Lucene search
K

25 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-57453

Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...

7.3CVSS0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-57453 Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction

Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...

6.5CVSS0.00137EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52478

Name of the Vulnerable Software and Affected Versions Vim versions 9.1.1784 through 9.2.0677 Description When the bundled zip plugin autoload/zip.vim uses PowerShell to browse, read, extract, update, or delete entries in a zip archive, it constructs the PowerShell command by quoting archive entry...

7.3CVSS6.1AI score0.00137EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49066

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description An issue exists where the software fails to properly normalize file paths when creating zip or tar archives on Linux hosts. Specifically, the getFiles function uses filepath.ToSlash, which does...

6.8CVSS6AI score0.00189EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:39 p.m.8 views

EUVD-2026-36011

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 12:39 p.m.7 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 11:50 p.m.10 views

Directory Traversal

Overview SharpCompress is a compression library for NET Standard 2.0/2.1/NET 5.0 that can unrar, decompress 7zip, decompress xz, zip/unzip, tar/untar lzip/unlzip, bzip2/unbzip2 and gzip/ungzip with forward-only reading and file random access APIs. Affected versions of this package are vulnerable ...

6.5CVSS6.3AI score0.00313EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/21 4:13 p.m.1 views

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS6.5AI score0.00688EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/10/21 3:42 p.m.7 views

astral-tokio-tar Vulnerable to PAX Header Desynchronization

Summary Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser...

8.1CVSS7.8AI score0.00688EPSS
Exploits1References8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/02 4:4 p.m.4 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Input Validation (CVE-2025-31672)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper input validation security vulnerability Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files...

5.3CVSS6AI score0.01237EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/08/11 1:52 p.m.2 views

BIT-LIBPYTHON-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

8.7CVSS7AI score0.01275EPSS
Exploits0References23
Snyk
Snyk
added 2025/04/09 1:9 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the endpoints listed below. An attacker can manipulate user data or configuration settings, and perform unauthorized actions by convincing users to follow malicious links that execute unintended...

5.1CVSS7.1AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/09/26 7:0 a.m.4 views

Infinite loop when iterating over zip archive entry names from zipfile.Path

...

8.7CVSS6.8AI score0.01275EPSS
Exploits0
NVD
NVD
added 2024/04/02 9:15 p.m.24 views

CVE-2024-30370

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific actio...

4.3CVSS4.6AI score0.01154EPSS
Exploits0References2
OSV
OSV
added 2024/04/02 9:15 p.m.5 views

CVE-2024-30370

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific actio...

4.3CVSS5.4AI score0.01154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/01 12:0 a.m.7 views

PT-2024-2565 · Winrar · Winrar

Name of the Vulnerable Software and Affected Versions: WinRAR affected versions not specified Description: This issue allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of WinRAR. User interaction is required to exploit this issue, where the targe...

7.6CVSS7.2AI score0.01154EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-8921

The aestrtofflags function in archiveentry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mtree file...

7.5CVSS6.7AI score0.11992EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.24 views

archive-tar-minitar and minitar vulnerable to Path Traversal

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...

7.5CVSS7.3AI score0.04742EPSS
Exploits1References10Affected Software2
NVD
NVD
added 2017/02/01 3:59 p.m.8 views

CVE-2016-10173

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...

7.5CVSS7.5AI score0.04742EPSS
Exploits1References8
CVE
CVE
added 2017/02/01 3:0 p.m.112 views

CVE-2016-10173

CVE-2016-10173 is a directory traversal vulnerability in Ruby gems minitar (before 0.6) and archive-tar-minitar (before 0.5.2). The flaw allows a remote attacker to write arbitrary files by crafting a TAR archive entry containing a path with "..". Public references across NVD, CNVD, GitHub adviso...

7.5CVSS7.3AI score0.04742EPSS
Exploits1References8Affected Software2
Rows per page
Query Builder