Lucene search
K

58 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 9:53 p.m.7 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References5
NVD
NVD
added 2026/05/29 4:16 p.m.18 views

CVE-2026-39276

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

7.2CVSS0.00782EPSS
Exploits1References2
NVD
NVD
added 2026/05/11 4:17 p.m.25 views

CVE-2026-42607

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...

9.1CVSS0.03934EPSS
Exploits4References2
NVD
NVD
added 2026/04/21 6:16 p.m.11 views

CVE-2026-41193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

9.1CVSS0.00392EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32985

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass...

9.8CVSS6.2AI score0.01479EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2026/03/05 12:20 p.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:35 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.16 views

CVE-2020-7055

An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive...

9.9CVSS7.3AI score0.03072EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2010-3691

Malware in sbrugna...

4.3CVSS6.9AI score0.13333EPSS
Exploits6References32
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-3492

Malware in sbrugna...

5.1CVSS6.4AI score0.03858EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1373

Malware in sbrugna...

8.8CVSS6.4AI score0.02034EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-9573

Malware in sbrugna...

4.3CVSS7AI score0.04542EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-0314

Malicious code in bioql PyPI...

7.3CVSS8.3AI score0.01411EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-34092

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 p.m.8 views

CVE-2020-9363

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protecti...

7.8CVSS6.8AI score0.00948EPSS
Exploits0References1
OSV
OSV
added 2025/03/13 5:15 p.m.7 views

AZL-58616 CVE-2025-29768 affecting package vim for versions less than 9.1.1198-1

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

4.4CVSS7.2AI score0.00342EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.5 views

The vulnerability of the Archive Extraction Handler component in the Luigi library for the Python programming language allows a hacker to execute arbitrary code.

The vulnerability of the Archive Extraction Handler component in the Luigi library for the Python programming language is related to an incorrect limitation on the path name of the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using ...

8.6CVSS6AI score0.01096EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/22 7:15 p.m.2 views

DEBIAN-CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

8.7CVSS6.7AI score0.01275EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 3:15 a.m.23 views

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References1
Prion
Prion
added 2023/11/01 3:15 a.m.15 views

Design/Logic Flaw

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

4CVSS6.4AI score0.00486EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder