Lucene search
K

32 matches found

NVD
NVD
added 2026/06/25 4:16 p.m.6 views

CVE-2026-57453

Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...

7.3CVSS0.00137EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:26 p.m.19 views

CVE-2026-57453

CVE-2026-57453 affects Vim (9.1.1784–9.2.0678) where the bundled zip.vim plugin falls back to PowerShell to handle zip archives. The PowerShell command is built by inserting archive entry names quoted for the shell but not for PowerShell, allowing a crafted entry name to escape the intended strin...

7.3CVSS6.2AI score0.00137EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:26 p.m.39 views

CVE-2026-57453 Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction

Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...

6.5CVSS0.00137EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52478

Name of the Vulnerable Software and Affected Versions Vim versions 9.1.1784 through 9.2.0677 Description When the bundled zip plugin autoload/zip.vim uses PowerShell to browse, read, extract, update, or delete entries in a zip archive, it constructs the PowerShell command by quoting archive entry...

7.8CVSS6.1AI score0.00137EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49066

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description An issue exists where the software fails to properly normalize file paths when creating zip or tar archives on Linux hosts. Specifically, the getFiles function uses filepath.ToSlash, which does...

6.8CVSS6AI score0.00189EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:39 p.m.9 views

EUVD-2026-36011

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the extended installer’s failure to...

8.4CVSS5.5AI score0.00215EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/29 4:38 p.m.30 views

Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename

Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...

5.8AI score0.00032EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/03/28 5:3 a.m.7 views

Path Traversal

pf4j is vulnerable to Path Traversal. The vulnerability is due to improper handling of zip entry names, where a lack of proper path normalization and validation can allow directory traversal or Zip Slip attacks...

7.5CVSS5.9AI score0.00856EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.3 views

CVE-2025-70952

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

5.8AI score0.00856EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 9:30 p.m.4 views

EUVD-2025-209006

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

5.8AI score0.00856EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/25 9:30 p.m.8 views

pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

7.5CVSS5.9AI score0.00856EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/25 8:4 p.m.2 views

GHSA-7PQ3-326H-F8Q9 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

3.3CVSS6.2AI score0.00434EPSS
Exploits1References5
NVD
NVD
added 2026/03/25 7:16 p.m.4 views

CVE-2025-70952

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

7.5CVSS0.00856EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-5243

Malware in sbrugna...

9.3CVSS6.4AI score0.00398EPSS
Exploits0References6
OSV
OSV
added 2025/08/11 1:52 p.m.2 views

BIT-LIBPYTHON-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

8.7CVSS7AI score0.01275EPSS
Exploits0References23
Veracode
Veracode
added 2025/04/18 6:28 p.m.24 views

Improper Input Validation

org.apache.poi:poi-ooxml is vulnerable to Improper Input validation. The vulnerability is due to improper input validation due to the lack of checks for duplicate ZIP entry names in OOXML files, which can lead to inconsistent parsing behavior across different products...

5.3CVSS6.6AI score0.01237EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/09 11:59 a.m.15 views

CVE-2025-31672 Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...

6.5AI score0.01237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15634 · Apache +1 · Apache Poi +1

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: The issue concerns the parsing of OOXML based files, such as xlsx and docx, by the poi-ooxml component. It can read unexpected data if the underlying zip file has duplicate zip entry...

5.3CVSS5.1AI score0.01237EPSS
Exploits0References22
Microsoft CVE
Microsoft CVE
added 2024/09/26 7:0 a.m.4 views

Infinite loop when iterating over zip archive entry names from zipfile.Path

...

8.7CVSS6.8AI score0.01275EPSS
Exploits0
Rows per page
Query Builder