151 matches found
CVE-2026-39276
The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...
CVE-2026-44088
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...
PT-2026-40944
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...
CVE-2026-42607 Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
EUVD-2026-28421
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
UBUNTU-CVE-2026-39817
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
CVE-2026-39817
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
CVE-2026-39817
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
CVE-2026-39817
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
PT-2026-38562
Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description The "go tool pack" subcommand does not sanitize output filenames. This allows the extraction of a malicious archive file to write files to arbitrary locations on the filesystem. Recommendations At...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack through the DirFS process. An attacker can gain unauthorized access to files outside the intended build root by crafting a malicious archive containing a symlink entry that points outside the build root, followed by...
Astra Linux - уязвимость в libarchive
An improper link resolution flaw during the extraction of an archive can cause changes to the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim tries to extract the archive. A local attacker may...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
📄 ddev ZipSlip Path Traversal
A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...
BIT-GOLANG-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
GO-2026-4869 Unbounded allocation for old GNU sparse in archive/tar
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
EUVD-2026-19317
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...