CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Github Security Blog•added 2026/01/28 12:31 a.m.•7 views

vlt Mishandles Path Sanitization for tar

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0001EPSS

Exploits0References7Affected Software1

NVD•added 2026/01/27 11:15 p.m.•4 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS0.0001EPSS

Exploits0References4

Snyk•added 2026/01/27 10:47 p.m.•2 views

Relative Path Traversal

Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...

5.9CVSS6AI score0.0001EPSS

Exploits0References2

CVE•added 2026/01/27 10:14 p.m.•9 views

CVE-2026-24909

CVE-2026-24909 concerns the vlt project: vulnerable in versions before 1.0.0-rc.10 due to improper path sanitization in tar extraction, enabling path traversal. In practice, a tar archive with crafted file paths could lead to extraction of files outside the target directory, as described in multi...

5.9CVSS5.9AI score0.0001EPSS

Exploits0References4

Vulnrichment•added 2026/01/27 10:14 p.m.•0 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0001EPSS

Exploits0References4

ATTACKERKB•added 2026/01/27 10:14 p.m.•3 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0001EPSS

Exploits0References5

EUVD•added 2026/01/27 10:14 p.m.•3 views

EUVD-2026-4860

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0001EPSS

Exploits0References4

Positive Technologies•added 2026/01/27 12:0 a.m.•5 views

PT-2026-5031

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0001EPSS

Exploits0References5

Prion•added 2006/01/18 12:7 a.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a url BBcode tag...

4.3CVSS6.1AI score0.00416EPSS

Exploits0References5Affected Software1

Prion•added 2006/01/18 12:7 a.m.•6 views

Sql injection

SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters...

7.5CVSS9.1AI score0.0173EPSS

Exploits1References8Affected Software1

CVE•added 2006/01/18 12:0 a.m.•43 views

CVE-2006-0234

CVE-2006-0234 documents a SQL injection vulnerability in the web application component: index.php of the microBlog 2.0 RC-10 release. The underlying issue is an injection flaw that allows remote attackers to append arbitrary SQL commands via the two parameters, (1) month and (2) year. The vulnera...

7.5CVSS8.4AI score0.0173EPSS

Exploits1References8Affected Software1

Cvelist•added 2006/01/18 12:0 a.m.•14 views

CVE-2006-0233

Cross-site scripting XSS vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a url BBcode tag...

5.7AI score0.00416EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by