Lucene search
K

7 matches found

OSV
OSV
added 2025/09/05 12:39 p.m.6 views

OESA-2025-2098 uv security update

An extremely fast Python package and project manager, written in Rust. Security Fixes: uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's...

6.8CVSS6.8AI score0.00183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/08/08 11:22 p.m.3 views

SUSE CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.5CVSS6.9AI score0.00183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/08 12:5 p.m.6 views

CVE-2025-54368

A flaw was found in uv. The package's handling of remote ZIP archives processes entries sequentially without verifying them against the archive's central directory. This vulnerability allows a remote attacker to craft a malicious ZIP archive that can cause unexpected behavior when processed...

6.8CVSS6.1AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2025/08/08 12:15 a.m.5 views

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.8CVSS0.00183EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/08 12:15 a.m.4 views

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.8CVSS6.9AI score0.00183EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.5 views

Hitachi Energy MACH System Software Path Traversal Vulnerability

Hitachi Energy MACH System Software is a MACH real-time high-performance control system platform from Hitachi, Japan. A security vulnerability exists in Hitachi Energy MACH System Software that originates from a McFeeder server that allows an attacker to upload a carefully crafted ZIP archive to ...

6.5CVSS6.8AI score0.00486EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.4 views

The vulnerability of the svg-vector-icon-plugin (WP SVG Icons) plugin for WordPress content management systems allows a hacker to upload a arbitrary ZIP archive (containing a.php file).

The vulnerability of the svg-vector-icon-plugin WP SVG Icons plugin for WordPress lies in insufficient validation of the requests being made. Exploiting this vulnerability could allow a malicious actor to download a arbitrary ZIP archive containing a.php file remotely...

10CVSS7.7AI score0.00839EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder