Lucene search
K

1384 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-15326

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : perl-IO-Compress, --advisory ALAS2-2026-3355 (ALAS-2026-3355)

The version of perl-IO-Compress installed on the remote host is prior to 2.061-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3355 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward...

7.8CVSS6.3AI score0.00373EPSS
Exploits3References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in unzip

A flaw was discovered in Unzip. The vulnerability occurs during the conversion of a wide string to a local string, resulting in an out-of-bound write operation on the heap. This flaw allows an attacker to submit a specially crafted zip file, causing a crash or code execution...

5.5CVSS6.5AI score0.02421EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in unzip

A flaw was discovered in unzip. The vulnerability arises from improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to submit a specially crafted zip file, resulting in a crash or code execution...

3.3CVSS6.2AI score0.0057EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/19 4:31 a.m.12 views

EUVD-2026-37984

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...

6.4CVSS6AI score0.00208EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 a.m.16 views

CVE-2025-15649

A flaw was found in perl-IO-Compress. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted zip file. The IO::Uncompress::Unzip module, which is part of perl-IO-Compress, does not properly handle malformed date information within a zip file'...

6.5CVSS5AI score0.00127EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

9.1CVSS5.6AI score0.00418EPSS
Exploits3References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:26 p.m.15 views

DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

5.5AI score0.00058EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/02 8:1 a.m.14 views

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

...

7.5CVSS5.4AI score0.00373EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/06/01 12:30 p.m.11 views

Advisory ROSA-SA-2026-3309

CVE-ID: CVE-2014-9636 BDU-ID: None CVE-Crit: MEDIAN CVE-DESC.: The vulnerability in unzip 6.0 allows a remote attacker to cause a service failure reading or writing beyond the buffer and crashing the process through a specially created ZIP archive with an incorrect Extra-field size. CVE-STATUS: T...

6.8CVSS6.2AI score0.11562EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2026/05/31 8:4 a.m.11 views

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

...

5.5CVSS5.4AI score0.00127EPSS
Exploits0
OSV
OSV
added 2026/05/29 5:12 a.m.16 views

MGASA-2026-0158 Updated perl-IO-Compress package fixes security vulnerabilities

The updated package fixes security vulnerabilities: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. CVE-2025-15649 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in...

7.8CVSS6AI score0.00373EPSS
Exploits3References6
Mageia
Mageia
added 2026/05/29 5:12 a.m.15 views

Updated perl-IO-Compress package fixes security vulnerabilities

The updated package fixes security vulnerabilities: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. CVE-2025-15649 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in...

7.8CVSS6.2AI score0.00373EPSS
Exploits3References5
SUSE CVE
SUSE CVE
added 2026/05/27 11:3 a.m.11 views

SUSE CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 4:16 a.m.19 views

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

7.5CVSS0.00373EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 4:16 a.m.10 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS0.00127EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 4:16 a.m.7 views

UBUNTU-CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/27 4:16 a.m.15 views

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/27 4:16 a.m.15 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 4:16 a.m.10 views

UBUNTU-CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References6
Rows per page
Query Builder