Lucene search
K

34 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in p7zip

7-ZIP ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected 7-ZIP installations. Interaction with this product is required to exploit this vulnerability, but the attack vectors may vary depending ...

7.8CVSS7.8AI score0.27017EPSS
Exploits11References2
AlpineLinux
AlpineLinux
added 2026/06/05 3:48 p.m.6 views

CVE-2026-48103

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...

7.1CVSS5.3AI score0.00225EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/05 3:19 p.m.5 views

CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

4.3CVSS5.5AI score0.00189EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

3.3CVSS5.3AI score0.00161EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-46964

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.34 through 26.00 Description A heap memory disclosure exists in 32-bit builds where a 32-bit integer overflow occurs in the SquashFS ReadBlock function. This allows an attacker-controlled node.Offset value to bypass fragment...

8.1CVSS6AI score0.00324EPSS
Exploits1References32
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.100 views

📄 7-Zip Directory Traversal / Code Execution

7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...

7.8CVSS7.6AI score0.27017EPSS
Exploits11
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.5 views

Astra Linux – Vulnerability in p7zip-rar

7-Zip is a file archiver with a high compression ratio. Writing zeros outside the heap buffer in the RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to version 25.0.0. Version 25.0.0 contains a fix for this issue...

7.5CVSS6.9AI score0.00635EPSS
Exploits1References3
Qualys Blog
Qualys Blog
added 2025/12/04 3:25 p.m.8 views

Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option

A critical remote code execution RCE vulnerability in 7-Zip CVE-2025-11001 is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an...

7.8CVSS8.5AI score0.27017EPSS
Exploits11
GithubExploit
GithubExploit
added 2025/11/24 1:55 p.m.158 views

Exploit for CVE-2025-11001

🔥 CVE-2025-11001: Critical 7-Zip RCE Vulnerability 🔥 !7...

7CVSS7.7AI score0.27017EPSS
Exploits11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24018

Malicious code in bioql PyPI...

3.6CVSS6.1AI score0.0069EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-53816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service i...

7.5CVSS7.2AI score0.00635EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/08/11 11:22 p.m.3 views

SUSE CVE-2025-55188

7-Zip before 25.01 does not always properly handle symbolic links during extraction...

3.6CVSS7AI score0.0069EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2025/08/11 8:47 a.m.276 views

Exploit for Link Following in 7-Zip

CVE-2025-55188-7z-exploit --- 7-Zip Symlink Arbitrary File...

3.6CVSS8AI score0.0069EPSS
Exploits2
Cvelist
Cvelist
added 2025/08/08 12:0 a.m.10 views

CVE-2025-55188

7-Zip before 25.01 does not always properly handle symbolic links during extraction...

3.6CVSS0.0069EPSS
Exploits2References9
Kaspersky
Kaspersky
added 2025/08/08 12:0 a.m.7 views

KLA86580 SB vulnerability in 7-Zip

Insufficient validation vulnerability was found in 7-Zip. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-55188 Related products 7-Zip CVE list CVE-2025-55188 warning Solution Update to the latest version Download 7-Zip Impacts SB...

3.6CVSS7.5AI score0.0069EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2025/08/08 12:0 a.m.5 views

CVE-2025-55188

7-Zip before 25.01 does not always properly handle symbolic links during extraction...

3.6CVSS6.4AI score0.0069EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/08/03 12:0 a.m.17 views

PT-2025-32410

Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 25.01 Description An issue exists in 7-Zip where symbolic links are not always properly handled during the extraction of archives. This flaw allows a remote attacker to use a specially crafted archive to perform arbitra...

3.6CVSS7.4AI score0.0069EPSS
Exploits2References61
BDU FSTEC
BDU FSTEC
added 2025/07/22 12:0 a.m.7 views

The vulnerability of the NArchive::NCom::CHandler::GetStream method in the 7-Zip archive processor’s Compound component allows a attacker to cause a service failure.

The vulnerability of the NArchive::NCom::CHandler::GetStream method in the 7-Zip compressor’s Compound archive handler is related to pointer swapping errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.2CVSS7.1AI score0.00614EPSS
Exploits1References3Affected Software2
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.6 views

7-Zip 安全漏洞

7-Zip is a compression software from the 7-Zip open source. A security vulnerability exists in versions prior to 7-Zip 25.0.0 that originates from writing a zero value out of the heap buffer in the RAR5 handler, which could result in memory corruption and a denial of service...

7.5CVSS7AI score0.00635EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0411

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...

7CVSS7.5AI score0.67071EPSS
Exploits8References1
Rows per page
Query Builder