CVE-2026-39307

PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...

EUVD-2026-18897

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

appium 路径遍历漏洞

Appium is an open-source cross-platform application automation testing framework developed by Appium. Versions of Appium prior to 7.0.6 contained a path traversal vulnerability. This vulnerability stemmed from ineffective path traversal checks in the ZIP extraction implementation, which could all...

NLTK 安全漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. NLTK has a security vulnerability that stems from the unzipiter function using zipfile.extractall without performing path validation or security checks...

Ubuntu: Security Advisory (USN-7979-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2021-0952

Malware in sbrugna...

EUVD-2020-28620

Malware in sbrugna...

EUVD-2023-59266

Malicious code in bioql PyPI...

EUVD-2023-2265

Malicious code in bioql PyPI...

EUVD-2022-34543

Malicious code in bioql PyPI...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

CVE-2025-40737 affects Siemens SINEC NMS versions prior to 4.0. The issue is a path traversal/ZIP extraction flaw where file paths are not properly validated, allowing an attacker to write arbitrary files to restricted locations and potentially achieve code execution with elevated privileges (ZDI...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\toolbar::addPlugin method. This method handles uploaded ZIP files that are extracted into the...

CVE-2021-25119

The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE...

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

python-libarchive 安全漏洞

python-libarchive is a Libarchive wrapper for Python open-sourced by SmartFile. A security vulnerability exists in python-libarchive version 4.2.1, which stems from allowing directory traversal of ZipFile.extractall and ZipFile.extract in a zip.py extraction...

Denial Of Service (DoS)

mattermost is vulnerable to Denial Of Service attack. The vulnerability is caused due to a lack of validation while performing zip file extraction. An attacker is able to upload a specially crafted zip zip bomb, which upon extraction leads to consumption of excessive resources...

PT-2023-26800 · Unknown · Zipfoundation

Name of the Vulnerable Software and Affected Versions: ZIPFoundation version 0.9.16 Description: An issue in ZIPFoundation allows attackers to execute a path traversal via extracting a crafted zip file. Recommendations: For ZIPFoundation version 0.9.16, update to a version that fixes this issue, ...