6 matches found
EUVD-2026-41878
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...
BIT-NODE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
RLSA-2025:10136 Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2025-59825
CVE-2025-59825 affects astral-tokio-tar (Rust) up to v0.5.3: tar extraction can escape the target dir via Entry::unpack_in_raw and via a symlink pair that bypasses allow_external_symlinks, potentially enabling arbitrary file writes and code execution. The issue is fixed in v0.5.4; upgrading is re...
astral-tokio-tar has a path traversal in tar extraction
Impact In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which defaults to true could be bypassed via a pair of symlinks that...
cPanel X / WHM 11.30.0 (build 27) Read Files / Symlinks Bypass
Exploit for php platform in category web applications cPanel X / WHM 11.30.0 build 27 Read Files / Symlinks Bypass !! Version : 11.30.0 Author : ZxH-Labs Date : 1st OF Jun 2011 Tested On CentOS Software Link : http://www.cpanel.net Home: 1337day.com Inj3ct0r Exploit DataBase + Exploiting cPanel x...