CVE-2025-14009

The CVE describes a critical remote code execution flaw in the nltk/nltk project, via the downloader component. The vulnerable code path is in _unzip_iter within nltk/downloader.py, which calls zipfile.extractall() without path validation or security checks, allowing a malicious zip package to ex...

EUVD-2022-28867

Malicious code in bioql PyPI...

PT-2025-11214 · Vim +3 · Vim +4

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.1198 Description: The issue concerns potential data loss when using Vim with the zip.vim plugin and specially crafted zip files. The impact is considered medium as it requires a user to view the malicious archive wit...

PT-2024-36562 · Unknown · Python-Libarchive

Name of the Vulnerable Software and Affected Versions: python-libarchive versions 4.2.1 and earlier Description: The issue allows directory traversal, enabling the creation of files in extract in zip.py for ZipFile.extractall and ZipFile.extract functions. This can be exploited to create files...

SUSE CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

Design/Logic Flaw

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...