CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/17 11:17 p.m.•9 views

CVE-2026-12565

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools e.g. GNU tar which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extractio...

5.3CVSS0.00208EPSS

Cvelist•added 2026/06/17 9:45 p.m.•14 views

CVE-2026-12565 Path Traversal (Zip-Slip) in unarchive module

5.3CVSS0.00208EPSS

CVE•added 2026/06/17 9:45 p.m.•17 views

CVE-2026-12565

The CVE-2026-12565 entry concerns the unarchive module’s archive extraction commands, which perform no path validation and rely on external tools (notably GNU tar) whose behavior varies by platform. On systems using GNU tar < 1.34 (e.g., Ubuntu 20.04, Debian Buster, CentOS 7, and many Docker b...

5.3CVSS5.3AI score0.00208EPSS

Positive Technologies•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50560

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The unarchive internal module's archive extraction commands lack code-level validation for extracted file paths. This causes the module to rely on the behavior o...

5.3CVSS5.2AI score0.00208EPSS

Exploits0References5

NVD•added 2026/06/10 6:17 p.m.•10 views

CVE-2026-50567

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

7.7CVSS0.00301EPSS

CVE•added 2026/06/10 5:30 p.m.•18 views

CVE-2026-50567

CVE-2026-50567 affects Fission prior to 1.25.0. The vulnerability resides in Unarchive (pkg/utils/zip.go) where archive entry paths are joined with the destination path without validating that the final path stays under the destination. An attacker who can control a Package.Spec.Source.URL or Dep...

Vulnrichment•added 2026/06/10 5:30 p.m.•8 views

CVE-2026-50567 Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directory

EUVD•added 2026/06/10 5:30 p.m.•9 views

EUVD-2026-36071

CNNVD•added 2026/06/10 12:0 a.m.•14 views

Fission 路径遍历漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a path traversal vulnerability. This vulnerability stemmed from the Unarchive function using filepath.Join to concatenate the archive entry name with the target directory,...

7.7CVSS5.3AI score0.00301EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48512

EUVD•added 2026/03/11 6:30 p.m.•5 views

Exploits0References4

EUVD-2026-11229

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

NVD•added 2026/03/11 5:16 p.m.•9 views

Exploits0References2

CVE-2026-20163

7.2CVSS0.00462EPSS

Cvelist•added 2026/03/11 4:18 p.m.•27 views

CVE-2026-20163 Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

7.2CVSS0.00462EPSS

Vulnrichment•added 2026/03/11 4:18 p.m.•1 views

CVE-2026-20163 Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

Positive Technologies•added 2026/03/11 12:0 a.m.•8 views

PT-2026-24735

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.4, 9.4.9, and 9.3.10 Splunk Cloud Platform versions prior to 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124 Description A user with a role containing the edit cmd capability can execu...

CNNVD•added 2026/03/11 12:0 a.m.•6 views

Exploits0References11

Splunk Cloud Platform和Splunk Enterprise 命令注入漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities exist in versions of...

Tenable Nessus•added 2026/03/11 12:0 a.m.•2 views

Exploits0References2

Splunk Enterprise 9.3.0 < 9.3.10, 9.4.0 < 9.4.9, 10.0.0 < 10.0.4 (SVD-2026-0302)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0302 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5,...

7.2CVSS6.1AI score0.00462EPSS

Exploits0References2

Cvelist•added 2026/01/28 9:30 p.m.•25 views

CVE-2026-24857 bulk_extractor has Heap-based Buffer Overflow vulnerability

bulkextractor is a digital forensics exploitation tool. Starting in version 1.4, bulkextractor’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in Unpack::CopyString, leading to a crash under ASAN and...

6.9CVSS0.00373EPSS

Exploits1References1

RedhatCVE•added 2025/10/10 4:20 p.m.•4 views

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS7.8AI score0.00668EPSS