EUVD-2026-39447

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

CVE-2026-42497

A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...

CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-43888

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

GHSA-P3H2-2J4P-P83G MCPHub has Path Traversal via Malicious MCPB Manifest Name

MCPB File Upload Handler extracts a ZIP file and reads manifest.json from it. The name field in the manifest is directly concatenated into a file path line 107 without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where manifest.name is set t...

CVE-2026-41245

A flaw was found in Junrar, an open-source Java RAR archive library. A path traversal vulnerability in the LocalFolderExtractor allows a remote attacker to write arbitrary files with attacker-controlled content into sibling directories. This occurs when a specially crafted RAR archive is extracte...

SUSE CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

EUVD-2026-10480

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

GHSA-JJWR-XMW6-GF78 Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2026-23907 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

PT-2026-24199

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example within Apache PDFBox contains a path traversal issue. The filename obtained from...

Arbitrary File Write via Validation/Extraction Path Mismatch in nltk.downloader._unzip_iter()

This report is not public...

PT-2026-22407

Name of the Vulnerable Software and Affected Versions kaniko versions 1.25.4 through 1.25.9 Description kaniko is a tool used to build container images from a Dockerfile within a container or Kubernetes cluster. Versions from 1.25.4 up to, but not including, 1.25.10 improperly handle the extracti...

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

BusyBox 安全漏洞

BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability, which stems from an incomplete cleanup of the archive extraction tool’s path. This could lead to arbitrary file overwriting when extracti...

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

CVE-2025-65806

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...