Lucene search
+L

57 matches found

redhat
redhat
added 2026/07/07 8:17 p.m.4 views

pip: pip: Incorrect file installation due to improper archive handling

A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...

4.6CVSS6.5AI score0.00144EPSS
Exploits0References6
osv
osv
added 2026/06/02 1:37 p.m.5 views

SUSE-SU-2026:22018-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...

5.3CVSS6.8AI score0.0039EPSS
Exploits1References6
osv
osv
added 2026/05/22 1:16 p.m.13 views

OESA-2026-2360 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
redhat
redhat
added 2026/05/21 9:16 a.m.3 views

pip: pip: Incorrect file installation due to improper archive handling

A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...

4.6CVSS6.5AI score0.00144EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/07 4:9 a.m.5 views

CVE-2026-41640

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using...

7.5CVSS6AI score0.01875EPSS
Exploits1References5Affected Software1
redhatcve
redhatcve
added 2026/04/23 9:10 p.m.6 views

CVE-2026-3219

A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...

5CVSS5.7AI score0.00144EPSS
Exploits0References5
mscve
mscve
added 2026/04/23 8:3 a.m.12 views

pip doesn't reject concatenated ZIP and tar archives

...

4.6CVSS5.8AI score0.00144EPSS
Exploits0
susecve
susecve
added 2026/04/21 12:21 p.m.6 views

SUSE CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

3.3CVSS5.7AI score0.00144EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/04/21 12:0 a.m.6 views

CVE-2025-70420

...

5.4AI score0.00039EPSS
Exploits0
osv
osv
added 2026/04/20 4:16 p.m.9 views

UBUNTU-CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References4
osv
osv
added 2026/04/20 2:55 p.m.2 views

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS6.7AI score0.00144EPSS
Exploits0References7
cvelist
cvelist
added 2026/04/20 2:55 p.m.33 views

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS0.00144EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/20 2:55 p.m.5 views

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.7AI score0.00144EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/20 2:55 p.m.7 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.7AI score0.00144EPSS
Exploits0References3
debiancve
debiancve
added 2026/04/20 2:55 p.m.16 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.2AI score0.00144EPSS
Exploits0
cve
cve
added 2026/04/20 2:55 p.m.263 views

CVE-2026-3219

CVE-2026-3219 : The issue affects the Python package installer, pip, which treats concatenated tar and ZIP archives as ZIP files regardless of the filename or whether a file is both a tar and a ZIP. The root cause is ambiguous archive identification that can lead to confusing installation behavio...

4.6CVSS5.7AI score0.00144EPSS
Exploits0References3
osv
osv
added 2026/02/18 6:24 p.m.5 views

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

9.8CVSS5.9AI score0.00398EPSS
Exploits1References2
thn
thn
added 2026/01/16 5:59 p.m.8 views

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript aka JScript malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security...

6.8AI score
Exploits0
ptsecurity
ptsecurity
added 2025/11/26 12:0 a.m.7 views

PT-2025-48114

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description The software is susceptible to a SQL injection issue through the status sql.php endpoint. The endpoint...

7.2CVSS7.3AI score0.00274EPSS
Exploits1References4
cvelist
cvelist
added 2025/10/08 12:0 a.m.13 views

CVE-2025-61524

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly...

0.00613EPSS
Exploits0References3
Rows per page
Query Builder