CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-42971

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file...

CVE-2025-42970

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system,...

CVE-2025-42971 Memory Corruption vulnerability in SAPCAR

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file...

CVE-2025-42971

The CVE-2025-42971 entry describes a memory corruption in SAPCAR where an attacker can craft malicious SAPCAR archives. When a high-privilege user extracts such an archive, SAPCAR processes it and may perform out-of-bounds memory reads/writes, potentially allowing file extraction and overwriting ...

CVE-2025-42971 Memory Corruption vulnerability in SAPCAR

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file...

CVE-2025-42970 Directory Traversal vulnerability in SAPCAR

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system,...

PT-2025-28289 · Sap · Sapcar

Name of the Vulnerable Software and Affected Versions: SAPCAR affected versions not specified Description: The issue arises from SAPCAR's improper sanitization of file paths during the extraction of SAPCAR archives. This allows an attacker to create a malicious archive with directory traversal...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071PoC CVE-2025-24071: NTLM Hash Leak via RAR/ZIP...

CVE-2025-48067 OctoPrint vulnerable to possible file extraction via upload endpoints

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...

CVE-2025-48067 OctoPrint vulnerable to possible file extraction via upload endpoints

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...

CVE-2025-48067

OctoPrint (web interface for controlling consumer 3D printers) contains a vulnerability in versions up to and including 1.11.1 where an attacker with FILE_UPLOAD permission can exfiltrate host files that OctoPrint can read by moving them into the upload folder, from which they can be downloaded. ...

ALPINE-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extrac...

CVE-2024-54005

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The PDMS/E3D...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\toolbar::addPlugin method. This method handles uploaded ZIP files that are extracted into the...

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...