CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

Security Bulletin: IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682.

Summary IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59681 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.25,...

EUVD-2022-1241

Malicious code in bioql PyPI...

Erlang/OTP (Erlang OTP) Path Traversal Vulnerability (Jun 2025)

Erlang/OTP Erlang OTP is prone to a restricted directory SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:erlang:erlang%2fotp";...

CVE-2025-46652

In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via...

CVE-2024-45436

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...