Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/17 7:51 a.m.8 views

CVE-2026-7774

A flaw was found in the tarfile.datafilter function within the Python tarfile module. A remote attacker could exploit this vulnerability by providing a specially crafted tar archive containing malicious link entries, such as symlinks with empty or directory-like names. This bypass allows the...

6.9CVSS5.6AI score0.00606EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.5 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS7.3AI score0.01109EPSS
Exploits7References10
RedhatCVE
RedhatCVE
added 2025/12/10 4:32 a.m.7 views

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

8.6CVSS6.8AI score0.00349EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-4138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You...

7.5CVSS7.4AI score0.01109EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2025/07/07 11:25 a.m.5 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
Rows per page
Query Builder