CVE-2026-10621 CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

PT-2026-41765

Summary When a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon host root privileges. Details When handling PUT /containers/id/archive requests with compressed archives, the daemon decompresses them using external system binaries. Due to...

PT-2026-41343

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

PT-2026-34040

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215 Description The module installation feature extracts ZIP archives without validating file paths. This allows an authenticated administrator to write files arbitrarily on the server filesystem by using a...

EUVD-2026-23866

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-24673 Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the...

CVE-2026-1186

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

OneCommander 安全漏洞

OneCommander is a file manager from the individual developer Milos Paripovic. A security vulnerability exists in OneCommander version 3.102.0.0, which originates from a directory traversal in the ZIP file handling component...

EUVD-2005-3030

Malware in sbrugna...

Siemens SINEC NMS 路径遍历漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...

Mattermost Denial of Service Vulnerability (CNVD-2023-9448609)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to limit the amount of data extracted from a compressed archive during an import in Mattermost Boards, which can b...

PT-2023-26801 · Archive · Archive

Name of the Vulnerable Software and Affected Versions: Archive version 3.3.7 Description: The issue allows attackers to execute a path traversal via extracting a crafted zip file. Recommendations: For Archive version 3.3.7, update to a version that fixes this issue to prevent path traversal attac...

GLSA-201701-69 : Ark: Unintended execution of scripts and executable files

The remote host is affected by the vulnerability described in GLSA-201701-69 Ark: Unintended execution of scripts and executable files A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script...

CVE-2016-3646

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ATP; Symantec Data Center Security:Server SDCS:S 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection SEP before 12.1 RU6 MP5; Symantec Endpoint Protection SEP for Mac; Symantec Endpoint Protection SEP for...

WinRAR Filename Spoofing

A vulnerability in WinRAR allows attackers to spoof filenames within a compressed archive. A remote attacker can exploit this vulnerability to entice victims to run arbitrary files...

CVE-2009-1744

InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service application crash via a crafted Hollywood FX Compressed Archive .hfz file...

Code injection

InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service application crash via a crafted Hollywood FX Compressed Archive .hfz file...

Directory traversal

Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ dot dot backslash sequence in a Hollywood FX Compressed...

Pinnacle Studio 12 (.hfz) Directory Traversal Vulnerability

No description provided by source. ?php / Pinnacle Studio 12 "Hollywood FX Compressed Archive" .hfz directory traversal vulnerability poc by Nine:Situations:Group::pyrokinesis Our site: http://retrogod.altervista.org/ Software site: http://www.pinnaclesys.com/ Some keys exported from the registry...