CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

EUVD-2025-198989

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

CVE-2025-63914

Cinnamon kotaemon 0.11.0 is affected by CVE-2025-63914 due to the _may_extract_zip function in lib/ktem/ktem/index/file/ui.py not validating uploaded ZIP contents. This can allow a ZIP bomb to exhaust resources during decompression; even though files are extracted to a temporary folder cleared af...

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which stems from a failure of the mayextractzip function to check the contents of a ZIP file, which could lead to resource exhaustion...

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from cross-site scripting and could lead to the execution of arbitrary code...

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from storing plaintext passwords in client-side localStorage...

EUVD-2018-5004

Malware in sbrugna...

Cinnamon kotaemon 路径遍历漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A path traversal vulnerability exists in Cinnamon kotaemon version 0.10.6 and earlier, which stems from unvalidated URLs and local file paths, and could lead to directory traversal and data disclosure...

OPENSUSE-SU-2024:10684-1 cinnamon-5.0.5-1.2 on GA media

These are all security issues fixed in the cinnamon-5.0.5-1.2 package on the GA media of openSUSE Tumbleweed...

Exploit for Argument Injection in Linuxmint Xreader

CVE-2023-44452, CVE-2023-51698: Linux Mint Xreader/MATE Atril...

Ubuntu 16.04 ESM / 18.04 ESM : Cinnamon vulnerability (USN-4844-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4844-1 advisory. Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could...

SUSE CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

Ubuntu: Security Advisory (USN-4844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0218)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0063)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4844-1 cinnamon vulnerability

Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root...

USN-4844-1: Cinnamon vulnerability

Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root...