Lucene search
+L

2020 matches found

CVE
CVE
added 2026/06/10 5:30 p.m.26 views

CVE-2026-50567

CVE-2026-50567 affects Fission prior to 1.25.0. The vulnerability resides in Unarchive (pkg/utils/zip.go) where archive entry paths are joined with the destination path without validating that the final path stays under the destination. An attacker who can control a Package.Spec.Source.URL or Dep...

7.7CVSS5.4AI score0.00301EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 5:11 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...

7.3CVSS6.5AI score0.0003EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 5:11 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...

7.3CVSS6.5AI score0.0003EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 5:11 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...

7.3CVSS6.5AI score0.0003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 12:41 p.m.41 views

CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS0.00215EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 12:41 p.m.98 views

CVE-2026-52755

Ghidra prior to version 12.0.4 is affected by a path traversal vulnerability in the theme import functionality. An attacker can craft theme ZIP files containing traversal sequences in filenames to write outside the intended theme directory, enabling arbitrary code execution or modification of sen...

8.4CVSS6AI score0.00215EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/10 12:41 p.m.4 views

CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS6.3AI score0.00215EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48512

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

7.7CVSS5.4AI score0.00301EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Directory Traversal

Overview org.springframework.integration:spring-integration-file is a Spring Integration File Support Affected versions of this package are vulnerable to Directory Traversal via improper validation of file paths received from FTP, SFTP, or SMB servers. A malicious or compromised server can write...

8.7CVSS6.2AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 7:38 p.m.16 views

CVE-2026-10732

A flaw was found in the decompress package. A remote attacker can exploit this by providing a crafted ZIP archive with two entries at the same path: a symlink to an arbitrary target and a regular file. Due to microtask processing order, the file content is written through the symlink before it is...

7.5CVSS6.2AI score0.00521EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/09 10:23 a.m.6 views

Directory Traversal

Overview apache-airflow-providers-samba is a Provider package apache-airflow-providers-samba for Apache Airflow Affected versions of this package are vulnerable to Directory Traversal via the GCSToSambaOperator function. An attacker can write files to arbitrary locations on the Samba target by...

6.9CVSS6.2AI score0.00695EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47797

📣 ADVISORY: Researcher Trung Nguyen from @CyStackSecurity discovered Zip Slip vulnerability in EMQX MQTT Broker CVE-2026-44725, High - enabling arbitrary file write on the system via plugin installation mechanism. Details: https://t.co/iN6SWM48ig EMQX IoT Vulnerability https://t.co/DcfVVoz0qQ...

5.6AI score0.00048EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 6:27 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized string concatenation in the authglinet middleware when the application is started in GLiNET mode. An attacker can gain full administrative access by supplying a crafted path traversal sequence in the...

9.4CVSS6.2AI score0.00542EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 11:19 a.m.4 views

Directory Traversal

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Directory Traversal via ImageCacheController component. An...

8.7CVSS6.5AI score0.00455EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 2:15 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the denied function. An attacker can access arbitrary files on the server by supplying crafted input to the filename argument. Details A Directory Traversal attack also known as path traversal aims to access file...

6.5CVSS7.2AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-41280

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41202

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.3AI score0.00528EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41203

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.3AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-27891

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS5.6AI score0.00522EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.18 views

CVE-2026-37531

AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability CWE-22 combined with a TOCTOU race condition CWE-367 in the widget installation flow. The isvalidfilename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal...

9.8CVSS5.4AI score0.00711EPSS
Exploits0References1
Rows per page
Query Builder