Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/01/27 9:51 p.m.5 views

CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...

9.8CVSS6AI score0.00913EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/08/04 11:25 p.m.4 views

SUSE CVE-2025-4981

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

9.9CVSS8.1AI score0.00687EPSS
Exploits0References2
OSV
OSV
added 2025/07/25 1:16 p.m.4 views

OESA-2025-1884 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An issue ...

7.8CVSS7.4AI score0.0071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.8 views

PT-2025-17645

Name of the Vulnerable Software and Affected Versions BusyBox versions through 1.37.0 Description A TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Recommendations For versions through 1.37.0, consider updating to a version that fixes this issue ...

7.8CVSS6.6AI score0.02793EPSS
Exploits8References87
OSV
OSV
added 2016/08/02 4:59 p.m.1 views

DEBIAN-CVE-2016-6232

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ dot dot slash in a filename in an archive file, related to KNewsstuff downloads...

7.5CVSS7.1AI score0.04429EPSS
Exploits1References1
CNVD
CNVD
added 2016/04/26 12:0 a.m.3 views

PHP PHAR Extension Denial of Service Vulnerability (CNVD-2016-02701)

PHP is an open source general-purpose computer scripting language. A security vulnerability exists in the PHP PHAR extension that stems from the program's failure to properly handle filenames in archives, allowing remote attackers to exploit the vulnerability by submitting a special request to...

9.8CVSS8.4AI score0.05932EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/03/16 1:34 a.m.2 views

cpio: Heap-based buffer overflow by expanding a specially-crafted archive

Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...

6.8CVSS7.8AI score0.04747EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2010/03/16 12:16 a.m.2 views

cpio: Heap-based buffer overflow by expanding a specially-crafted archive

Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...

6.8CVSS7.8AI score0.04747EPSS
Exploits2References4
NVD
NVD
added 2010/03/15 1:28 p.m.18 views

CVE-2010-0624

Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...

6.8CVSS8.1AI score0.04747EPSS
Exploits2References32
Prion
Prion
added 2010/03/15 1:28 p.m.20 views

Heap overflow

Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...

6.8CVSS8.8AI score0.04747EPSS
Exploits2References32Affected Software2
securityvulns
securityvulns
added 2008/06/17 12:0 a.m.36 views

cbrPager shell characters vulnerability

Shell characters vulnerability in archive filenames...

6.8CVSS2.8AI score0.02645EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2008/06/06 10:0 p.m.27 views

CVE-2008-2575

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a 1 ZIP aka .cbz or 2 RAR aka .cbr archive filename...

7.4AI score0.02645EPSS
Exploits1References11
Cvelist
Cvelist
added 2006/06/30 11:0 p.m.16 views

CVE-2006-3326

Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. dot dot sequences in filenames within 1 TAR,2 GZ, and 3 JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely...

6.6AI score0.01391EPSS
Exploits1References5
OSV
OSV
added 2005/05/02 4:0 a.m.5 views

UBUNTU-CVE-2005-1080

Directory traversal vulnerability in the Java Archive Tool Jar utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. dot dot in filenames in a .jar file...

5CVSS5.9AI score0.06717EPSS
Exploits1References4
Rows per page
Query Builder