-13462

2CVSS5.2AI score0.00021EPSS

Exploits0

ATTACKERKB•added 2026/03/12 5:59 p.m.•5 views

CVE-2025-13462

2CVSS5.8AI score0.00021EPSS

Exploits0References7Affected Software1

CVE•added 2026/03/12 5:59 p.m.•16 views

CVE-2025-13462

The CVE concerns Python's tarfile module: during handling of GNU long-name/long-link members, normalization of AREGTYPE (0x00) blocks to DIRTYPE is still applied, which can cause a crafted tar to be misinterpreted relative to other implementations. Public records show the issue being addressed by...

2CVSS5.8AI score0.00021EPSS

Exploits0References9

Vulnrichment•added 2026/03/12 5:59 p.m.•2 views

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

2CVSS5.8AI score0.00021EPSS

Exploits0References9

CNNVD•added 2026/03/12 12:0 a.m.•2 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from improper DIRTYPE normalization when applying AREGTYPE block handling for multiple member blocks. This vulnerability may lead to the incorrect interpretation of...

2CVSS5.8AI score0.00021EPSS

Exploits0References4

Tenable Nessus•added 2026/03/10 12:0 a.m.•1 views

Multiple Cisco Products Snort 3 DoS Vulnerabilities (cisco-sa-snort3-multi-dos-XFWkWSwz_CVE-2026-20066)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. - Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in ...

5.8CVSS5.8AI score0.00058EPSS

Exploits0References17

OSV•added 2026/03/06 8:38 a.m.•1 views

BIT-DJANGO-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

7.5CVSS5.8AI score0.0024EPSS

Exploits0References4

Veracode•added 2026/03/06 7:24 a.m.•1 views

Authentication Bypass

Astro is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent path normalization between Astro’s routing logic and middleware validation, where routing applies decodeURI but middleware checks context.url.pathname without decoding, allowing attackers to access protected...

6.9CVSS5.8AI score0.00041EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/03/05 7:31 p.m.•2 views

CVE-2026-20066

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...

5.8CVSS6AI score0.00058EPSS

Exploits0References1

Github Security Blog•added 2026/03/05 12:57 a.m.•11 views

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

7.7CVSS6AI score0.00012EPSS

Exploits0References8Affected Software1

Snyk•added 2026/03/04 9:20 p.m.•1 views

Server-side Request Forgery (SSRF)

Overview @opennextjs/cloudflare is a Cloudflare builder for next apps Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the cdn-cgi/image/ handler due to improper path normalization. An attacker can cause the server to fetch arbitrary remote URLs and...

9.3CVSS5.9AI score0.00012EPSS

Exploits0References2

NVD•added 2026/03/04 7:16 p.m.•2 views

CVE-2026-3125

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

7.7CVSS0.00012EPSS

Exploits0References4

EUVD•added 2026/03/04 6:31 p.m.•2 views

EUVD-2026-9465

5.8CVSS6AI score0.00058EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by