Lucene search
K

64 matches found

Snyk
Snyk
added 6 days ago8 views

Directory Traversal

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Directory Traversal via path traversal in the skill archive extraction logic in SkillPromptInjectionHandler and SkillsSandboxExecutor. An authenticated user with access to...

6.8CVSS6.5AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added last week30 views

CVE-2026-55078 Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS0.00602EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/07/06 9:6 p.m.9 views

Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Summary POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Note: Exploitation requires authenticated file-upload access and the impact i...

6.5CVSS6AI score0.00602EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 9:6 p.m.7 views

GHSA-2MG2-P7R7-G27F Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Summary POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Note: Exploitation requires authenticated file-upload access and the impact i...

6.5CVSS6AI score0.00602EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/18 7:8 a.m.9 views

CVE-2026-6340 Memory Exhaustion via Malicious 7zip File Upload

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:6 p.m.6 views

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6AI score0.00319EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/05/11 8:22 a.m.12 views

Remote Code Execution (RCE)

facturascripts/facturascripts is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file paths within uploaded ZIP archives, which allows an attacker to overwrite arbitrary files and execute malicious code through a Zip Slip attack...

7.2CVSS6.1AI score0.00522EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 3:18 a.m.9 views

CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.5AI score0.00528EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.10 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

9.8CVSS5.8AI score0.003EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 9:21 p.m.9 views

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection in the directInstall process. An attacker can execute arbitrary code on the server by uploading a specially crafted Z...

9.1CVSS6.3AI score0.03934EPSS
Exploits4References2
CVE
CVE
added 2026/05/05 12:0 a.m.13 views

CVE-2026-38429

OpenCMS 20 and earlier are affected by a XXE flaw in the Admin Import DB feature due to insecure XML parsing of user-supplied .zip files containing a manifest.xml. The CVE describes a high-severity impact across confidentiality, integrity, and availability (CVSS v3.1: CRITICAL, 9.8). The root cau...

9.8CVSS5.8AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30265

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/31 10:22 p.m.6 views

baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29145

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require once without validating or restricting the filename. An attack...

8.7CVSS6.3AI score0.00577EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.11 views

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from the application’s restoration function, which allowed users to upload zip files and have them...

8.7CVSS6.2AI score0.00577EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/13 12:23 a.m.2 views

SUSE CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS6AI score0.00485EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25363

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS6.2AI score0.00347EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:58 p.m.5 views

CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS6AI score0.00485EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/11 10:58 p.m.33 views

CVE-2026-31988 yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS0.00485EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 9:31 p.m.6 views

EUVD-2019-19746

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, an...

9.8CVSS6AI score0.00903EPSS
Exploits1References4
Rows per page
Query Builder