Lucene search
K

19 matches found

Snyk
Snyk
added 2026/03/13 6:56 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of dynamic group paths when placeholders such as %username% are used. An attacker can gain unauthorized access to parent directories by creating a specially crafted username containing relative path...

6.9CVSS6.3AI score0.00309EPSS
Exploits0References2
NVD
NVD
added 2026/01/28 8:16 p.m.10 views

CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS0.00643EPSS
Exploits1References5
OSV
OSV
added 2026/01/28 8:16 p.m.4 views

UBUNTU-CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS7.3AI score0.00643EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/28 7:30 p.m.5 views

CVE-2025-61728 Excessive CPU consumption when building archive index in archive/zip

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

5.9AI score0.00643EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:51 p.m.7 views

CVE-2026-24770

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...

9.8CVSS6AI score0.00913EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-48931

Malicious code in bioql PyPI...

8.7CVSS7.2AI score0.01275EPSS
Exploits0References15
Snyk
Snyk
added 2025/08/01 11:42 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

9.8CVSS8.2AI score0.01071EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 11:42 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

9.8CVSS8.2AI score0.01071EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/09 3:29 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

8.8CVSS7.7AI score0.00647EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:9 a.m.10 views

CVE-2024-27853

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

4.4CVSS6AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:49 p.m.6 views

CVE-2022-22616

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

5.5CVSS6.1AI score0.07749EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/05/12 7:26 a.m.41 views

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Threat actors have been observed leveraging fake artificial intelligence AI-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms ...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/03 5:57 p.m.5 views

python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming th...

8.7CVSS7.1AI score0.01275EPSS
Exploits0References10
Packet Storm
Packet Storm
added 2024/04/23 12:0 a.m.310 views

GitLens Git Local Configuration Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLens Git Local Configuration Exec', 'Description' = %q GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands...

7.8CVSS7.8AI score0.01322EPSS
Exploits4
Veracode
Veracode
added 2021/11/06 1:20 p.m.30 views

Improper Error Handling

go has improper error handling. An attacker is able to cause an open panic via a maliciously crafted ZIP archive containing an invalid name or an empty filename field...

7.5CVSS2.6AI score0.03051EPSS
Exploits0References11Affected Software8
Veracode
Veracode
added 2021/03/02 5:3 a.m.21 views

Arbitrary File Rewrite

spring-integration-zip is vulnerable to an arbitrary file rewrite aka a zip slip vulnerability. An incomplete fix of CVE-2018-1263 allows an attacker to send a malicious zip archive bzip2, tar, xz, war, cpio, 7z with path traversal filenames, leading to writing of files outside of the target...

5.3CVSS4.5AI score0.01446EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2019/01/15 9:24 a.m.24 views

Arbitrary File Write

Plexus Archiver Component is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot .., leading to concatenation of file path locating outside of the destination folder...

5.5CVSS5.3AI score0.13179EPSS
Exploits1References6Affected Software2
Veracode
Veracode
added 2018/06/06 5:41 a.m.27 views

Arbitrary File Write

Apache Hadoop Common is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot .., leading to concatenation of file path locating outside of the destination folder...

8.8CVSS8.9AI score0.07577EPSS
Exploits1References13Affected Software3
CERT
CERT
added 2004/12/10 12:0 a.m.18 views

Anti-virus software may not properly scan malformed zip archives

Overview Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. Description Information about a zip archive, such as the size of the compressed data, is placed in headers...

7.8AI score
Exploits0References3
Rows per page
Query Builder