binarium (=2.1.3), gotoeasy-npm (>=0.0.7 <=0.0.11) +3 more potentially affected by CVE-2026-40931 via compressing (>=2.0.0 <=2.1.0)

compressing NPM version =2.0.0, =0.0.7, =0.0.20, =1.1.4, =1.2.1 Source cves: CVE-2026-40931 Source advisory: OSV:GHSA-4C3Q-X735-J3R5...

EUVD-2026-11229

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

CVE-2026-20163

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

CVE-2026-20163 Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

CVE-2026-20163 Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

Splunk Cloud Platform和Splunk Enterprise 命令注入漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities exist in versions of...

PT-2026-24735

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.4, 9.4.9, and 9.3.10 Splunk Cloud Platform versions prior to 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124 Description A user with a role containing the edit cmd capability can execu...

Splunk Enterprise 9.3.0 < 9.3.10, 9.4.0 < 9.4.9, 10.0.0 < 10.0.4 (SVD-2026-0302)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0302 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5,...

CVE-2026-24857 bulk_extractor has Heap-based Buffer Overflow vulnerability

bulkextractor is a digital forensics exploitation tool. Starting in version 1.4, bulkextractor’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in Unpack::CopyString, leading to a crash under ASAN and...

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

EUVD-2025-33393

BBOT's various issues in unarchive.py can cause arbitrary file write and RCE...

Directory Traversal

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via unarchive.py. An attacker can execute arbitrary code by supplying a specially crafted archive file that, when extracted, writes files to arbitrary locations on the file...

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

CVE-2025-10284

BBOT’s unarchive.py is vulnerable to arbitrary file write and remote code execution when extracting crafted archives, due to insufficient sanitization of archive entry paths (path traversal/Zip-Slip-like behavior). The CVE description and multiple sources (NVD/NVD entry, Red Hat advisory, GHSA, a...

PT-2025-41397

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The unarchive module in BBOT is susceptible to exploitation through the use of malicious archive files. When these files are extracted, they can trigger arbitrary file writes, potentially leadin...

EUVD-2024-0369

Malicious code in bioql PyPI...

EUVD-2022-2231

Malicious code in bioql PyPI...

SUSE CVE-2025-3445

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the...