76 matches found
PT-2026-42260
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
Astra Linux - уязвимость в golang-1.19
The handling of certain types of invalid zip files by the archive/zip package differs from the behavior of most zip implementations. This discrepancy could be exploited to create a zip file with contents that vary depending on the implementation used to read the file. The archive/zip package now...
SUSE: Security Advisory (SUSE-SU-2026:20592-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
CVE-2025-14009 Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...
EUVD-2025-33658
cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations...
CVE-2025-11569
Rejected reason: This record was withdrawn by its CNA; further investigation revealed it was not a security issue...
CVE-2025-11569
...
EUVD-2021-1206
Malware in sbrugna...
EUVD-2023-43907
Malicious code in bioql PyPI...
Malicious code in down-load-available-zip-now-in-evening-air-h64zx-skufkw (npm)
The package down-load-available-zip-now-in-evening-air-h64zx-skufkw was found to contain malicious code...
MAL-2025-41009 Malicious code in zip-mp3-a-lbum-do-wnload-new-482338-deceivers-0nx6u-qtwkft (npm)
The package zip-mp3-a-lbum-do-wnload-new-482338-deceivers-0nx6u-qtwkft was found to contain malicious code...
Malicious code in down-load-available-zip-now-8393-wait-for-me-jdvqg-evxzsz (npm)
The package down-load-available-zip-now-8393-wait-for-me-jdvqg-evxzsz was found to contain malicious code...
Malicious code in ext-zip (npm)
The package ext-zip was found to contain malicious code...
MAL-2025-18708 Malicious code in down-load-available-zip-now-242367-fad-bpemi-awgouw (npm)
The package down-load-available-zip-now-242367-fad-bpemi-awgouw was found to contain malicious code...
Malicious code in down-load-available-zip-now-youre-living-all-over-me-pztzf-cdpxrz (npm)
The package down-load-available-zip-now-youre-living-all-over-me-pztzf-cdpxrz was found to contain malicious code...
Malicious code in down-load-available-zip-now-researching-the-blues-n3biv-klnohu (npm)
The package down-load-available-zip-now-researching-the-blues-n3biv-klnohu was found to contain malicious code...
K000152445: Golang vulnerability CVE-2024-24789
Security Advisory Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The...
ROS-20250526-02
Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file...