Lucene search
K

17 matches found

CVE
CVE
added 2026/06/11 1:31 p.m.33 views

CVE-2026-11816

CVE-2026-11816 affects Keras

8.1CVSS7.6AI score0.00518EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/06/03 9:13 p.m.11 views

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

7.1CVSS5.5AI score0.00113EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31346

Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...

8.1CVSS6.5AI score0.00545EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-006297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006297 advisory. A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and...

7CVSS7.3AI score0.00682EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.1 views

CVE-2026-28452

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

6.7CVSS5.9AI score0.00319EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.3 views

CVE-2025-65806

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...

7.8AI score0.00262EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.9 views

PT-2025-49119

Name of the Vulnerable Software and Affected Versions E-POINT CMS version eagle.gsam-1169.1 Description The software’s file upload feature does not properly manage nested archive files. An attacker can upload a nested ZIP archive, containing another ZIP archive with an executable file, such as a...

8CVSS8AI score0.00262EPSS
Exploits1References7
CVE
CVE
added 2025/10/01 12:0 a.m.39 views

CVE-2025-59682

The CVE-2025-59682 issue affects Django versions 4.2<4.2.25, 5.1<5.1.13, and 5.2

6.5CVSS6.5AI score0.0085EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2025/09/16 12:0 a.m.1 views

Ubuntu: Security Advisory (USN-7748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS6.8AI score0.00731EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-23177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide...

7.8CVSS7.4AI score0.00367EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-31566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of th...

7.8CVSS6.8AI score0.00366EPSS
Exploits0References2
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

GPT Academic path traversal vulnerability (CNVD-2025-22739)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a path traversal vulnerability that stems from an unverified 7z file extraction, which can be exploited by an attacker to perform arbitrary file writes, leadi...

8.8CVSS8.2AI score0.01478EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/01/22 3:48 a.m.5 views

SUSE CVE-2025-0411

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...

7CVSS7.2AI score0.67071EPSS
Exploits8References3
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.4 views

PT-2024-1695 · Jetbrains · Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.3.3 Description: The issue is related to errors in handling relative paths to directories in the Archive Extraction Handler component of the IntelliJ IDEA integrated development environment...

4.3CVSS5.2AI score0.00275EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1737

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...

7.5CVSS8.7AI score0.00362EPSS
Exploits0References6
Snyk
Snyk
added 2019/05/13 7:35 a.m.1 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/mholt/archiver/v3/cmd/arc is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the Unarchive functions. Details It is exploited using a specially crafted z...

5.8CVSS7.8AI score0.06552EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/06/11 1:21 p.m.6 views

jar: directory traversal vulnerability

A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...

5CVSS5.8AI score0.06717EPSS
Exploits1References4
Rows per page
Query Builder