Lucene search
K

6 matches found

NVD
NVD
added 2026/04/17 10:16 p.m.7 views

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS0.00401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:12 p.m.5 views

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/17 9:12 p.m.28 views

CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

Gramps Web API 安全漏洞

Gramps Web API is a backend API for genealogy data querying and management, open-sourced by the Gramps Project. Versions of Gramps Web API from 1.6.0 to 3.11.0 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the media archive import function, which could...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.9 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32053

Name of the Vulnerable Software and Affected Versions gramps-webapi affected versions not specified Description A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References13
Rows per page
Query Builder