Lucene search
K

724 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 1:14 p.m.10 views

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

9.8CVSS6.4AI score0.00624EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 1:14 p.m.15 views

EUVD-2026-32494

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

9.8CVSS6.4AI score0.00624EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 1:14 p.m.53 views

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

9.8CVSS0.00624EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

IBM Langflow 路径遍历漏洞

IBM Langflow is a visual process orchestration tool developed by IBM Corporation. Versions 1.0.0 to 1.9.1 of IBM Langflow contain a path traversal vulnerability. This vulnerability arises from improper validation of symbolic links during archive extraction, which may lead to remote code execution...

9.8CVSS6.1AI score0.00624EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in php-pear

In ArchiveTar before version 1.4.14, symlinks can reference targets outside of the extracted archive. This is a separate vulnerability from CVE-2020-36193...

7.1CVSS7.1AI score0.73377EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 12:0 p.m.6 views

RUSTSEC-2026-0145 PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.8AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/16 10:13 p.m.98 views

bun-archive-traversal-poc

Bun Archive Extraction Traversal PoCs Target: oven-sh/bun...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:21 a.m.7 views

CVE-2026-41530

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: libarchive (UTSA-2026-017751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017751 advisory. An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the...

7.8CVSS5.8AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:38 p.m.8 views

CVE-2026-44340

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39297

Name of the Vulnerable Software and Affected Versions SharpCompress affected versions not specified Description A path traversal issue exists in the IArchive.WriteToDirectory method, specifically within the WriteToDirectoryInternal and WriteToDirectoryAsyncInternal functions. This allows a...

6.5CVSS5.9AI score0.00313EPSS
Exploits1References7
NVD
NVD
added 2026/05/07 8:16 p.m.21 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS0.0017EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.12 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9AI score0.0017EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. - jenkins: FilePathmkdirs does not check permission to create parent directories CVE-2021-21685 - jenkins: File path filters do not...

9.8CVSS5.9AI score0.02451EPSS
Exploits0References30
NVD
NVD
added 2026/05/04 6:16 p.m.14 views

CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.8CVSS0.00168EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 5:33 p.m.7 views

EUVD-2026-27081

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS6.3AI score0.00168EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/04 5:33 p.m.38 views

CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS0.00168EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/04 5:33 p.m.6 views

CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS6.3AI score0.00168EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:33 p.m.5 views

CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS6.3AI score0.00168EPSS
Exploits0References8
CVE
CVE
added 2026/05/04 5:33 p.m.10 views

CVE-2026-43616

Detect-It-Easy (pre-3.21) contains a path traversal vulnerability that allows writing arbitrary files via crafted archive entries (relative traversals or absolute paths). Insufficient path normalization during archive extraction can write outside the target directory and may enable persistent cod...

7.8CVSS6.3AI score0.00168EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder