CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-44088

SzafirHost is affected by a remote code execution vulnerability where the code verifies the signature of a downloaded JAR with JarInputStream (from the file start) but loads classes using JarFile/URLClassLoader (reading from the end of the Central Directory). An attacker can combine a genuine, si...

EUVD-2023-2266

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-23171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash...

SUSE CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. dot dot sequences in a zip file...

Unzip vulnerable to slip-zip attack

When extracting a ZIP file using the Unzip class, a prepared zip file could overwrite arbitrary files as the basedir wasn't enforced. All released versions starting with 1.0 are affected. The issue is addressed in release v1.8.1.6. You can modify earlier versions by implementing the changes from...