Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

CVE-2026-27635

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the import snapshot module that lacks sanitization of zip filenames. An attacker can write arbitrary files to the filesystem by supplying crafted file paths with / separator. Note: This issue affects only...

WinRAR 安全漏洞

WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR that stems from inconsistent display of filenames in ZIP files, which could lead to filename spoofing and...

Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

CVE-2023-39137

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

PT-2023-26799 · Archive · Archive

Name of the Vulnerable Software and Affected Versions: Archive version 3.3.7 Description: The issue allows attackers to spoof zip filenames, leading to inconsistent filename parsing. Recommendations: For Archive version 3.3.7, consider restricting the parsing of zip filenames to minimize the risk...

CVE-2023-39137

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

CVE-2023-39137

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

Celartem Extensis Portfolio 代码问题漏洞

Celartem Extensis Portfolio is a digital asset management solution from Celartem Japan. A code issue vulnerability exists in Celartem Extensis Portfolio versions 3.0.0 through 3.6.3, which stems from an error in the software's input validation when processing directory traversal sequences in...

UBUNTU-CVE-2021-23413

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...

ArangoDB 跨站脚本漏洞

ArangoDB is a NoSQL database system from ArangoDB GmbH. A cross-site scripting vulnerability exists in ArangoDB versions 2.2.6.2 through 3.7.10, which stems from the program because it does not validate .zip filenames or filter for potentially abusive characters that zip files can be named after...

Denial of Service (DoS)

Overview jszip is a Create, read and edit .zip files with JavaScript http://stuartk.com/jszip Affected versions of this package are vulnerable to Denial of Service DoS. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with...

GHSA-RHQ2-2574-78MC Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

CVE-2005-0331

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... triple dot in the filename of the ZIP file...