CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

IBM Security Bulletins•added 2026/06/15 10:16 p.m.•4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-67030)

Summary There are vulnerabilities in plexus-utils-3.5.1.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-67030. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of...

8.8CVSS5.9AI score0.00664EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/08 7:49 a.m.•9 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Directory Traversal due to plexus-utils (CVE-2025-67030)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Directory Traversal due to plexus-utils. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in...

8.8CVSS6.2AI score0.00664EPSS

Exploits0Affected Software2

Amazon•added 2026/04/30 12:0 a.m.•7 views

Important: maven3.9

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: maven3.9 Issue Correction: Run dnf...

8.8CVSS5.9AI score0.00664EPSS

Exploits0

OSV•added 2026/04/29 9:21 a.m.•6 views

CLSA-2026-1777454474 plexus-utils: Fix of CVE-2025-67030

CVE-2025-67030: fix Zip Slip / directory traversal in Expand.extractFile canonical path check...

8.8CVSS5.8AI score0.00664EPSS

Exploits0References1

OSV•added 2026/04/24 1:42 p.m.•10 views

CLSA-2026-1777038119 plexus-utils: Fix of CVE-2025-67030

CVE-2025-67030 fix zip slip via canonical path check in Expand...

8.8CVSS5.8AI score0.00664EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/23 6:59 a.m.•6 views

Security Bulletin: Due to use of plexus-utils-3.5.1.jar, IBM Sterling Connect:Direct Web Services is affected by Directory Traversal issue.

Summary plexus-utils-3.5.1.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before...

8.8CVSS6.1AI score0.00664EPSS

Exploits0Affected Software1

OPENSUSE Linux•added 2026/04/21 12:0 a.m.•4 views

Security update for plexus-utils (important)

openSUSE security update: security update for plexus-utils ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20535-1 Rating: important References: bsc1260588 Cross-References: CVE-2025-67030 CVSS scores: CVE-2025-67030 SUSE : 7.3...

7.3CVSS5.7AI score0.00664EPSS

Exploits0References1

SUSE Linux•added 2026/04/16 10:35 a.m.•6 views

Security update for plexus-utils

This update for plexus-utils fixes the following issue: Security fixes: CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes Specify /D for cmd.exe to bypass the Command Processor Autorun folder Dependency...

7.3CVSS5.8AI score0.00664EPSS

Exploits0References4

OSV•added 2026/04/14 3:15 p.m.•4 views

OPENSUSE-SU-2026:20535-1 Security update for plexus-utils

This update for plexus-utils fixes the following issue: - CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588...

8.8CVSS5.8AI score0.00664EPSS

Exploits0References2

Amazon•added 2026/04/14 12:0 a.m.•11 views

Important: plexus-utils

8.8CVSS6.2AI score0.00664EPSS

Exploits0

Tenable Nessus•added 2026/04/13 12:0 a.m.•3 views

Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1545 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...

8.8CVSS6.1AI score0.00664EPSS

Exploits0References4

Amazon•added 2026/04/13 12:0 a.m.•9 views

Important: plexus-utils

8.8CVSS6.1AI score0.00664EPSS

Exploits0

CBLMariner•added 2026/04/06 11:43 p.m.•3 views

CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-5

CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-5. A patched version of the package is available...

8.8CVSS5.9AI score0.00664EPSS

Exploits0

Circl•added 2026/03/30 5:0 p.m.•1 views

CVE-2025-67030

creationtimestamp| type| source ---|---|--- 2026-03-30 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0381/ 2026-03-31 14:45:17+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mieg3xyw3g26...

8.8CVSS5.8AI score0.00664EPSS

Exploits0References2

OPENSUSE Linux•added 2026/03/30 12:0 a.m.•5 views

plexus-utils-4.0.2-2.1 on GA media (moderate)

plexus-utils-4.0.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10439-1 Rating: moderate Cross-References: CVE-2025-67030 CVSS scores: CVE-2025-67030 SUSE : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2025-67030 SUSE : 6.3...

7.3CVSS5.9AI score0.00664EPSS

Exploits0

Microsoft CVE•added 2026/03/29 8:2 a.m.•4 views

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

...

8.8CVSS5.8AI score0.00664EPSS

Exploits0

Chainguard•added 2026/03/28 7:17 p.m.•4 views

CVE-2025-67030 vulnerabilities

Vulnerabilities for packages: maven-stage0, leiningen, confluent-kafka, kafka-fips, kafka, confluent-kafka-jre-bcfips, dependency-track, dependency-track-apiserver, druid, gradle, wso2is, maven-ecosystems-test, akhq, maven, apache-camel-karavan-devmode, clojure-tools, gradle-stage0...

8.8CVSS5.8AI score0.00664EPSS

Exploits0

vulnersOsv•added 2026/03/25 6:31 p.m.•7 views

aero.albers.osmbse:mdzip-process-sources-maven-plugin (=0.0.1), aero.albers.osmbse:mdzip-validate-maven-plugin (=0.0.1) +24031 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.6.0)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1, =0.1.0, =0.0.1, =0.0.6, =0.1.10, =0.1.3, =0.0.1, =0.0.1, =0.2.0, =0.1.3, =0.1.3, =0.1.5 - ai.pipestream:pipestream-engine =0.0.6 - ai.pipestream:pipestream-engine-kafka-sidecar =0.0.2 and more Source cves: CVE-2025-67030 Source advisory...

8.8CVSS5.4AI score0.00664EPSS

Exploits0

vulnersOsv•added 2026/03/25 6:31 p.m.•5 views

at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), au.com.acegi:xml-format-maven-plugin (>=4.0.1 <=4.1.0) +2006 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=4.0.0 <=4.0.2)

org.codehaus.plexus:plexus-utils MAVEN version =4.0.0, =9.1.1, =4.0.1, =0.0.1, =0.0.9, =0.4.0, =0.0.0, =1.9.2, =1.0.0-M5, =1.0.0-M6, =1.0.0-M1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =1.0.0-M10 and more Source cves: CVE-2025-67030 Source advisory: OSV:GHSA-6FMV-XXPF-W3CW...

8.8CVSS5.4AI score0.00664EPSS

Exploits0

vulnersOsv•added 2026/03/25 12:0 a.m.•6 views

8.8CVSS5.4AI score0.00664EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by