PT-2026-46964

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass...

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

Astra Linux - уязвимость в p7zip-rar

7-Zip is a file archiver with a high compression ratio. Writing zeros outside the heap buffer in the RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to version 25.0.0. Version 25.0.0 contains a fix for this issue...

Astra Linux - уязвимость в p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

Astra Linux - уязвимость в p7zip

7-ZIP ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected 7-ZIP installations. Interaction with this product is required to exploit this vulnerability, but the attack vectors may vary depending ...

📄 7-Zip Directory Traversal / Code Execution

7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2026:4672)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4672 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:4672)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4672 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

CVE-2026-32630

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

Exploit for Command Injection in Fontforge

⚠️ CVE-2024-25082 - FontForge ZIP Remote Code Execution PoC...

CVE-2026-32630

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

PT-2026-25383

Summary A crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. In affected versions, the ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a...

MiracleLinux 9 : osbuild-composer-149-4.el9_7.ML.1 (AXSA:2026-302:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-302:04 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CP...

RHEL 9 : OpenShift Container Platform 4.20.16 (RHSA-2026:3851)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3851 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

openSUSE 16 Security Update : go1.24-openssl (openSUSE-SU-2026:20308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20308-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc12512...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

RHEL 10 : osbuild-composer (RHSA-2026:3752)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3752 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

ALSA-2026:3752 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...

RockyLinux 10 : podman (RLSA-2026:3336)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3336 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CPU...

RockyLinux 9 : podman (RLSA-2026:3337)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3337 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CPU...