In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
7.8CVSS
7.8AI Score
0.001EPSS
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
5.5CVSS
5.3AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6.8AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.003EPSS
7.5CVSS
7.7AI Score
0.005EPSS