29 matches found
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
SUSE CVE-2026-35177
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...
Directory Traversal
Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Directory Traversal through the handling of skill file archives containing unsanitized filenames with path traversal sequences. An...
CVE-2026-22661 prompts.chat Path Traversal via Skill File Handling
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...
openSUSE 16 Security Update : python-uv (openSUSE-SU-2026:20330-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20330-1 advisory. This update for python-uv fixes the following issue: - CVE-2025-13327: parsing differentials when processing specially crafted ZIP archives during packa...
EUVD-2025-208130
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
CVE-2025-13327
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
PT-2026-22310
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
PT-2026-23530
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description The software contains a denial of service issue in the extractArchive function within src/infra/archive.ts. Attackers can provide maliciously crafted ZIP a...
CVE-2025-61728
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option
A critical remote code execution RCE vulnerability in 7-Zip CVE-2025-11001 is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an...
📄 WinRAR 6.22 Malicious ZIP Creation
This Metasploit module exploits a logical flaw in WinRAR versions before 6.23. The vulnerability allows attackers to create specially crafted ZIP archives that, when opened, execute arbitrary code by exploiting the file extraction logic when a user double-clicks on a file within the archive that...
Vim has path traversal issue with zip.vim and special crafted zip archives
...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...
SUSE CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
DEBIAN-CVE-2025-29768
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via a crafted Zip file, which allows arbitrary code execution by passing a malicious file. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outsid...
PT-2021-3617 · Apache +3 · Apache Ant +3
Name of the Vulnerable Software and Affected Versions: Apache Ant versions prior to 1.9.16 Apache Ant versions prior to 1.10.11 Description: The issue is related to an uncontrolled resource consumption in Apache Ant. It can be exploited by a remote attacker to cause a denial of service. When Apac...
USN-4672-1 unzip vulnerabilities
Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service...