PT-2026-42856

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

OESA-2026-1703 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

Exploit for Improper Access Control in Adobe Coldfusion

PoC exploit for CVE-2023-26360, a Remote Code Execution vulnerab...

EUVD-2019-18436

Malware in sbrugna...

EUVD-2005-2903

Malware in sbrugna...

EUVD-2014-9805

Malware in sbrugna...

EUVD-2004-2320

Malware in sbrugna...

EUVD-2016-7219

Malware in sbrugna...

EUVD-2006-0344

Malware in sbrugna...

EUVD-2021-20791

Malware in sbrugna...

EUVD-2021-14642

Malware in sbrugna...

EUVD-2021-1834

Malware in sbrugna...

EUVD-2015-3353

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-8842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service divide-by-zero error and...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Path Traversal Exploit PoC !PoC Demo...

CVE-2014-125119

CVE-2014-125119 describes a filename spoofing vulnerability in WinRAR when opening specially crafted ZIP archives. The root cause is an inconsistency between the Central Directory and Local File Header entries, which causes WinRAR to display the Central Directory filename while extracting and exe...

CVE-2023-38831

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

📄 unzip-stream 0.3.1 Arbitrary File Write

unzip-stream version 0.3.1 suffers from an arbitrary file write vulnerability. Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubunt...

Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...