34 matches found
CVE-2026-52752
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
CVE-2026-52752
CVE-2026-52752 affects Ghidra prior to 12.0.2. The path traversal flaw is in the extension installer and arises from insufficient validation of ZIP entry names during extraction, allowing crafted extensions with ../ sequences to write files outside the intended directory and potentially achieve c...
EUVD-2026-36011
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
PT-2026-48412
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
CVE-2026-5331
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
EUVD-2026-18216
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-5331
CVE-2026-5331 affects OpenCart 4.1.0.3, specifically the Extension Installer Page component and its file installer.php. The vulnerability is a path traversal issue introduced by a manipulated input, with the attack potentially executable remotely. Public disclosure of the exploit is noted, and th...
CVE-2026-5331 OpenCart Extension Installer installer.php path traversal
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-5331 OpenCart Extension Installer installer.php path traversal
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
OpenCart 路径遍历漏洞
OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 4.1.0.3 of OpenCart has a path traversal vulnerability; this vulnerability stems from the installer.php file in th...
PT-2026-29734
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-27976
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...
CVE-2026-27976
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...
CVE-2026-27976 Zed Extension Sandbox Escape via Tar Symlink Following
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...
CVE-2026-27976
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...
EUVD-2026-8778
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...
PT-2026-22050
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.224.4 Description The extension installer in Zed allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor uses async tar::Archive::unpack which creates symlinks from the archive without validation. The pat...
EUVD-2020-2276
Malware in sbrugna...