Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

9.8CVSS6AI score0.02147EPSS
Exploits2References5
Positive Technologies
Positive Technologies
•added 5 days ago•10 views

PT-2026-56969

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An improper path containment check allows directory traversal and arbitrary file write. The safeMakeDir function and the extraction path validation use String.indexOf to verify if the resolved pat...

6.2CVSS6.2AI score0.00272EPSS
Exploits1References8
Github Security Blog
Github Security Blog
•added 2026/03/10 6:31 p.m.•9 views

Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References5Affected Software1
CVE
CVE
•added 2025/12/04 12:0 a.m.•19 views

CVE-2025-65806

CVE-2025-65806 affects the E-POINT CMS eagle.gsam-1169.1. The vulnerability stems from the file upload feature not properly handling nested archive files, allowing an attacker to upload a ZIP containing another ZIP whose inner archive holds an executable (for example webshell.php). During extract...

4.3CVSS7.8AI score0.00262EPSS
Exploits1References2Affected Software1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•7 views

EUVD-2023-2995

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00673EPSS
Exploits0References6
CNVD
CNVD
•added 2019/11/13 12:0 a.m.•4 views

Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2020-20382)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the...

6.5CVSS6.8AI score0.03116EPSS
Exploits0References1
Rows per page
Query Builder