371 matches found
PT-2026-39779
Name of the Vulnerable Software and Affected Versions macOS Tahoe versions prior to 26.5 Description A logic issue involving file handling allows a maliciously crafted ZIP archive to bypass Gatekeeper checks. Gatekeeper is a security feature that ensures only trusted software runs on the system...
PT-2026-39177
Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
Astra Linux - уязвимость в golang-1.19, golang-1.23
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...
Astra Linux - уязвимость в libarchive
“executefilteraudio” in “archivereadsupportformatrar.c” in “libarchive” before version 3.7.5 allows out-of-bounds access via a crafted archive file, as “src” can move beyond “dst”...
Astra Linux - уязвимость в p7zip
Ppmd7.c in 7-ZIP before 23.00 allows for integer underflow and invalid read operations due to a crafted 7Z archive...
Linux Distros Unpatched Vulnerability : CVE-2026-6941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured...
CVE-2026-6941
A flaw was found in radare2. A local attacker can exploit this path traversal vulnerability by importing a specially crafted .zrp archive. This malicious archive contains a symlinked notes.txt file that bypasses directory confinement checks, allowing the attacker to read or write arbitrary files...
CVE-2026-3219
A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to concatenating tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. An attacker can cause unintended files to be installed by supplying a specially crafted archi...
CVE-2026-41245 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...
CVE-2026-41245
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...
GHSA-HF5P-Q87M-CRJ7 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
Summary A path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Example Given an extraction directory set to /tmp/extract, a crafted archive with an entry...
PT-2026-32423
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
SUSE CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
Directory Traversal
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-32288
A flaw was found in Go's archive/tar package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the tar.Reader processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memor...
CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...