OSEC-2026-08 Path traversal vulnerability in ocaml-tar

A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...

CRMEB Security Vulnerabilities

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang in Xi'an, China. CRMEB 5.2.2 version of a security vulnerability , the vulnerability stems from the file /adminapi/system/file/openfile function openfile path traversal vulnerability...