9 matches found
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerability (USN-8214-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8214-1 advisory. It was discovered that NLTK incorrectly handled file extraction when opening a maliciously...
CVE-2026-6518
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...
CVE-2025-14009
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...
CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...
SUSE CVE-2009-1272
The phpzipmakerelativepath function in phpzip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service crash via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction...
SUSE CVE-2018-10860
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...
PT-2021-5346 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.30 PHP versions 7.4.x through 7.4.23 PHP versions 8.0.x through 8.0.10 Description: The issue arises from the incorrect restriction of the path name to a directory with limited access in the ZipArchive::extractT...
PT-2020-5090
Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.17 and prior Ansible versions 2.8.9 and prior Ansible versions 2.9.6 and prior Description A flaw was found in Ansible when using the Extract-Zip function from the win unzip module. The extracted files are not checked if...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...