Lucene search
K

5 matches found

NVD
NVD
added 6 hours ago5 views

CVE-2026-6101

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS
Exploits0References10
Cvelist
Cvelist
added 7 hours ago8 views

CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS
Exploits0References10
EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-42041

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/24 5:48 p.m.7 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS6.7AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:48 p.m.49 views

CVE-2026-44017

CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...

8.3CVSS6.7AI score0.00478EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder