PT-2026-39177

Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...

EUVD-2026-18821

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...

[SECURITY] Fedora 44 Update: python-fastar-0.9.0-2.fc44

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...

SUSE CVE-2025-13327

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

EUVD-2025-203223

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated...

AZL-69002 CVE-2025-58183 affecting package cri-o 1.30.1-1

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

EUVD-2023-2981

Malicious code in bioql PyPI...

GO-2023-1754 Rekor's compressed archives can result in OOM conditions in github.com/sigstore/rekor

Rekor's compressed archives can result in OOM conditions in github.com/sigstore/rekor...

CVE-2023-48268

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip zip bomb...

CVE-2023-48268

CVE-2023-48268: Mattermost Boards import can be exploited via a specially crafted zip to exhaust resources during archive extraction, causing Denial of Service. The accessible connected sources indicate the issue stems from failing to limit data extracted from compressed archives during board imp...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to limit the amount of data extracted from a compressed archive during an import in Mattermost Boards, which can b...

Medium: rust

Issue Overview: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To reco rd when an extraction is successful, Cargo writes "ok" to the...

Gamaredon APT targets Ukrainian government agencies in new campaign

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion...

Search Secrets in Various File Types: DumpsterDiver

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys based on counting the entropy. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file...

DumpsterDiver - Tool To Search Secrets In Various Filetypes

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...

Detecting Advanced Persistent Threat with Network Traffic Analysis

A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even afte...

Multiple Security Products LHA File Handling Buffer Overflow (CVE-2005-0643)

Several anti-virus products ,both for Enterprise and Desktop consumer use, are capable of detecting malicious content not only within regular files but also within compressed archives such as LHA archives. There exists a vulnerability in the way several anti-virus libraries parse LHA compressed...

Integer overflow

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, whic...

Default configuration

Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote...

CVE-2005-3194

Multiple buffer overflows in ALZip 6.12 Korean, 6.1 International, and 5.52 English allow remote attackers to execute arbitrary code via a long filename in a compressed 1 ALZ, 2 ARJ, 3 ZIP, 4 UUE, or 5 XXE archive...