CVE-2026-6340

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

CVE-2026-6340

Mattermost is affected by CVE-2026-6340 due to failure to validate 7zip archive structure before processing. Affected versions are Mattermost 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The flaw can be exploited by an authenticated user uploading a specially crafted 7zip...

EUVD-2026-30744

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

PT-2026-41645

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

PT-2026-37273

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. The system fails to inspect...

CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CVE-2025-41757 Arbitrary Write with ubr-restore

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CLSA-2026-1772577130 python: Fix of CVE-2025-8194

CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...

CLSA-2026-1772576551 python: Fix of CVE-2025-8194

CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...

CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

CVE-2025-65806

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...

e-point CMS 安全漏洞

e-point CMS is a content management system from e-point Poland. A security vulnerability exists in e-point CMS eagle.gsam-1169.1 version, which stems from the file upload feature not adequately validating archived content, which could lead to remote code execution...

OESA-2025-2574 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

python3 security update

3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194...

CLSA-2025-1759248934 python3: Fix of CVE-2025-8194

CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets...

CLSA-2025-1759246699 python3: Fix of CVE-2025-8194

CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets...

CLSA-2025-1758101956 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in 'tarfile' module leads to infinite loop and deadlock in parsing of maliciously crafted tar archives - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...

CLSA-2025-1758101854 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in TarFile module leading to infinite loop and deadlock - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...