7 matches found
OESA-2025-2098 uv security update
An extremely fast Python package and project manager, written in Rust. Security Fixes: uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's...
SUSE CVE-2025-54368
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
CVE-2025-54368
A flaw was found in uv. The package's handling of remote ZIP archives processes entries sequentially without verifying them against the archive's central directory. This vulnerability allows a remote attacker to craft a malicious ZIP archive that can cause unexpected behavior when processed...
CVE-2025-54368
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
CVE-2025-54368
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
Hitachi Energy MACH System Software Path Traversal Vulnerability
Hitachi Energy MACH System Software is a MACH real-time high-performance control system platform from Hitachi, Japan. A security vulnerability exists in Hitachi Energy MACH System Software that originates from a McFeeder server that allows an attacker to upload a carefully crafted ZIP archive to ...
The vulnerability of the svg-vector-icon-plugin (WP SVG Icons) plugin for WordPress content management systems allows a hacker to upload a arbitrary ZIP archive (containing a.php file).
The vulnerability of the svg-vector-icon-plugin WP SVG Icons plugin for WordPress lies in insufficient validation of the requests being made. Exploiting this vulnerability could allow a malicious actor to download a arbitrary ZIP archive containing a.php file remotely...