Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extr
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outsi
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handle
Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/ar
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive ext
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarf
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filt
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vul
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted f
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended direc
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starti
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.op
The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by
A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/desti
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizi
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature.
webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This
Page 1+ Next →