CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2136

Malware in sbrugna...

9.8CVSS7.2AI score0.28615EPSS

Exploits0References34

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-2198

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02401EPSS

Exploits0References16

Github Security Blog•added 2024/06/05 5:30 p.m.•13 views

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...

7.5AI score

Exploits0References3Affected Software1

OSV•added 2024/06/05 5:30 p.m.•10 views

GHSA-4V5G-8PQ2-32M2 By-passing Protection of PharStreamWrapper Interceptor

7.5AI score

Exploits0References2

OSV•added 2022/05/24 4:45 p.m.•25 views

GHSA-3HXW-G85P-QGXM PharStreamWrapper for Typo3 unsafe deserialization vulnerability

PharMetaDataInterceptor in the PharStreamWrapper aka phar-stream-wrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism...

9.8CVSS9.3AI score0.02401EPSS

Exploits0References9

Github Security Blog•added 2022/05/24 4:45 p.m.•20 views

PharStreamWrapper for Typo3 unsafe deserialization vulnerability

9.8CVSS6.9AI score0.02401EPSS

Exploits0References10Affected Software1

Github Security Blog•added 2021/09/30 5:10 p.m.•104 views

Directory Traversal in typo3/phar-stream-wrapper

The PharStreamWrapper aka phar-stream-wrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL...

9.8CVSS5.7AI score0.28615EPSS

Exploits0References27Affected Software3

OSV•added 2021/09/30 5:10 p.m.•60 views

GHSA-XV7V-RF6G-XWRC Directory Traversal in typo3/phar-stream-wrapper

9.8CVSS9.4AI score0.28615EPSS

Exploits0References26

Tenable Nessus•added 2019/06/27 12:0 a.m.•31 views

Fedora 30 : php-brumann-polyfill-unserialize / php-typo3-phar-stream-wrapper2 (2019-a8121923d5)

Two security updates have been released for PharStreamWrapper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

9.8CVSS7.2AI score0.28615EPSS

Exploits0References3

NVD•added 2019/05/09 4:29 a.m.•13 views

CVE-2019-11831

9.8CVSS9.5AI score0.28615EPSS

Exploits0References15

OSV•added 2019/05/09 4:29 a.m.•27 views

CVE-2019-11831

9.8CVSS7.2AI score

Exploits0References15

Prion•added 2019/05/09 4:29 a.m.•25 views

Deserialization of untrusted data

7.5CVSS9.3AI score0.28615EPSS

Exploits0References15Affected Software5

NVD•added 2019/05/09 4:29 a.m.•15 views

CVE-2019-11830

9.8CVSS9.5AI score0.02401EPSS

Exploits0References6

OSV•added 2019/05/09 4:29 a.m.•18 views

CVE-2019-11830

9.8CVSS7.2AI score

Exploits0References6

UbuntuCve•added 2019/05/09 4:29 a.m.•26 views

CVE-2019-11831

9.8CVSS6.8AI score0.28615EPSS

Exploits0References5

OSV•added 2019/05/09 4:29 a.m.•0 views

UBUNTU-CVE-2019-11831

9.8CVSS6.8AI score0.28615EPSS

Exploits0References6

CVE•added 2019/05/09 3:52 a.m.•304 views

CVE-2019-11831

CVE-2019-11831 affects Drupal’s TYPO3 phar-stream-wrapper integration. The vulnerability arises from incomplete validation in the phar:// stream wrapper library, enabling directory traversal that bypasses a deserialization protection mechanism. Affected: phar-stream-wrapper versions 2.x before 2....

9.8CVSS9.3AI score0.28615EPSS

Exploits0References15Affected Software1