25 matches found
CVE-2026-57453
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...
CVE-2026-57453 Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...
PT-2026-52478
Name of the Vulnerable Software and Affected Versions Vim versions 9.1.1784 through 9.2.0677 Description When the bundled zip plugin autoload/zip.vim uses PowerShell to browse, read, extract, update, or delete entries in a zip archive, it constructs the PowerShell command by quoting archive entry...
PT-2026-49066
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description An issue exists where the software fails to properly normalize file paths when creating zip or tar archives on Linux hosts. Specifically, the getFiles function uses filepath.ToSlash, which does...
EUVD-2026-36011
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
Directory Traversal
Overview SharpCompress is a compression library for NET Standard 2.0/2.1/NET 5.0 that can unrar, decompress 7zip, decompress xz, zip/unzip, tar/untar lzip/unlzip, bzip2/unbzip2 and gzip/ungzip with forward-only reading and file random access APIs. Affected versions of this package are vulnerable ...
CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
astral-tokio-tar Vulnerable to PAX Header Desynchronization
Summary Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Input Validation (CVE-2025-31672)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper input validation security vulnerability Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files...
BIT-LIBPYTHON-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the endpoints listed below. An attacker can manipulate user data or configuration settings, and perform unauthorized actions by convincing users to follow malicious links that execute unintended...
Infinite loop when iterating over zip archive entry names from zipfile.Path
...
CVE-2024-30370
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific actio...
CVE-2024-30370
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific actio...
PT-2024-2565 · Winrar · Winrar
Name of the Vulnerable Software and Affected Versions: WinRAR affected versions not specified Description: This issue allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of WinRAR. User interaction is required to exploit this issue, where the targe...
SUSE CVE-2015-8921
The aestrtofflags function in archiveentry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mtree file...
archive-tar-minitar and minitar vulnerable to Path Traversal
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...
CVE-2016-10173
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...
CVE-2016-10173
CVE-2016-10173 is a directory traversal vulnerability in Ruby gems minitar (before 0.6) and archive-tar-minitar (before 0.5.2). The flaw allows a remote attacker to write arbitrary files by crafting a TAR archive entry containing a path with "..". Public references across NVD, CNVD, GitHub adviso...