2879 matches found
CVE-2026-32885
DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...
CVE-2026-49202
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
CVE-2026-39306
PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...
CVE-2026-48092
A flaw was found in 7-Zip, a file archiver. This vulnerability, affecting 32-bit builds, involves a heap memory disclosure caused by an integer overflow in the SquashFS ReadBlock function. An attacker can exploit this by providing a specially crafted archive, which, when processed, allows the...
SUSE-SU-2026:22085-1 Security update for dpkg
This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...
SUSE-SU-2026:22046-1 Security update for dpkg
This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...
OPENSUSE-SU-2026:20909-1 Security update for dpkg
This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...
PT-2026-47044
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description Two path traversal issues in the Network Installation Service NIS allow an unauthenticated network attacker to read package archive files and write arbitrary files to any...
Altium Enterprise Server 安全漏洞
Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. There is a security vulnerability in the Altium Enterprise Server Network Installation Service. This vulnerability stems from path traversal, allowing unauthenticated network...
7-Zip >= 9.18 < 26.01 SquashFS Integer Overflow (GHSL-2026-115_GHSL-2026-122)
The version of 7-Zip installed on the remote Windows host is = 9.18 and prior to 26.01. It is, therefore, potentially affected by a vulnerability: - An integer overflow in the SquashFS fragment offset handling can lead to a crash when processing a crafted SquashFS archive. This vulnerability only...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the getfilteredattrs function tarfile.datafilter component that computes a symlink's directory before stripping trailing slashes. An attacker can write files outside the intended extraction directory by crafting...
CVE-2026-49202
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
EUVD-2026-34215
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
CVE-2026-49202
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-fs vulnerabilities (USN-8367-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8367-1 advisory. It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this iss...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...
PT-2026-46153
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
EUVD-2026-33932
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
Updated tar packages fix security vulnerability
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...