12 matches found
CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...
CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
EUVD-2025-29418
Malicious code in bioql PyPI...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary...
ALPINE-CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
Improper File Path Handling
unzip-stream is vulnerable to Improper File Path Handling. The vulnerability is due to the Extract method allowing malicious zip files to write to unauthorized paths...
PT-2024-40128 · Unknown · Unzip-Stream
Name of the Vulnerable Software and Affected Versions: unzip-stream versions prior to 0.3.2 Description: The issue allows malicious zip files to write to unauthorized paths when using the Extract method of unzip-stream. A researcher from Google, Justin Taft, discovered this issue. Recommendations...
DEBIAN-CVE-2018-16430
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTORzipextractmethod in zipextractor.c...
FreeBSD : php -- corruption of $GLOBALS and $this variables via extract() method (f3148a05-0fa7-11e0-becc-0022156e8794)
Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeB...
PHP Zip Extract method denial of service vulnerability-vulnerability warning-the black bar safety net
Affected system: PHP PHP 5.3.3 PHP PHP 5.3.2 PHP PHP 5.3.1 PHP PHP 5.3 PHP PHP 5.2 - 5.3.2 Not affected system: PHP PHP 5.3.4 PHP PHP 5.2.15 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 4 5 3 3 5 PHP is a widely-used General-purpose...
PHP 5.3 < 5.3.4 Multiple Vulnerabilities
Binary data 801074.prm...
PHP 5.3.x < 5.3.4 Multiple Vulnerabilities
Binary data 5732.prm...