Lucene search
K

35 matches found

Debian CVE
Debian CVE
added 2026/06/11 1:31 p.m.5 views

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.8AI score0.00518EPSS
Exploits1
Veracode
Veracode
added 2026/05/16 5:25 a.m.5 views

Path Traversal

github.com/ctfer-io/monitoring is vulnerable to a Path Traversal. The vulnerability is due to a missing trailing path separator in the strings.HasPrefix check within the sanitizeArchivePath function, which allows an attacker to perform arbitrary file writes via a crafted archive, potentially...

9.8CVSS7.1AI score0.00655EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.9 views

CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

8.9CVSS5.8AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.8 views

CVE-2026-36948

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

7.3CVSS5.8AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS5.8AI score0.00655EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 2:39 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the sanitizeArchivePath function. An attacker can overwrite arbitrary files, such as shell configuration files, SSH keys, kubeconfig, or crontabs, by supplying crafted archive entries that exploit improper path...

9.8CVSS6.7AI score0.00655EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:29 a.m.4 views

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS5.8AI score0.00655EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 12:29 a.m.4 views

CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS5.8AI score0.00655EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 12:29 a.m.20 views

CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS0.00655EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 12:29 a.m.5 views

CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS6.3AI score0.00655EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

Monitoring 路径遍历漏洞

Monitoring is an open-source component developed by CTFer.io for collecting and processing monitoring data. Versions of Monitoring prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from the sanitizeArchivePath function’s inability to prevent path traversal, which...

9.8CVSS6.8AI score0.00655EPSS
Exploits1References3
NVD
NVD
added 2026/03/18 11:17 p.m.5 views

CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS0.00434EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 10:24 p.m.3 views

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS6.5AI score0.00434EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/18 10:24 p.m.19 views

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS0.00434EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 10:24 p.m.2 views

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS5.9AI score0.00434EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/16 8:47 p.m.7 views

Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Summary The sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory. Vulnerable Code...

8.3CVSS6AI score0.00434EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/16 8:46 p.m.12 views

Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

9.8CVSS5.9AI score0.00655EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.3 views

PT-2026-25863

Name of the Vulnerable Software and Affected Versions Romeo versions prior to 0.2.2 Description Romeo, a Go code coverage tool, contains a path traversal flaw in the sanitizeArchivePath function located in webserver/api/v1/decoder.go lines 80-88. This is due to a missing trailing path separator i...

8.3CVSS6.5AI score0.00434EPSS
Exploits1References11
Veracode
Veracode
added 2025/10/13 1:0 p.m.7 views

Arbitrary File Write

bbot is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient sanitization of archive entry paths, and an attacker can craft archive entries with absolute or directory-traversal paths that cause bbot to write arbitrary files to arbitrary locations and achieve remote code...

9.6CVSS8AI score0.00668EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/09/09 9:15 p.m.4 views

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...

6.1CVSS0.00221EPSS
Exploits0References1
Rows per page
Query Builder