Lucene search
+L

2876 matches found

EUVD
EUVD
added 2026/06/26 4:44 p.m.11 views

EUVD-2026-39812

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References3
NVD
NVD
added 2026/06/26 4:16 p.m.11 views

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

7.1CVSS0.00113EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 3:40 p.m.9 views

EUVD-2026-39790

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 9:13 a.m.3 views

OPENSUSE-SU-2026:21070-1 Security update for tar

This update for tar fixes the following issues - CVE-2026-5704: crafted archives can be used to to hide file injection bsc1261900. - Fix --dereference/-h not working properly after CVE-2025-45582 fix bsc1265450...

5.5CVSS6.2AI score0.00433EPSS
Exploits2References5
OSV
OSV
added 2026/06/26 8:50 a.m.3 views

SUSE-SU-2026:22377-1 Security update for tar

This update for tar fixes the following issues - CVE-2026-5704: crafted archives can be used to to hide file injection bsc1261900. - Fix --dereference/-h not working properly after CVE-2025-45582 fix bsc1265450...

5.5CVSS5.8AI score0.00433EPSS
Exploits2References6
OSV
OSV
added 2026/06/26 7:41 a.m.2 views

OPENSUSE-SU-2026:21063-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve

This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 7:40 a.m.3 views

SUSE-SU-2026:22370-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve

This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References9
Microsoft Secure
Microsoft Secure
added 2026/06/25 10:30 p.m.17 views

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting organizations in the hospitality and hotel industry since April 2026. We’ve observed this...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/25 8:57 p.m.6 views

USN-8477-1 tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/06/25 8:57 p.m.13 views

USN-8477-1: tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.5 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/24 12:30 a.m.13 views

EUVD-2026-38630

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 4:17 p.m.14 views

CVE-2026-54314

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...

7.5CVSS0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 4:4 p.m.84 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00613EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 1:2 p.m.3 views

OPENSUSE-SU-2026:21153-1 Security update for xar

This update for xar fixes the following issues: Changes in xar: - Switch to the maintained Apple xar lineage build 503, versioned 1.8.0.0.503: the mackyle 1.6.1 fork this package tracked has been dead since 2012, and Debian, Fedora and Gentoo all moved to Apple's xar apple-oss-distributions/xar...

9.8CVSS7.1AI score0.01935EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51603

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The tarfile module fails to properly handle the End of File EOF when a file is opened in streaming mode mode="r|". This can lead to a situation where an archive is parsed in an infinite loop...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

RHEL 9 : vim (RHSA-2026:28133)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28133 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

8.2CVSS7.3AI score0.00552EPSS
Exploits0References10
NVD
NVD
added 2026/06/19 6:16 p.m.21 views

CVE-2026-49290

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

9.4CVSS0.00568EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:31 p.m.26 views

CVE-2026-49290 Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

9.4CVSS0.00568EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References7
Rows per page
Query Builder