PT-2026-51097

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 0.22.1 Description The Worker.decompress function in py7zr/worker.py extracts archive entries without tracking the total decompressed size. This allows a specially crafted .7z file to cause disk or memory exhaustion...

PT-2026-23627

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4 Description MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries...

📄 Cinnamon kotaemon 0.11.0 ZIP Bomb

Cinnamon kotaemon version 0.11.0 zip bomb proof of concept denial of service exploit. ============================================================================================================================================= | Title : Cinnamon kotaemon v 0.11.0 ZIP Bomb Vulnerability in...

DEBIAN-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...