CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open-source PHP-based blog system developed by the Z-Blog community. Version 1.7.5 of Z-BlogPHP contains a security vulnerability. This vulnerability stems from a flaw in the App::UnPack function located in the file zbusers/plugin/AppCentre/appUpload.php of the ZBA File Handler...

PT-2026-31994

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI is a multi-agent teams system. The cmd unpack function in the recipe CLI extracts .praison tar archives using tar.extract without validating archive member paths. A malicious .praison...

CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

Security Bulletin: File permission modification, improper access control, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to file permission modification, improper access control, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, ...

OESA-2026-1280 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: wheel is a command line tool f...

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

EUVD-2018-2587

Malware in sbrugna...

CVE-2024-31190 Out-of-bounds Read in libfluid_msg library

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::MultipartReplyMeterConfig::unpack. This issue affects libfluid: 0.1.0...

libfluid 安全漏洞

libfluid is an Open Networking open source application. A security vulnerability exists in libfluid that stems from the fact that the fluidmsg::of10::StatsReplyTable::unpack routine contains an out-of-bounds read vulnerability...

UBUNTU-CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

PT-2017-18924 · Bigtree · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS versions 4.2.18 and earlier Description: The issue allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell. This is related to the extraction of a ZIP archive to filena...