EUVD-2025-210053

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

CVE-2025-60477

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

ROS-20250827-03

A vulnerability in the resolveFile method of the Apache Commons VFS Virtual File System unified API for accessing different file systems is due to errors in the relative path handling of the directory when processing the relative path of the directory. Virtual File System method is related to...

Malicious code in scale-cache-resolve-file-wind (npm)

The package scale-cache-resolve-file-wind was found to contain malicious code...

MAL-2025-32769 Malicious code in scale-cache-resolve-file-wind (npm)

The package scale-cache-resolve-file-wind was found to contain malicious code...

apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...

The vulnerability of the resolveFile method in the unified API for accessing various file systems in Apache Commons VFS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the resolveFile method in the unified API for accessing various file systems using Apache Commons VFS is related to errors in processing the relative path to the directory when handling the scope parameter. Exploiting this vulnerability could allow an attacker to gain...

DEBIAN-CVE-2025-27553

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...

CVE-2025-1834

A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

zz 安全漏洞

zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and earlier versions, which stems from improper handling of the file parameter in the /resolve file, resulting in unlimited uploads...