5 matches found
CVE-2026-6101
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
EUVD-2026-42041
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...
CVE-2026-44017
CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...