CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/18 12:41 a.m.•1 views

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

7.5CVSS6.2AI score0.00439EPSS

Cvelist•added 2026/04/18 12:41 a.m.•35 views

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

7.5CVSS0.00439EPSS

EUVD•added 2026/04/18 12:41 a.m.•4 views

EUVD-2026-23626

8.1CVSS6.1AI score0.00927EPSS

ATTACKERKB•added 2026/04/18 12:41 a.m.•2 views

CVE-2026-35465

8.1CVSS6.1AI score0.00927EPSS

Exploits0References4Affected Software1

CVE•added 2026/04/18 12:41 a.m.•12 views

CVE-2026-35465

CVE-2026-35465 affects SecureDrop Client

7.5CVSS6.1AI score0.00439EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/18 12:0 a.m.•7 views

PT-2026-33546

Name of the Vulnerable Software and Affected Versions SecureDrop Client versions prior to 0.17.5 Description Improper filename validation during gzip archive extraction allows a compromised SecureDrop Server to achieve code execution on the Client virtual machine sd-app. This occurs because the...

7.5CVSS6.2AI score0.00439EPSS

CNNVD•added 2026/04/18 12:0 a.m.•7 views

securedrop-client 安全漏洞

Securedrop-client is an open-source application developed by the Freedom of the Press Foundation. Versions of Securedrop-client prior to 0.17.4 contain security vulnerabilities. These vulnerabilities stem from improper filename validation during the gzip archive extraction process. Allowing...

7.5CVSS5.9AI score0.00439EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-3974

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00927EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-3975

Malicious code in bioql PyPI...

4.5CVSS6.5AI score0.00189EPSS

RedhatCVE•added 2025/02/15 6:22 p.m.•5 views

CVE-2025-24889

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

4.5CVSS7.2AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/02/15 6:21 p.m.•8 views

CVE-2025-24888

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine sd-app. SecureDrop Server...

8.1CVSS7.2AI score0.00927EPSS

Exploits0References1

NVD•added 2025/02/13 6:18 p.m.•6 views

CVE-2025-24889

4.5CVSS0.00189EPSS

NVD•added 2025/02/13 6:18 p.m.•14 views

CVE-2025-24888

8.1CVSS0.00927EPSS

Vulnrichment•added 2025/02/13 5:34 p.m.•5 views

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

4.5CVSS7.3AI score0.00189EPSS

Cvelist•added 2025/02/13 5:34 p.m.•13 views

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

4.5CVSS0.00189EPSS

CVE•added 2025/02/13 5:34 p.m.•59 views

CVE-2025-24889

The CVE-2025-24889 issue affects the SecureDrop Client (Workstation) prior to versions 0.14.1 and 1.0.1. A path traversal flaw in the sd-log VM’s log-writing logic allows an attacker who already has code execution on another VM to cause code execution in sd-log by sending a crafted log entry. Thi...

4.5CVSS5AI score0.00189EPSS

Vulnrichment•added 2025/02/13 5:32 p.m.•10 views

CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply()

8.1CVSS7.2AI score0.00927EPSS

Cvelist•added 2025/02/13 5:32 p.m.•30 views

CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply()

8.1CVSS0.00927EPSS