Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 3:2 p.m.9 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/08 11:24 p.m.5 views

SUSE CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 10:21 p.m.4 views

Directory Traversal

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Directory Traversal through the handling of skill file archives containing unsanitized filenames with path traversal sequences. An...

8.6CVSS6.4AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 8:26 p.m.18 views

CVE-2026-22661 prompts.chat Path Traversal via Skill File Handling

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...

8.6CVSS0.00363EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/08 12:0 a.m.5 views

openSUSE 16 Security Update : python-uv (openSUSE-SU-2026:20330-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20330-1 advisory. This update for python-uv fixes the following issue: - CVE-2025-13327: parsing differentials when processing specially crafted ZIP archives during packa...

6.3CVSS6.3AI score0.0015EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:30 a.m.10 views

EUVD-2025-208130

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References6
OSV
OSV
added 2026/02/27 8:17 a.m.3 views

CVE-2025-13327

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22310

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.4 views

PT-2026-23530

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description The software contains a denial of service issue in the extractArchive function within src/infra/archive.ts. Attackers can provide maliciously crafted ZIP a...

6.7CVSS5.8AI score0.00319EPSS
Exploits0References9
OSV
OSV
added 2026/01/28 8:16 p.m.3 views

CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS8.1AI score
Exploits0References5
Qualys Blog
Qualys Blog
added 2025/12/04 3:25 p.m.8 views

Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option

A critical remote code execution RCE vulnerability in 7-Zip CVE-2025-11001 is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an...

7.8CVSS8.5AI score0.27017EPSS
Exploits11
Packet Storm
Packet Storm
added 2025/11/28 12:0 a.m.190 views

📄 WinRAR 6.22 Malicious ZIP Creation

This Metasploit module exploits a logical flaw in WinRAR versions before 6.23. The vulnerability allows attackers to create specially crafted ZIP archives that, when opened, execute arbitrary code by exploiting the file extraction logic when a user double-clicks on a file within the archive that...

7.8CVSS7.6AI score0.97798EPSS
Exploits49
Microsoft CVE
Microsoft CVE
added 2025/08/06 7:0 a.m.2 views

Vim has path traversal issue with zip.vim and special crafted zip archives

...

4.1CVSS7AI score0.00731EPSS
Exploits1
Snyk
Snyk
added 2025/08/01 11:42 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

9.8CVSS8.2AI score0.0108EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/29 11:37 p.m.3 views

SUSE CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS9.2AI score0.01411EPSS
Exploits0References3
OSV
OSV
added 2025/03/13 5:15 p.m.3 views

DEBIAN-CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

4.4CVSS4.5AI score0.00342EPSS
Exploits0References1
Snyk
Snyk
added 2022/05/29 8:11 a.m.0 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via a crafted Zip file, which allows arbitrary code execution by passing a malicious file. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outsid...

7.8CVSS6.3AI score0.0082EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/07/14 12:0 a.m.3 views

PT-2021-3617 · Apache +3 · Apache Ant +3

Name of the Vulnerable Software and Affected Versions: Apache Ant versions prior to 1.9.16 Apache Ant versions prior to 1.10.11 Description: The issue is related to an uncontrolled resource consumption in Apache Ant. It can be exploited by a remote attacker to cause a denial of service. When Apac...

7.8CVSS6.1AI score0.0262EPSS
Exploits0References50
OSV
OSV
added 2020/12/16 5:27 p.m.5 views

USN-4672-1 unzip vulnerabilities

Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service...

7.8CVSS6.3AI score0.30469EPSS
Exploits3References6
Rows per page
Query Builder