CVE-2025-50328

CVE-2025-50328 affects B1 Free Archiver v1.5.86. The vulnerability occurs when files extracted from downloaded archives do not propagate the Zone.Identifier (MotW) ADS to extracted files, allowing them to bypass Windows Defender SmartScreen and security prompts. This can enable untrusted code exe...

SUSE-SU-2026:1644-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

PT-2026-28677

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.0.3 Description The software improperly processes annotation directives embedded in automatically extracted binary data, leading to arbitrary command execution when a user interacts with the user interface. The...

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

node-tar 安全漏洞

node-tar is a software package for file compression/decompression developed by Isaacs. Versions of node-tar prior to 7.5.11 contained a security vulnerability. This vulnerability stemmed from the ability to create symbolic links that could trick the system into pointing to directories other than...

CVE-2018-25194

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...

CVE-2026-0754

The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

PT-2026-6205

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A file upload validation bypass allows attackers to upload files with restricted extensions by including...

Fedora 43 : golangci-lint (2025-cc4c533b49)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc4c533b49 advisory. Latest version - This build with the latest golang should also fix all the Go CVEs, although I did verify how/if this package is affected by these...

EUVD-2021-1814

Malware in sbrugna...

EUVD-2023-50497

Malicious code in bioql PyPI...

pip 安全漏洞

pip is a Python package installer open-sourced by the Python Packaging Authority. A security vulnerability exists in pip that stems from a failure to check whether symbolic links point to extracted directories, which could lead to a path traversal attack...

Linux Distros Unpatched Vulnerability : CVE-2022-42906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2025-1949)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source...

Fedora 42 : incus (2025-2edb6773ed)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2edb6773ed advisory. New release of Incus. Release information: https://github.com/lxc/incus/releases/tag/v6.15.0 Tenable has extracted the preceding description block...

SUSE CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

DEBIAN-CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

SUSE CVE-2025-33026

In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

CVE-2025-3445

CVE-2025-3445 (Zip Slip in mholt/archiver, Go) : A crafted ZIP can cause path traversal during archiver.Unarchive(zipFile, outputDir), permitting write/overwrite of files with the app’s privileges. This can lead to privilege escalation or code execution in affected setups. The advisory notes a TA...