Lucene search
K

700 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS0.00289EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:23 p.m.7 views

CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/26 3:40 p.m.26 views

CVE-2026-44018

CVE-2026-44018 affects Docling’s METS-GBS backend. From versions 2.45.0 through 2.91.0, XML parsing and input document format detection lacked security controls, enabling crafted METS-GBS archives to read sensitive files, exhaust resources, or crash the application. The issue is fixed in 2.91.0. ...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 3:40 p.m.36 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS0.00113EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-54093

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 5:39 p.m.27 views

CVE-2026-54093 File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:26 p.m.6 views

EUVD-2026-39447

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:26 p.m.4 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:26 p.m.10 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:4 p.m.4 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in php-pear

In ArchiveTar before version 1.4.14, symlinks can reference targets outside of the extracted archive. This is a separate vulnerability from CVE-2020-36193...

7.1CVSS7.1AI score0.73377EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 3:2 p.m.5 views

GHSA-3VGW-585J-4M45 BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools e.g. GNU tar which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extractio...

5.3CVSS5.3AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 9:45 p.m.20 views

CVE-2026-12565

The CVE-2026-12565 entry concerns the unarchive module’s archive extraction commands, which perform no path validation and rely on external tools (notably GNU tar) whose behavior varies by platform. On systems using GNU tar < 1.34 (e.g., Ubuntu 20.04, Debian Buster, CentOS 7, and many Docker b...

5.3CVSS5.3AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.31 views

PT-2026-50560

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The unarchive internal module's archive extraction commands lack code-level validation for extracted file paths. This causes the module to rely on the behavior o...

5.3CVSS5.2AI score0.00208EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36766

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

5.4AI score0.00373EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.6 views

CVE-2026-11816

A flaw was found in Keras. Attackers can exploit a path traversal vulnerability in the archive extraction utilities, specifically filtersafetarinfos and filtersafezipinfos. This occurs because the validation of archive member paths is performed against the process's current working directory CWD...

8.1CVSS7.6AI score0.00518EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/06/12 9:53 p.m.35 views

File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...

6.8CVSS5.7AI score0.00189EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-11816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functio...

8.1CVSS7.8AI score0.00518EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/11 3:20 p.m.13 views

Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the filtersafetarinfos and filtersafezipinfos functions in the archive extraction utilities. An attacker can write arbitrary files outside the...

8.6CVSS6.2AI score0.00518EPSS
Exploits1References2
Rows per page
Query Builder