Lucene search
K

6 matches found

EUVD
EUVD
added 2 days ago8 views

EUVD-2026-41878

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00125EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 2:47 p.m.6 views

BIT-NODE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS6AI score0.01633EPSS
Exploits2References21
OSV
OSV
added 2025/10/04 12:11 a.m.8 views

RLSA-2025:10136 Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.6CVSS6.8AI score0.01184EPSS
Exploits14References6
CVE
CVE
added 2025/09/23 8:0 p.m.23 views

CVE-2025-59825

CVE-2025-59825 affects astral-tokio-tar (Rust) up to v0.5.3: tar extraction can escape the target dir via Entry::unpack_in_raw and via a symlink pair that bypasses allow_external_symlinks, potentially enabling arbitrary file writes and code execution. The issue is fixed in v0.5.4; upgrading is re...

8.6CVSS7.2AI score0.00202EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/23 5:45 p.m.9 views

astral-tokio-tar has a path traversal in tar extraction

Impact In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which defaults to true could be bypassed via a pair of symlinks that...

8.6CVSS7.8AI score0.00202EPSS
Exploits0References5Affected Software1
0day.today
0day.today
added 2011/06/11 12:0 a.m.42 views

cPanel X / WHM 11.30.0 (build 27) Read Files / Symlinks Bypass

Exploit for php platform in category web applications cPanel X / WHM 11.30.0 build 27 Read Files / Symlinks Bypass !! Version : 11.30.0 Author : ZxH-Labs Date : 1st OF Jun 2011 Tested On CentOS Software Link : http://www.cpanel.net Home: 1337day.com Inj3ct0r Exploit DataBase + Exploiting cPanel x...

7.1AI score
Exploits0
Rows per page
Query Builder