Lucene search
K

20 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42904

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.10 views

Zdir Pro 安全漏洞

Zdir Pro is a multi-functional private storage program developed by Zdir Pro Company in China. The version 4.x of Zdir Pro contains a security vulnerability. This vulnerability stems from a path traversal vulnerability in the ZIP extraction API, which may lead to file writes being performed outsi...

9.1CVSS6.2AI score0.0053EPSS
Exploits1References3
Veracode
Veracode
added 2026/02/10 12:22 p.m.8 views

Path Traversal

MONAI is vulnerable to a Path Traversal. The vulnerability is due to the use of zipfile.ZipFile.extractall without proper path validation in the downloadfromngcprivate function, which allows an attacker to craft a malicious ZIP archive that writes files outside the intended extraction directory a...

5.3CVSS5.8AI score0.00311EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-4748

Malware in sbrugna...

7.8CVSS6AI score0.0163EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-3946

Malware in sbrugna...

4.9CVSS5.1AI score0.01279EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-8619

Malware in sbrugna...

6.5CVSS6.4AI score0.03221EPSS
Exploits0References4
OSV
OSV
added 2025/07/28 7:57 p.m.9 views

GO-2025-3808 Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive in github.com/ctfer-io/chall-manager

Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive in github.com/ctfer-io/chall-manager...

9.1CVSS6AI score0.00718EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.8 views

CVE-2024-45436

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

9.1CVSS6.7AI score0.02581EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.10 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

9.8CVSS8.2AI score0.04018EPSS
Exploits1References1
OSV
OSV
added 2024/08/29 12:0 a.m.17 views

CVE-2024-45436

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

9.1CVSS7.5AI score0.02581EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2022/11/24 6:36 a.m.9 views

CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...

7.1CVSS8.1AI score0.01323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/24 12:0 a.m.4 views

PT-2022-27299 · Knime · Knime Analytics Platform

Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions 3.2.0 and above Description: A directory traversal vulnerability in the ZIP archive extraction routines can result in arbitrary files being overwritten on the user's system, also known as 'Zip-Slip'. An...

7CVSS7.4AI score0.00407EPSS
Exploits0References5
NVD
NVD
added 2020/05/05 9:15 p.m.14 views

CVE-2020-10859

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...

6.5CVSS6.4AI score0.04386EPSS
Exploits0References1
Prion
Prion
added 2020/05/05 9:15 p.m.10 views

Directory traversal

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...

4CVSS6.4AI score0.04386EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/05/05 8:16 p.m.76 views

CVE-2020-10859

The CVE-2020-10859 entry applies to Zoho ManageEngine Desktop Central (before 10.0.484). The vulnerability is a Directory Traversal in the AppDependency API that, when an authenticated user issues a crafted ZIP extraction request, allows arbitrary file writes on the target system. This is trigger...

6.5CVSS6.4AI score0.04386EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2019/12/17 12:0 a.m.17 views

typo3 -- multiple vulnerabilities

Typo3 core team reports: It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting. It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms...

6.9AI score
Exploits0References8
Prion
Prion
added 2019/07/04 3:15 p.m.20 views

Directory traversal

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...

6.8CVSS7.5AI score0.0163EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2019/05/23 8:29 p.m.21 views

CVE-2019-12309

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...

4.9CVSS5.1AI score0.01279EPSS
Exploits0References2
OSV
OSV
added 2018/07/25 5:29 p.m.1 views

DEBIAN-CVE-2018-1002209

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS7AI score0.0595EPSS
Exploits0References1
CVE
CVE
added 2017/06/05 7:0 p.m.49 views

CVE-2017-9442

BigTree CMS (versions up to 4.2.18) is affected by CVE-2017-9442. Remote authenticated users can execute arbitrary code by uploading a crafted package containing a PHP web shell, via ZIP extraction to file name patterns under cache/package/xxx/yyy.php. The issue exists in core/admin/modules/devel...

8.8CVSS8.7AI score0.02451EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder