6 matches found
CVE-2026-39245
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
PT-2026-56969
Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An improper path containment check allows directory traversal and arbitrary file write. The safeMakeDir function and the extraction path validation use String.indexOf to verify if the resolved pat...
Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function
This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...
CVE-2025-65806
CVE-2025-65806 affects the E-POINT CMS eagle.gsam-1169.1. The vulnerability stems from the file upload feature not properly handling nested archive files, allowing an attacker to upload a ZIP containing another ZIP whose inner archive holds an executable (for example webshell.php). During extract...
EUVD-2023-2995
Malicious code in bioql PyPI...
Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2020-20382)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the...