CVE-2026-11210

CVE-2026-11210 concerns Google Chrome’s Safe Browsing component. The issue is an inappropriate implementation that allows a remote attacker to bypass discretionary access control via a crafted RAR file, affecting Chrome builds prior to 149.0.7827.53 . The vulnerability is remote, requires user in...

PT-2026-46736

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. Chromium security severity: Medium...

CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

EUVD-2026-22004

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

CVE-2026-36948

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

CVE-2026-36948

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

WordPress plugin PeproDev Ultimate Invoice 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2026-14561

OpenClaw before 2026.3.2 contains a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory via parent-directory symlink rebind between path validation and file write operations. Attackers can exploit the gap between...

AnythingLLM Code Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

PT-2026-22040

Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.0 Description Manyfold is a self-hosted web application used for managing 3D models, with a focus on 3D printing. Prior to version 0.133.0, a logged-in user could achieve Remote Code Execution RCE when model...

CVE-2020-37193

CVE-2020-37193 concerns ZIP Password Recovery 2.30, which contains a denial-of-service vulnerability that can crash the application when a specially prepared text file (with specific characters) is used while selecting a ZIP file. The initial document provides CVSS data (4.0/4.6 in CVSS 4.0 with ...

Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

MiracleLinux 4 : firefox-60.2.0-1.0.1.AXS4 (AXSA:2018-3323:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3323:06 advisory. Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12376 Mozilla: Use-after-free in driver timers CVE-2018-12377 Mozilla:...

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

EUVD-2023-60209

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...

EUVD-2014-6005

Malware in sbrugna...

EUVD-2021-1502

Malware in sbrugna...

EUVD-2015-9117

Malware in sbrugna...