Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CVE
CVEadded 2026/04/27 8:46 p.m.55 views

CVE-2026-3087

CVE-2026-3087 describes a vulnerability in Python’s shutil.unpack_archive() where extracting a ZIP that contains an absolute Windows path (for example starting with C:) can cause files to be written outside the target directory. The issue is Windows-specific; other operating systems are not affec...

7.5CVSS5.2AI score0.0015EPSS
Exploits1References11Affected Software1
CNNVD
CNNVDadded 2026/03/16 12:0 a.m.2 views

AnythingLLM 代码注入漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

6.4CVSS6.2AI score0.00084EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-28706

Malicious code in bioql PyPI...

7.8CVSS7.9AI score0.05692EPSS
Exploits8References2
Positive Technologies
Positive Technologiesadded 2024/09/05 12:0 a.m.2 views

PT-2024-31605 · Stripe · Stripe Cli

Name of the Vulnerable Software and Affected Versions: stripe-cli versions 1.11.1 through 1.21.2 Description: A path traversal vulnerability exists in stripe-cli where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flag...

7.5CVSS7.3AI score0.00116EPSS
Exploits0References14
Positive Technologies
Positive Technologiesadded 2023/11/21 12:0 a.m.4 views

PT-2023-30766 · Unknown · Torchserve

Name of the Vulnerable Software and Affected Versions: TorchServe versions 0.1.0 through 0.9.0 Description: The issue allows uploading potentially harmful archives that contain files extracted to any location on the filesystem within the process permissions, using the model/workflow management AP...

5.3CVSS5.2AI score0.00433EPSS
Exploits0References10
CNNVD
CNNVDadded 2023/11/15 12:0 a.m.2 views

MLeap Path Traversal Vulnerability

MLeap is a common serialization format and execution engine for machine learning pipelines. MLeap suffers from a security vulnerability that stems from not verifying that file paths in an archive are located outside of the expected directory, and arbitrary file creation can lead directly to code...

9.8CVSS7.6AI score0.00439EPSS
Exploits1References3
RedHat Linux
RedHat Linuxadded 2015/07/09 5:1 p.m.3 views

php: use after free in phar_object.c

A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

7.5CVSS6.6AI score0.11211EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2015/06/23 8:11 a.m.1 views

php: use after free in phar_object.c

A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

7.5CVSS6.6AI score0.11211EPSS
Exploits1References4
OSV
OSVadded 2015/03/15 12:0 a.m.0 views

UBUNTU-CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive...

6.4CVSS7.1AI score0.02978EPSS
Exploits1References7
Rows per page
Query Builder