63 matches found
MINI-PF4J-XW3G-QPF2
Bulletin has no description...
Path Traversal
pf4j is vulnerable to Path Traversal. The vulnerability is due to improper handling of zip entry names, where a lack of proper path normalization and validation can allow directory traversal or Zip Slip attacks...
Linux Distros Unpatched Vulnerability : CVE-2025-70952
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory...
EUVD-2025-209006
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
GHSA-5458-7HH9-V7P4 pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
care.better.pf4j:pf4j-kotlin-symbol-processing (>=2.1.0-1.0.2 <=2.3.10-1.0.4), cn.sliew:carp-dist (>=0.0.1 <=0.0.34) +592 more potentially affected by CVE-2025-70952 via org.pf4j:pf4j (>=2.0.0 <=3.14.0)
org.pf4j:pf4j MAVEN version =2.0.0, =2.1.0-1.0.2, =0.0.1, =0.0.42, =0.0.63, =0.0.64, =0.0.66, =0.0.63, =0.0.49, =0.0.61, =0.0.61, =0.0.13, =0.0.1, =0.0.33, =0.0.33, =0.0.33, =0.0.34 and more Source cves: CVE-2025-70952 Source advisory: OSV:GHSA-5458-7HH9-V7P4...
care.better.pf4j:pf4j-kotlin-symbol-processing (>=2.1.0-1.0.2 <=2.3.10-1.0.4), cn.sliew:carp-dist (>=0.0.1 <=0.0.34) +563 more potentially affected by CVE-2025-70952 via org.pf4j:pf4j (>=3.0.1 <=3.14.0)
org.pf4j:pf4j MAVEN version =3.0.1, =2.1.0-1.0.2, =0.0.1, =0.0.42, =0.0.63, =0.0.64, =0.0.66, =0.0.63, =0.0.49, =0.0.61, =0.0.61, =0.0.13, =0.0.1, =0.0.33, =0.0.33, =0.0.33, =0.0.34 and more Source cves: CVE-2025-70952 Source advisory: SNYK:JAVA-ORGPF4J-15766713...
DEBIAN-CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
UBUNTU-CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
CVE-2025-70952
Pf4J prior to version 20c2f80 contains a path traversal (Zip Slip) vulnerability in Unzip.java::extract(), caused by improper zip entry name handling and insufficient path normalization/validation. This allows directory traversal during extraction. The fixed state is addressed in the referenced c...
CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
MINI-583M-PF4J-63V2
Bulletin has no description...
CVE-2023-40828
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...
CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...
EUVD-2023-2273
Malicious code in bioql PyPI...
EUVD-2023-2197
Malicious code in bioql PyPI...
EUVD-2023-2352
Malicious code in bioql PyPI...
CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...