Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fea
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequ
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizi
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outsi
Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/ar
A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite file
CVE-2025-65346
CRITICAL CVSS 9.1
Find Similar
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the f
CVE-2025-15036
CRITICAL CVSS 10.0
Find Similar
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive ext
EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outs
OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft ma
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarf
A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises f
OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended direct
CVE-2025-66945
CRITICAL CVSS 9.1
Find Similar
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended direc
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an att
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for
Page 1+ Next →