Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2025-65806

CVE-2025-65806 affects the E-POINT CMS eagle.gsam-1169.1. The vulnerability stems from the file upload feature not properly handling nested archive files, allowing an attacker to upload a ZIP containing another ZIP whose inner archive holds an executable (for example webshell.php). During extract...

EUVD-2023-2995

Malicious code in bioql PyPI...

Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2020-20382)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the...