CVE-2026-48092

A flaw was found in 7-Zip, a file archiver. This vulnerability, affecting 32-bit builds, involves a heap memory disclosure caused by an integer overflow in the SquashFS ReadBlock function. An attacker can exploit this by providing a specially crafted archive, which, when processed, allows the...

Ligeo Archives Ligeo Basics - Server Side Request Forgery

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

EUVD-2026-34215

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-fs vulnerabilities (USN-8367-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8367-1 advisory. It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this iss...

PT-2026-46153

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

EUVD-2026-33932

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

CVE-2026-43623

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-40548

SOPlanning (versions ≤ 1.55) allows unrestricted file uploads through the backup function. An authenticated attacker can upload a crafted ZIP containing a legitimate user.csv and a malicious file; on extraction the malicious file is placed on the server. When combined with CVE-2026-40547 (Path Tr...

CVE-2026-40543 Missing Authorization in SOPlanning

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

SOPlanning code-related vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had code vulnerabilities. These vulnerabilities stemmed from an unvalidated validation of file extensions during upload. This allowed authenticated attackers to uploa...

OESA-2026-2476 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

OESA-2026-2475 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

Emlog Pro 安全漏洞

Emlog Pro is an open-source blog system developed by Emlog. Version 2.6.9 of Emlog Pro contains a security vulnerability, which stems from a path traversal vulnerability in the template upload function. This vulnerability allows authenticated administrators to execute arbitrary PHP code. By...

DEBIAN-CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...