Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.6 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerability (USN-8214-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8214-1 advisory. It was discovered that NLTK incorrectly handled file extraction when opening a maliciously...

10CVSS7.5AI score0.0079EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-6518

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

8.8CVSS6.6AI score0.00867EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/18 5:45 p.m.6 views

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS6.5AI score0.0079EPSS
Exploits1
OSV
OSV
added 2026/01/27 9:51 p.m.7 views

CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...

9.8CVSS6AI score0.00913EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.2 views

SUSE CVE-2009-1272

The phpzipmakerelativepath function in phpzip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service crash via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction...

5CVSS6.8AI score0.01965EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.3 views

SUSE CVE-2018-10860

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...

4.4CVSS7AI score0.48716EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/09/06 12:0 a.m.13 views

PT-2021-5346 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.30 PHP versions 7.4.x through 7.4.23 PHP versions 8.0.x through 8.0.10 Description: The issue arises from the incorrect restriction of the path name to a directory with limited access in the ZipArchive::extractT...

10CVSS6.7AI score0.99998EPSS
Exploits337References236
Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.7 views

PT-2020-5090

Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.17 and prior Ansible versions 2.8.9 and prior Ansible versions 2.9.6 and prior Description A flaw was found in Ansible when using the Extract-Zip function from the win unzip module. The extracted files are not checked if...

8.5CVSS7.4AI score0.00362EPSS
Exploits0References193
ATTACKERKB
ATTACKERKB
added 2019/06/30 4:15 p.m.2 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

9.8CVSS6.6AI score0.04018EPSS
Exploits1References4
Rows per page
Query Builder