GHSA-JF2Q-463C-6F52 androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)

Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...

CVE-2026-7219

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-7219

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-7219 Totolink N300RT formIpQoS buffer overflow

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-7219

In Totolink N300RT (firmware 3.4.0-B20250430), a flaw exists in the function handling /boafrm/formIpQoS. Crafting the argument entry_name can trigger a buffer overflow, potentially exploitable remotely. CVSS vectors indicate HIGH impact to confidentiality, integrity, and availability with network...

CVE-2026-7219 Totolink N300RT formIpQoS buffer overflow

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

TOTOLINK N300RT 缓冲区错误漏洞

The TOTOLINK N300RT is a wireless router from TOTOLINK Corporation that complies with the 802.11n standard. The version 3.4.0-B20250430 of the Totolink N300RT has a buffer error vulnerability. This vulnerability stems from a buffer overflow in the entryname parameter of the /boafrm/formIpQoS file...

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

PT-2026-7924

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

SUSE CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

CVE-2025-34259

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

EUVD-2025-201436

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 CVE-2025-5915: Fixed heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c bsc1244273 CVE-2025-5916:...

CVE-2013-0742

Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long ZIP directory entry name in an XPS file...

Exploit for CVE-2024-35106

NEXTU FLETA Wifi6 Router DOS, Potential RCE POC This document...

CVE-2023-50244

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

UBUNTU-CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

RICOH MP 2001 Cross-Site Scripting Vulnerability

The RICOH MP 2001 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area of the RICOH MP 2001, which arises from the program failing to properly validate user-submitted input. An attacker can exploit the vulnerability by sending the...