Lucene search
+L

9 matches found

CVE
CVE
added 2026/06/23 4:4 p.m.73 views

CVE-2026-11940

CVE-2026-11940 concerns tarfile.extractall() in Python’s tarfile handling where a crafted archive can bypass the filter for data/tar and cause a symlink outside the destination directory to be created by abusing a hardlink referencing a deeper symlink. The extraction fallback validates the symlin...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.12 views

CVE-2026-28914

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.33 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS0.00132EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 12:42 a.m.18 views

CVE-2026-32044

OpenClaw is affected in versions prior to 2026.3.2 by an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks used for other formats. An attacker can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causin...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.5 views

Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass (cisco-sa-wsa-archive-bypass-Scx2e8zF)

According to its self-reported version, Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass is affected by a vulnerability. - A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an...

4CVSS6AI score0.0014EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/08/30 10:4 a.m.3 views

SUSE CVE-2024-45436

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

7.5CVSS7AI score0.02581EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.7 views

Apple macOS Monterey 安全漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey that originates from an archive that may be able to bypass Gatekeeper...

5.5CVSS6.5AI score0.00223EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/02/20 12:0 a.m.9 views

PT-2020-20581 · Avira · Antivirus For Endpoint +7

Name of the Vulnerable Software and Affected Versions: Avira AV Engine versions prior to 8.3.54.138 Antivirus for Endpoint versions prior to 8.3.54.138 Antivirus for Small Business versions prior to 8.3.54.138 Exchange Security Gateway versions prior to 8.3.54.138 Internet Security Suite for...

5.5CVSS7.1AI score0.02882EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2015/12/06 1:59 a.m.29 views

CVE-2015-6783

The FindStartOffsetOfFileInZipFile function in crazylinkerzip.cpp in crazylinker aka Crazy Linker in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP...

4.3CVSS7.2AI score0.01233EPSS
Exploits0References2
Rows per page
Query Builder