Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CVE
CVEadded 2026/04/07 12:0 a.m.3 views

CVE-2024-36057

CVE-2024-36057 affects Koha Library prior to 23.05.10. The vulnerability stems from insufficient sanitization of user-controlled filenames before unzipping, allowing command injection via the shell in the unzip invocation within upload-cover-image.pl (example: the code executes qx/unzip $filename...

9.8CVSS6.1AI score0.00141EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/03/04 9:28 p.m.3 views

changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

9.3CVSS6.1AI score0.00031EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/06 6:12 p.m.2 views

CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6.2AI score0.00133EPSS
Exploits3References1
Positive Technologies
Positive Technologiesadded 2026/02/06 12:0 a.m.3 views

PT-2026-6844

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

9.4CVSS6.4AI score0.00133EPSS
Exploits3References4
Prion
Prionadded 2022/03/28 10:15 p.m.9 views

Directory traversal

An Archive Extraction AKA "Zip Slip vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal...

4CVSS5.2AI score0.00608EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisoriesadded 2016/06/15 12:0 a.m.2 views

Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)

A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...

4CVSS5.5AI score0.06065EPSS
Exploits2
Rows per page
Query Builder