5 matches found
CVE-2026-59193 Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...
PT-2026-51097
Name of the Vulnerable Software and Affected Versions py7zr versions prior to 0.22.1 Description The Worker.decompress function in py7zr/worker.py extracts archive entries without tracking the total decompressed size. This allows a specially crafted .7z file to cause disk or memory exhaustion...
PT-2026-23627
Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4 Description MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries...
📄 Cinnamon kotaemon 0.11.0 ZIP Bomb
Cinnamon kotaemon version 0.11.0 zip bomb proof of concept denial of service exploit. ============================================================================================================================================= | Title : Cinnamon kotaemon v 0.11.0 ZIP Bomb Vulnerability in...
DEBIAN-CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...