EUVD-2025-199973

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

PT-2025-48430

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog v2 versions up to 5.2 Description A security issue exists in moxi159753 Mogu Blog v2. The FileOperation.unzip function within the ZIP File Handler component, located in the /networkDisk/unzipFile file, is susceptible to pa...

Mogu blog 路径遍历漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A path traversal vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from the improper handling of the fileUrl parameter in the FileOperation.unzi...

EUVD-2020-24084

Malware in sbrugna...

EUVD-2024-46578

Malicious code in bioql PyPI...

EUVD-2025-28387

Malicious code in bioql PyPI...

EUVD-2025-14329

Malicious code in bioql PyPI...

EUVD-2022-7602

Malicious code in bioql PyPI...

EUVD-2023-23471

Malicious code in bioql PyPI...

EUVD-2022-51836

Malicious code in bioql PyPI...

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...

CVE-2025-5108

CVE-2025-5108 affects zongzhige ShopXO 6.5.0. The issue is in the Upload function of app/admin/controller/Payment.php (ZIP File Handler); manipulation of the params argument enables unrestricted file upload. Exploitation is possible remotely with no user interaction, and multiple sources note pub...

CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2023-1191

A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2022-4493

A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be...

PT-2025-22793 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: zongzhige ShopXO version 6.5.0 Description: A critical issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The...

CVE-2020-36628

A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version...

CVE-2025-4529

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file...

CVE-2025-4529

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file...

CVE-2025-4529 Seeyon Zhiyuan OA Web Application System ZIP File M3CoreController.class download path traversal

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file...