CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

Commvault Command Center 11.38 < 11.38.20 RCE (CV_2025_04_1)

An arbitrary code execution vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. Note that Nessus has not tested for this issue but has instead relied only on t...

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

SUSE CVE-2018-8009

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file...

PT-2017-16779

Name of the Vulnerable Software and Affected Versions rubyzip gem versions prior to 1.2.1 Description The Zip::File component in the rubyzip gem has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname...