9525 matches found
CVE-2026-14966
BBOT’s unarchive module is affected by a symlink guard bypass when handling certain archives. Specifically, zip and 7z archives with a DOS-attribute prefix in their listing (as produced by legacy p7zip) can bypass the extraction guard, allowing an attacker-controlled symlink to be written into th...
CVE-2026-55633
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...
EUVD-2026-42055
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-6101
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
CVE-2026-24014
Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...
PT-2026-56053
Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...
RLSA-2026:30857 Important: perl-Archive-Tar security update
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...
EUVD-2026-41656
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-20706
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...
CVE-2026-20706
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...
CVE-2026-20706 Gitea repository archive downloads bypass token scope checks
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...
CVE-2026-20706
Summary: CVE-2026-20706 affects Gitea up to version 1.26.1, where the web archive download endpoint allowed bypassing token scope checks, enabling access to repository archives beyond a token’s scope. Affected software: Gitea (versions ≤ 1.26.1). Root cause (as described in the sources): The /arc...
CVE-2026-12480
A flaw was found in Keras. An attacker can craft a malicious model archive or weights file containing a Virtual Dataset VDS that references external files on a victim's system. When a user loads this malicious model, the external file is transparently read. This vulnerability leads to information...
7-Zip <= 26.02 Mark-of-the-Web Bypass (CVE-2026-58052)
The version of 7-Zip installed on the remote Windows host is 26.02 or earlier. It is, therefore, affected by a vulnerability: - 7-Zip for Windows fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier...
Docker Engine < 29.5.1 Arbitrary Code Execution
The version of the Docker Engine Moby installed on the remote host is prior to 29.5.1. It is, therefore, affected by an arbitrary code execution vulnerability: - When a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves...
OPENSUSE-SU-2026:21205-1 Security update for docker-stable
This update for docker-stable fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260279. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...
UBUNTU-CVE-2026-20215
Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them while reading a malformed archive...
UBUNTU-CVE-2026-20216
Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...