unzip-bot 操作系统命令注入漏洞

unzip-bot is a Telegram bot used by EDM115 to extract various types of archives. An operating system command injection vulnerability exists in versions prior to unzip-bot 7.0.3a, which stems from improper input cleanup and allows a user to inject malicious commands via constructed zip file names,...

SUSE CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...