Lucene search
+L

171 matches found

Snyk
Snyk
added 2026/07/10 6:31 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the...

8.7CVSS6.1AI score0.00432EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 5:16 p.m.6 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

7.5CVSS0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.11 views

PT-2026-57215

Name of the Vulnerable Software and Affected Versions adm-zip versions prior to 0.5.18 Description A denial-of-service issue exists when parsing crafted ZIP files with a manipulated uncompressed size header field. The library allocates memory based on the declared uncompressed size from the ZIP...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 12:0 a.m.15 views

CVE-2026-39244

The CVE-2026-39244 entry concerns adm-zip before 0.5.18 and describes a denial-of-service vulnerability triggered by a crafted ZIP file with a manipulated uncompressed size header. The root cause is that zipEntry.js allocates memory using Buffer.alloc(_centralHeader.size) based on the uncompresse...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 12:0 a.m.30 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

0.00432EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 12:0 a.m.2 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/30 5:14 a.m.9 views

CVE-2026-56876

A flaw was found in extract-zip. This vulnerability allows a remote attacker to craft a malicious zip file containing symbolic links that point to locations outside the intended extraction directory. When a user extracts this malicious archive, extract-zip fails to validate the symlink targets,...

8.6CVSS6AI score0.00346EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : vim (EulerOS-SA-2026-2361)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

8.2CVSS7.9AI score0.01162EPSS
Exploits0References11
AlpineLinux
AlpineLinux
added 2026/06/05 3:48 p.m.9 views

CVE-2026-48103

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...

7.1CVSS5.3AI score0.00225EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/05 3:19 p.m.8 views

CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

4.3CVSS5.5AI score0.00189EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/03 7:43 a.m.9 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:29 a.m.2 views

CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.16 views

PT-2026-46964

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.34 through 26.00 Description A heap memory disclosure exists in 32-bit builds where a 32-bit integer overflow occurs in the SquashFS ReadBlock function. This allows an attacker-controlled node.Offset value to bypass fragment...

8.1CVSS6AI score0.00324EPSS
Exploits1References32
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.110 views

📄 7-Zip Directory Traversal / Code Execution

7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...

7.8CVSS7.6AI score0.27357EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.15 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:4672)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4672 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

10CVSS7.3AI score0.01945EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.14 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2026:4672)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4672 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

10CVSS5.9AI score0.01945EPSS
Exploits2References5
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-32630

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

5.3CVSS0.00299EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/03/16 2:50 a.m.282 views

Exploit for Command Injection in Fontforge

⚠️ CVE-2024-25082 - FontForge ZIP Remote Code Execution PoC...

6.5CVSS6.5AI score0.0187EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:54 p.m.3 views

CVE-2026-32630

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

5.3CVSS5.8AI score0.00299EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25383

Name of the Vulnerable Software and Affected Versions file-type versions 20.0.0 through 21.3.1 Description file-type detects the file type of a file, stream, or data. A crafted ZIP file can trigger excessive memory growth during type detection when using the fileTypeFromBuffer, fileTypeFromBlob, ...

5.3CVSS5.8AI score0.00299EPSS
Exploits1References12
Rows per page
Query Builder