724 matches found
CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...
EUVD-2026-32494
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...
CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...
IBM Langflow 路径遍历漏洞
IBM Langflow is a visual process orchestration tool developed by IBM Corporation. Versions 1.0.0 to 1.9.1 of IBM Langflow contain a path traversal vulnerability. This vulnerability arises from improper validation of symbolic links during archive extraction, which may lead to remote code execution...
Astra Linux – Vulnerability in php-pear
In ArchiveTar before version 1.4.14, symlinks can reference targets outside of the extracted archive. This is a separate vulnerability from CVE-2020-36193...
RUSTSEC-2026-0145 PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
bun-archive-traversal-poc
Bun Archive Extraction Traversal PoCs Target: oven-sh/bun...
CVE-2026-41530
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...
Unity Linux 20.1070e Security Update: libarchive (UTSA-2026-017751)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017751 advisory. An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the...
CVE-2026-44340
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...
PT-2026-39297
Name of the Vulnerable Software and Affected Versions SharpCompress affected versions not specified Description A path traversal issue exists in the IArchive.WriteToDirectory method, specifically within the WriteToDirectoryInternal and WriteToDirectoryAsyncInternal functions. This allows a...
CVE-2026-39817
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
CVE-2026-39817
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
RHCOS 4 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. - jenkins: FilePathmkdirs does not check permission to create parent directories CVE-2021-21685 - jenkins: File path filters do not...
CVE-2026-43616
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
EUVD-2026-27081
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
CVE-2026-43616
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
CVE-2026-43616
Detect-It-Easy (pre-3.21) contains a path traversal vulnerability that allows writing arbitrary files via crafted archive entries (relative traversals or absolute paths). Insufficient path normalization during archive extraction can write outside the target directory and may enable persistent cod...