Lucene search
K

15 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS8.1AI score0.01505EPSS
In wildExploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:10 p.m.1 views

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS5.7AI score0.00408EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/26 5:10 p.m.1 views

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS6.2AI score0.00408EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 5:10 p.m.16 views

CVE-2026-33481

Technical details about CVE-2026-33481 are not publicly provided in the connected documents. Monitor for updates; no affected products, versions, vectors, or remediation details are specified in the supplied materials.

5.3CVSS5.7AI score0.00408EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/28 2:50 a.m.5 views

EUVD-2026-9078

malcontent: Nested archive extraction failure can drop content from scan inputs...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/02/27 9:28 p.m.2 views

CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS7.2AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 9:12 p.m.6 views

EUVD-2026-4947

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.7 views

CVE-2021-33602

A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive LZW decompression method, and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service o...

5.5CVSS6.8AI score0.00563EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-6863

Malware in sbrugna...

4.3CVSS9.2AI score0.06613EPSS
Exploits0References10
CVE
CVE
added 2025/09/17 10:41 a.m.44 views

CVE-2025-10156

CVE-2025-10156 concerns the ZIP archive scanning component of mmaitre314 picklescan. The issue is an improper handling of exceptional conditions: crafting a ZIP with a file having a bad CRC can cause the scanner to halt analysis of contents, leading to a file marked as safe being loaded and the e...

9.8CVSS6.6AI score0.01428EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/09/07 1:15 p.m.26 views

CVE-2021-33599

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service infinite loop and freezes AV engine scanner. The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the...

5.5CVSS0.00411EPSS
Exploits0References2
Prion
Prion
added 2017/07/02 1:29 p.m.11 views

Stack overflow

When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used...

2.1CVSS6.6AI score0.00346EPSS
Exploits1References1
Prion
Prion
added 2009/08/06 12:30 a.m.17 views

Design/Logic Flaw

Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, wh...

4.3CVSS7.2AI score0.06613EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2009/08/06 12:0 a.m.52 views

CVE-2008-6903

CVE-2008-6903 affects Sophos Anti-Virus products (Windows, NT/9x, OS X, Linux, UNIX, and associated Sophos EM Library/small business solutions). When CAB archive scanning is enabled, processing a crafted CAB file can trigger a denial of service in the scanner via a fuzzed archive, resulting in a ...

4.3CVSS8.9AI score0.06613EPSS
Exploits0References9Affected Software2
NVD
NVD
added 2006/11/01 3:7 p.m.27 views

CVE-2006-5645

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service infinite loop via a malformed RAR archive with an Archive Header section with...

5CVSS6.5AI score0.17384EPSS
Exploits0References8
Rows per page
Query Builder