CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•16 views

CVE-2026-10621

CVE-2026-10621 : Path traversal (Zip Slip) in Collibra Agent during ZIP extraction allows a remote attacker to write arbitrary files outside the extraction directory via a crafted ZIP archive, notably through POST /rest/restore. Exploitation can lead to remote code execution when a malicious JSP ...

7.5CVSS5.9AI score0.00037EPSS

ATTACKERKB•added 2 days ago•5 views

CVE-2026-10621

5.9AI score0.00037EPSS

Exploits0References3Affected Software2

OSV•added 6 days ago•4 views

GHSA-HWC4-GMRW-5222 Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename

Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...

8.8CVSS5.8AI score

Exploits0References3

NVD•added 6 days ago•8 views

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

9.9CVSS0.00209EPSS

ATTACKERKB•added 6 days ago•3 views

CVE-2026-9559

9.9CVSS6AI score0.00209EPSS

CNNVD•added 6 days ago•3 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from path traversal in the activity import function. This...

9.9CVSS6.3AI score0.00209EPSS

Debian CVE•added 2026/05/28 5:59 a.m.•4 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00023EPSS

Exploits0

Vulnrichment•added 2026/05/27 2:29 a.m.•6 views

CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

5.7AI score0.0005EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43486

5.7AI score0.0005EPSS

Exploits0References5

EUVD•added 2026/05/12 9:6 p.m.•6 views

EUVD-2026-29842

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6AI score0.00271EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40443

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The unZip function in efw.file.FileManager writes zip entries to disk using new FilebaseDir, zipEntry.getName without performing a canonical-path check. This allows an attacker to use entry names...

9.3CVSS6.1AI score0.00271EPSS

Exploits0References4

NVD•added 2026/05/11 10:22 p.m.•8 views

CVE-2026-43888

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

8.7CVSS0.00053EPSS

EUVD•added 2026/05/11 9:9 p.m.•8 views

EUVD-2026-29332

Vulnrichment•added 2026/05/11 9:9 p.m.•7 views

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

CVE•added 2026/05/11 9:9 p.m.•6 views

CVE-2026-43888

CVE-2026-43888 affects the Outline service prior to version 1.7.0. During ZIP extraction, ZipHelper.extract uses trimFileAndExt to compute the entry path; when a nested path plus the basename exceeds MAX_PATH_LENGTH (4096 bytes), directory components are silently dropped, yielding only a bare fil...

Cvelist•added 2026/05/11 9:9 p.m.•25 views

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

8.7CVSS0.00053EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•8 views

PT-2026-39856

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.0 Description An issue exists in the ZipHelper.extract function where the extraction path for each entry is computed by passing a full filesystem path through trimFileAndExt. This helper function uses path.basenam...

CVE•added 2026/05/09 3:19 a.m.•4 views

Exploits0References3

CVE-2026-8209

Gibbon before v30.0.01 is affected by a path traversal vulnerability that can cause denial of service via attempting to extract web application PHP files; failed .zip extraction may delete the file and cause downtime. Exploitation requires Teacher or higher privileges and could lead to loss of we...

6.9CVSS5.8AI score0.00075EPSS

Cvelist•added 2026/05/09 3:19 a.m.•26 views

CVE-2026-8209

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges...

6.9CVSS0.00075EPSS