Lucene search
+L

2873 matches found

nuclei
nuclei
added 10 hours ago59 views

Ligeo Archives Ligeo Basics - Server Side Request Forgery

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...

7.5CVSS7AI score0.07408EPSS
Exploits1References5
cve
cve
added yesterday13 views

CVE-2026-43637

Cornac before 2.6.0 is affected by a path traversal (Tar Slip) in the _extract_archive() function (cornac/utils/download.py). The vulnerability allows an attacker to write arbitrary files outside the intended cache directory by supplying crafted TAR archives with ../ sequences, absolute paths, or...

9.1CVSS6.2AI score
Exploits0References4
cvelist
cvelist
added yesterday26 views

CVE-2026-43637 Cornac < 2.6.0 Path Traversal via _extract_archive() in download.py

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS
Exploits0References4
nessus
nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an...

4.8CVSS6.1AI score0.00119EPSS
Exploits0References2
euvd
euvd
added 6 days ago6 views

EUVD-2026-42955

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS6.1AI score0.00112EPSS
Exploits0References3
redhatcve
redhatcve
added last week6 views

CVE-2026-59875

A flaw was found in node-tar, a library for manipulating tar archives in Node.js. A remote attacker could craft a malicious archive containing null characters NUL bytes in its metadata. When this archive is processed, the unstripped null characters can cause the application to terminate...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References6
osv
osv
added 2026/07/08 9:16 p.m.2 views

DEBIAN-CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References1
cve
cve
added 2026/07/08 7:32 p.m.5 views

CVE-2026-59820

LiteLLM is a proxy AI gateway. A path traversal flaw existed in LiteLLM Skills archive extraction prior to version 1.83.7-stable, where uploaded skill ZIPs could write outside the intended extraction directory when an authenticated user accessed LLM API routes or held a key with /v1/skills, anthr...

6.5CVSS5.9AI score0.00313EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/07/08 4:16 p.m.2 views

DEBIAN-CVE-2026-59875

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS6AI score0.00291EPSS
Exploits0References1
osv
osv
added 2026/07/08 4:16 p.m.5 views

CVE-2026-14966

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS6.1AI score
Exploits0References1
euvd
euvd
added 2026/07/08 3:3 p.m.6 views

EUVD-2026-42295

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score0.00291EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 3:3 p.m.33 views

CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS0.00291EPSS
Exploits0References1
fedora
fedora
added 2026/07/08 1:11 a.m.17 views

[SECURITY] Fedora 43 Update: python-fastar-0.11.0-7.fc43

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...

6AI score
Exploits0
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56543

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.7-stable Description LiteLLM, a proxy server used to call LLM APIs, contains a flaw in its Skills archive extraction process. An authenticated user with access to the LLM API routes or a key permitted to use...

6.5CVSS6AI score0.00313EPSS
Exploits0References11
redhat
redhat
added 2026/07/07 8:17 p.m.4 views

pip: pip: Incorrect file installation due to improper archive handling

A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...

4.6CVSS6.5AI score0.00144EPSS
Exploits0References6
github
github
added 2026/07/06 8:27 p.m.11 views

Decompress: Archive extraction can create files and links outside of the target directory

Impact When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the...

9.8CVSS6AI score0.02147EPSS
Exploits1References5Affected Software2
snyk
snyk
added 2026/07/06 8:27 p.m.13 views

Directory Traversal

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal and link following during archive extraction, where symlink and hardlink entries are created without checking their targets and the directory...

9.1CVSS6.5AI score0.00588EPSS
Exploits0References4
redhat
redhat
added 2026/07/05 8:1 p.m.2 views

python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode

A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...

8.2CVSS6AI score0.00433EPSS
Exploits0References7
osv
osv
added 2026/07/04 12:58 a.m.2 views

CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.4AI score0.00158EPSS
Exploits1References3
osv
osv
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-20243

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...

7.5CVSS7AI score0.00389EPSS
Exploits0References4
Rows per page
Query Builder