144 matches found
EUVD-2021-1620
Malware in sbrugna...
EUVD-2021-1684
Malware in sbrugna...
EUVD-2015-8778
Malware in sbrugna...
EUVD-2016-2471
Malware in sbrugna...
EUVD-2022-1556
Malicious code in bioql PyPI...
MAL-2025-47739 Malicious code in varshade-7z (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in varshade-7z (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2025-12132 · Unknown +1 · Binary-Husky/Gpt Academic +1
Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version git 310122f Description: A path traversal vulnerability exists in the application. The application extracts user-provided 7z files without proper validation. The Python py7zr package used for extraction does...
CVE-2025-1240
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...
CVE-2025-1240
Summary: CVE-2025-1240 corresponds to a WinZip 7Z file parsing vulnerability that enables remote code execution via an out-of-bounds/write within the 7Z parser. The issue stems from insufficient validation of user-supplied data, potentially allowing code execution in the affected process. Exploit...
CVE-2025-1240 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. Th...
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...
USN-7030-1: py7zr vulnerability
It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...
ROS-20240806-01
A vulnerability in the Apache Commons Compress archiver is related to the execution of a loop without sufficiently limiting the the number of times it can be executed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service by using specially crafted 7...
Atlassian Confluence 7.19.23 < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96100)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96100 advisory. - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This...
Atlassian Confluence < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96101)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96101 advisory. - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error...
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server
This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
RHEL 8 : apache-commons-compress (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive...
Debian dsa-5652 : python-py7zr-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5652 advisory. - A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via...