CVE-2025-57757

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

CVE-2025-57757

Contao CMS vulnerability CVE-2025-57757: In Contao versions prior to 5.3.38 and 5.6.1, protected news archives in the news feed are not filtered, causing confidential items to appear in the RSS feed. This is patched in 5.3.38 and 5.6.1. Workaround: do not include protected archives in the feed. A...

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

GHSA-W53M-GXVG-VX7P Contao can disclose sensitive information in the news module

Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...

PT-2025-35103

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 5.3.38 Contao versions prior to 5.6.1 Description: Contao is an Open Source CMS. News items from protected news archives within a news feed are not filtered and become publicly available in the RSS feed. A workaround...

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte,...

SUSE CVE-2018-1000035

A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...

Important: unzip

Issue Overview: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service infinite loop via empty bzip2 data in a ZIP archive. CVE-2015-7697 Buffer overflow in the zishort function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via a...

Denial Of Service(DoS)

Info-Zip UnZip is vulnerable to denial of service DoS. A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...

USN-4672-1 unzip vulnerabilities

Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service...

InfoZip UnZip heap buffer overflow vulnerability (CNVD-2018-03770)

UnZip is a utility for extracting compressed files also known as "zipfiles" in .zip format. A heap buffer overflow vulnerability exists in InfoZip UnZip 6.00 and prior versions in the handling of password-protected archive files. An attacker could exploit this vulnerability to cause a denial of...

AZL-6941 CVE-2018-1000035 affecting package unzip for versions less than 6.0-19

A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...

CVE-2018-1000035

A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...

Using legitimate tools to hide malicious code

The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g...

Spam and phishing in Q2 2017

Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware –...

USN-2788-2: unzip regression

USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gustavo Grieco discovered that unzip incorrectly handled certain password protecte...

Debian DSA-3386-1 : unzip - security update

Two vulnerabilities have been found in unzip, a de-archiver for .zip files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-7696 Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated...

[USN-2788-1] unzip vulnerabilities

========================================================================== Ubuntu Security Notice USN-2788-1 October 29, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...