CVE-2026-42453

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

CVE-2026-42453 Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

CVE-2026-42453

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

EUVD-2026-28863

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

PT-2026-39219

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'extractArchive' and 'compressFiles' endpoints in file-manager.ts use double-quot...

CVE-2026-28452

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractArchive function in src/infra/archive.ts. An attacker can cause excessive resource consumption by submitting specially...

PT-2026-23530

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description The software contains a denial of service issue in the extractArchive function within src/infra/archive.ts. Attackers can provide maliciously crafted ZIP a...

EUVD-2021-27062

Malware in sbrugna...

PT-2024-38313 · WordPress · Acymailing

Name of the Vulnerable Software and Affected Versions: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress versions up to, and including, 9.7.2 Description: The issue is related to arbitrary file uploads due to missing file type validation in the acym...

CVE-2021-3806

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...

Path traversal

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...

CVE-2021-3806

CVE-2021-3806 describes a path traversal vulnerability in Pardus Software Center’s extractArchive function. An attacker on the same network could leverage this to perform a man-in-the-middle and write files on the system. Reported across multiple sources (NVD entry, CVE listings, and PT-Security ...

Pardus 软件中心 路径遍历漏洞

Pardus is a Turkish Linux distribution. A security vulnerability exists in the center of the Pardus software, which stems from a path traversal vulnerability due to a lack of effective filtering of parameters in the extractArchive feature of the software, which could allow anyone on the same...

OSV-2017-113 Use-of-uninitialized-value in CommandData::IsProcessFile

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4411 Crash type: Use-of-uninitialized-value Crash state: CommandData::IsProcessFile CmdExtract::ExtractCurrentFile CmdExtract::ExtractArchive...

OSV-2017-100 Use-of-uninitialized-value in Archive::ConvertAttributes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4272 Crash type: Use-of-uninitialized-value Crash state: Archive::ConvertAttributes CmdExtract::ExtractCurrentFile CmdExtract::ExtractArchive...

OSV-2017-95 Use-of-uninitialized-value in Archive::GetComment

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4410 Crash type: Use-of-uninitialized-value Crash state: Archive::GetComment Archive::ViewComment CmdExtract::ExtractArchive...

OSV-2017-65 Use-of-uninitialized-value in Archive::GetComment

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4275 Crash type: Use-of-uninitialized-value Crash state: Archive::GetComment Archive::ViewComment CmdExtract::ExtractArchive...

OSV-2017-3 Use-of-uninitialized-value in Archive::GetComment

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4610 Crash type: Use-of-uninitialized-value Crash state: Archive::GetComment Archive::ViewComment CmdExtract::ExtractArchive...