17 matches found
CVE-2026-11816
CVE-2026-11816 affects Keras
XML External Entity Injection
Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...
PT-2026-31346
Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-006297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006297 advisory. A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and...
CVE-2026-28452
OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...
CVE-2025-65806
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...
PT-2025-49119
Name of the Vulnerable Software and Affected Versions E-POINT CMS version eagle.gsam-1169.1 Description The software’s file upload feature does not properly manage nested archive files. An attacker can upload a nested ZIP archive, containing another ZIP archive with an executable file, such as a...
CVE-2025-59682
The CVE-2025-59682 issue affects Django versions 4.2<4.2.25, 5.1<5.1.13, and 5.2
Ubuntu: Security Advisory (USN-7748-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2021-23177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide...
Linux Distros Unpatched Vulnerability : CVE-2021-31566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of th...
GPT Academic path traversal vulnerability (CNVD-2025-22739)
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a path traversal vulnerability that stems from an unverified 7z file extraction, which can be exploited by an attacker to perform arbitrary file writes, leadi...
SUSE CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...
PT-2024-1695 · Jetbrains · Intellij Idea
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.3.3 Description: The issue is related to errors in handling relative paths to directories in the Archive Extraction Handler component of the IntelliJ IDEA integrated development environment...
SUSE CVE-2020-1737
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/mholt/archiver/v3/cmd/arc is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the Unarchive functions. Details It is exploited using a specially crafted z...
jar: directory traversal vulnerability
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...