724 matches found
EUVD-2026-42904
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...
EUVD-2026-42770
decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...
EUVD-2026-42768
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-39246
decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-58198
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
EUVD-2026-42685
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-39246
decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-39246
decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...
CVE-2026-39243
The CVE-2026-39243 entry concerns decompress before 4.2.2, where archive extraction can create arbitrary hardlinks. During processing of hardlink entries (type === 'link'), the x.linkname field is passed directly to fs.link() without validation, enabling an attacker to craft an archive whose hard...
CVE-2026-39246
The connected documents confirm a concrete vulnerability in the decompression tool: before v4.2.2, symlink entries (type === 'symlink') pass the archive’s x.linkname directly to fs.symlink() without validation. The existing preventWritingThroughSymlink check only applies to file entries, not syml...
CVE-2026-59820 LiteLLM: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...
Important: docker
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
CVE-2026-6101
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
GHSA-MP2F-45PM-3CG9 Decompress: Archive extraction can create files and links outside of the target directory
Impact When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the...
PT-2026-56053
Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...
UBUNTU-CVE-2026-20216
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...
CVE-2026-13165
SzafirHost verifies the downloaded native library archive with one JarFile parser reading the Central Directory but extracts native libraries with JarInputStream parser reading sequentially from local file headers. An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as...