620 matches found
EUVD-2026-42951
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...
CVE-2026-39244
The CVE-2026-39244 entry concerns adm-zip before 0.5.18 and describes a denial-of-service vulnerability triggered by a crafted ZIP file with a manipulated uncompressed size header. The root cause is that zipEntry.js allocates memory using Buffer.alloc(_centralHeader.size) based on the uncompresse...
Directory Traversal
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Directory Traversal via path traversal in the skill archive extraction logic in SkillPromptInjectionHandler and SkillsSandboxExecutor. An authenticated user with access to...
CVE-2026-23698
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23698
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
CVE-2026-57453
A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
EulerOS Virtualization 2.13.0 : sqlite (EulerOS-SA-2026-2418)
According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows...
EulerOS 2.0 SP13 : sqlite (EulerOS-SA-2026-2314)
According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain...
CVE-2026-10732
A flaw was found in the decompress package. A remote attacker can exploit this by providing a crafted ZIP archive with two entries at the same path: a symlink to an arbitrary target and a regular file. Due to microtask processing order, the file content is written through the symlink before it is...
EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2026-2228)
According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain...
CVE-2026-48959
A flaw was found in perl-IO-Compress. An attacker can exploit a vulnerability in the IO::Uncompress::Unzip module's fastForward function by providing a specially crafted zip file. When a named entry is extracted, a per-byte read loop occurs, leading to CPU exhaustion. This can result in a Denial ...
CVE-2026-42886
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...
CVE-2026-42607
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
CVE-2026-39276
The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...
Astra Linux – Vulnerability in unzip
A flaw was discovered in unzip. The vulnerability arises from improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to submit a specially crafted zip file, resulting in a crash or code execution...
CVE-2026-41937
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...
EUVD-2026-29209
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...