Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 5:59 a.m.19 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/18 7:8 a.m.12 views

EUVD-2026-30744

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/09 4:23 p.m.6 views

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations NGOs and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-32808

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS5.8AI score0.00327EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-0098

ClamAV before 0.96 does not properly handle the 1 CAB and 2 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities...

10CVSS6.9AI score0.04894EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.8 views

apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive

A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' Seven...

7.5CVSS7.2AI score0.12365EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.8 views

apache-commons-compress: infinite loop when reading a specially crafted 7Z archive

A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allows the mounting of a denial of service attack against services that use Compress' SevenZ package...

7.5CVSS7.1AI score0.11567EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.1 views

Apache Commons Compress 安全漏洞

A resource management error vulnerability exists in Apache Commons Compress, a library for processing compressed files from the Apache Foundation, which stems from the fact that when reading a specially crafted 7Z archive, Compress can allocate a large amount of memory, resulting in an...

7.5CVSS5.8AI score0.12365EPSS
Exploits0References32
OSV
OSV
added 2017/03/09 6:41 p.m.5 views

USN-3225-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. CVE-2016-5418 Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled...

8.6CVSS7AI score0.06251EPSS
Exploits1References8
Rows per page
Query Builder