dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

CVE-2026-11816

CVE-2026-11816 affects Keras

CVE-2026-41011

The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

Astra Linux – Vulnerability in libarchive

An improper link resolution flaw can occur during the extraction of an archive, resulting in changes to the mode, times, access control lists, and flags of a file within the archive. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim attempts to...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerability (USN-8214-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8214-1 advisory. It was discovered that NLTK incorrectly handled file extraction when opening a maliciously...

CVE-2026-6518

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

USN-8168-1: Rust vulnerability

It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...

CVE-2026-33753

A flaw was found in rfc3161-client, a Python library implementing the Time-Stamp Protocol TSP. This authorization bypass vulnerability allows a remote attacker to impersonate a trusted TimeStamping Authority TSA. The flaw exists in the library's signature verification process, specifically in how...

PT-2026-31346

Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...

USN-8139-1 rust-cargo-c vulnerability

It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-006297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006297 advisory. A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and...

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

appium 路径遍历漏洞

Appium is an open-source cross-platform application automation testing framework developed by Appium. Versions of Appium prior to 7.0.6 contained a path traversal vulnerability. This vulnerability stemmed from ineffective path traversal checks in the ZIP extraction implementation, which could all...

CVE-2026-28453

OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundarie...

CVE-2026-28452

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

bit7z 安全漏洞

bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.11 contained security vulnerabilities; these vulnerabilities stemmed from insufficient validation of file paths during archive extraction, which could lead to arbitrary fi...

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

CVE-2026-26158

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...