CVE-2026-44885

Portainer Portainer Community Edition is affected by a directory traversal in the backup archive extraction path. The vulnerable code path is ExtractTarGz in api/archive/targz.go, which builds output paths via filepath.Clean(filepath.Join(outputDirPath, header.Name)). A tar entry like ../../etc/c...

CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465

CVE-2026-35465 affects SecureDrop Client

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

PT-2026-33546

Name of the Vulnerable Software and Affected Versions SecureDrop Client versions prior to 0.17.5 Description Improper filename validation during gzip archive extraction allows a compromised SecureDrop Server to achieve code execution on the Client virtual machine sd-app. This occurs because the...

securedrop-client 安全漏洞

Securedrop-client is an open-source application developed by the Freedom of the Press Foundation. Versions of Securedrop-client prior to 0.17.4 contain security vulnerabilities. These vulnerabilities stem from improper filename validation during the gzip archive extraction process. Allowing...

CVE-2026-32731

CVE-2026-32731 affects ApostropheCMS via the @apostrophecms/import-export gzip extractor. The extract(filepath, exportPath) uses fs.createWriteStream(path.join(exportPath, header.name)) without sanitising path traversal, allowing Zip Slip if a crafted .tar.gz is uploaded by a user with Global Con...

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

EUVD-2026-12978

ApostropheCMS has Arbitrary File Write Zip Slip / Path Traversal in Import-Export Gzip Extraction...

GHSA-MWXC-M426-3F78 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

PT-2026-26159

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

CVE-2026-3067 HummerRisk Archive Extraction CommandUtils.java extractZip path traversal

A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal...

CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

Ivanti Pulse Connect Secure Code Execution Vulnerability

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction...

Pulse Secure VPN gzip RCE

The Pulse Connect Secure appliance before 9.1R9 suffers from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root. Admin credentials are required for successful exploitation. Of note, MANY binaries are not ...