GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

Summary A path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. CWE: CWE-22 Improper...

CVE-2026-22871

GuardDog has a path traversal vulnerability in its safe_extract() implementation (guarddog/utils/archives.py) that allows a PyPI package to write files outside the extraction directory, enabling Arbitrary File Overwrite and Remote Code Execution. Affected before version 2.7.1; the issue stems fro...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

EUVD-2026-2012

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

e107 代码问题漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A code issue vulnerability exists in...

PT-2026-2415

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description e107 CMS version 3.2.1 has a file upload issue. Authenticated administrators can overwrite server files using path traversal. The issue is located in the Media Manager’s remote URL upload functionality,...

PT-2026-2805

Name of the Vulnerable Software and Affected Versions GuardDog versions prior to 2.7.1 Description GuardDog is a command-line interface CLI tool used to identify malicious PyPI packages. A path traversal flaw exists in the safe extract function, potentially allowing malicious PyPI packages to wri...

PT-2026-2611

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System daemon nfsd contains a flaw in the nfsd4 add rdaccess to wrdeleg function. This function improperly manages references to nfsd file objects, leadin...

PT-2026-2392

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description The application contains a file upload issue that allows administrators with authentication to overwrite server files using the Media Manager import functionality. Specifically, attackers can manipulate the...

MiracleLinux 8 : socat-1.7.4.1-2.el8_10 (AXSA:2025-10502:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10502:01 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : socat-1.7.4.1-6.el9_6.1 (AXSA:2025-10632:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10632:02 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : podman-5.6.0-6.el9_7 (AXSA:2025-11464:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11464:11 advisory. database/sql: Postgres Scan Race Condition CVE-2025-47907 podman: Podman kube play command may overwrite host files CVE-2025-9566 Tenable has...

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

Security update for wget2 (important)

openSUSE Security Update: Security update for wget2 Announcement ID: openSUSE-SU-2026:0010-1 Rating: important References: 1255728 1255729 Cross-References: CVE-2025-69194 CVE-2025-69195 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes two vulnerabilities is now available...

CVE-2026-22685

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...