Lucene search
K

38 matches found

RedhatCVE
RedhatCVE
added 2026/06/27 1:19 p.m.11 views

CVE-2026-57453

A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file...

7.3CVSS5.8AI score0.00137EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS from 0.26.0.0 to 0.31.7.0 had code-related vulnerabilities. These vulnerabilities stemmed from the theme upload feature not filtering PHP files within ZIP files. This could allow authenticated users to execute...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 11:18 a.m.5 views

SUSE-SU-2026:21013-1 Security update for zlib

This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths. bsc1258392 - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in...

9.8CVSS7AI score0.02918EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

7.5CVSS6.7AI score0.01525EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : golang-1.21.11-1.el9_4 (AXSA:2024-8506:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8506:06 advisory. golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped...

9.8CVSS5.6AI score0.01952EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

8.3CVSS7.8AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/12/26 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992142 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD...

4.3CVSS6.8AI score0.00353EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:31 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...

6.5CVSS7.5AI score0.02421EPSS
Exploits7Affected Software1
OSV
OSV
added 2025/12/09 7:37 a.m.3 views

SUSE-SU-2025:21199-1 Security update for python311

This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD is not checked by the 'zipfile' module bsc1251305. - CVE-2025-6075: Fixed the value passed to os.path.expandvars is user-controlled a performance...

5.5CVSS7.1AI score0.00353EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.55 views

Amazon Linux 2 : python3, --advisory ALAS2-2025-3041 (ALAS-2025-3041)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3041 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References4
Amazon
Amazon
added 2025/10/27 12:0 a.m.4 views

Medium: python3

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

4.3CVSS6.6AI score0.00353EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-2573

Malware in sbrugna...

7CVSS6.9AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41831

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00951EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-22166

Malicious code in bioql PyPI...

5.5CVSS7.2AI score0.00446EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2025/08/05 12:0 a.m.11 views

(0Day) Google Drive ZIP File Mark-of-the-Web Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Google Drive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

8.8CVSS7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 3: go-toolset (TSSA-2024:0311)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0311 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS7.5AI score0.01952EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.8 views

CVE-2020-14067

The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...

9.8CVSS7AI score0.0123EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.11 views

RockyLinux 8 : grafana (RLSA-2024:5291)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5291 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789...

9.8CVSS7.5AI score0.01952EPSS
Exploits0References7
NVD
NVD
added 2025/03/20 10:15 a.m.37 views

CVE-2024-7773

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits2
OSV
OSV
added 2025/03/17 8:16 p.m.13 views

RLSA-2024:9102 Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: Symlink error leads to information disclosure CVE-2022-4122 containers/image:...

8.3CVSS8.4AI score0.01414EPSS
Exploits0References5
Rows per page
Query Builder