CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

EUVD-2025-37038

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

EUVD-2018-18053

Malware in sbrugna...

EUVD-2018-18054

Malware in sbrugna...

EUVD-2025-11979

Malicious code in bioql PyPI...

CVE-2025-47579

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through = 7.7.2...

PT-2025-36764

Name of the Vulnerable Software and Affected Versions: ThemeGoods Photography versions n/a through 7.5.2 Description: The software is susceptible to deserialization of untrusted data. Recommendations: Update ThemeGoods Photography to a version later than 7.5.2...

CVE-2025-47584

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

CVE-2025-47584

WordPress Photography Theme

WordPress plugin Photography 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...

CVE-2025-43865

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has bee...

CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has bee...

CVE-2025-43865

CVE-2025-43865 affects React Router on the 7.0 branch before 7.5.2. The issue allows an attacker to modify pre-rendered data by adding a header to the request, enabling complete spoofing of the data object passed to the HTML. The vulnerability is patched in version 7.5.2. IBM’s bulletin notes thi...

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

PT-2025-17867

Name of the Vulnerable Software and Affected Versions React Router versions 7.2.0 through 7.5.2 Description The issue allows an attacker to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an erro...

CVE-2025-30964

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through 7.7.6...

CVE-2025-30168

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...

CVE-2025-22702

Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through = 7.7.2...