Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.10 views

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

9.1CVSS6.3AI score0.0053EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 8:16 p.m.3 views

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

9.1CVSS6.4AI score0.0053EPSS
Exploits1References2
NVD
NVD
added 2026/03/03 8:16 p.m.4 views

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

9.1CVSS0.0053EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/03 12:0 a.m.6 views

EUVD-2025-208245

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

6.6AI score0.0053EPSS
Exploits1References2
CVE
CVE
added 2026/03/03 12:0 a.m.11 views

CVE-2025-66945

CVE-2025-66945 affects Zdir Pro 4.x ZIP extraction API (/api/extract). A path traversal vulnerability can cause files to be written outside the intended directory, enabling arbitrary file overwrites and potentially remote code execution. Connected sources confirm the issue exists; exploitation de...

9.1CVSS6.6AI score0.0053EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.5 views

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

6.6AI score0.0053EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-22784

Name of the Vulnerable Software and Affected Versions Zdir Pro versions 4.x Description A path traversal issue exists in the ZIP extraction functionality of Zdir Pro. Processing a specially crafted ZIP archive via the backend at /api/extract can allow files to be written outside the intended...

9.1CVSS6.3AI score0.0053EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

Zdir Pro 安全漏洞

Zdir Pro is a multi-functional private storage program developed by Zdir Pro Company in China. The version 4.x of Zdir Pro contains a security vulnerability. This vulnerability stems from a path traversal vulnerability in the ZIP extraction API, which may lead to file writes being performed outsi...

9.1CVSS6.2AI score0.0053EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/03 12:0 a.m.24 views

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

0.0053EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.4 views

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

6.6AI score0.0053EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-27414

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.3 views

CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

8.8CVSS7.9AI score0.01226EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.3 views

The vulnerability of the /api/upload component of the software platform zdir, which allows a perpetrator to execute arbitrary code.

The vulnerability of the /api/upload component in the zdir application exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created .ssh fil...

9CVSS8.1AI score0.01226EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/01/23 5:15 a.m.13 views

CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

8.8CVSS8.8AI score0.01226EPSS
Exploits1References1
OSV
OSV
added 2023/01/23 5:15 a.m.12 views

CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

8.8CVSS7.7AI score
Exploits0References1
Prion
Prion
added 2023/01/23 5:15 a.m.15 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

6.5CVSS8.8AI score0.01226EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/23 12:0 a.m.15 views

CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

9AI score0.01226EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/23 12:0 a.m.6 views

CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

8AI score0.01226EPSS
Exploits1References1
CVE
CVE
added 2023/01/23 12:0 a.m.59 views

CVE-2023-23314

CVE-2023-23314 affects zdir v3.2.0 and is described as an arbitrary file upload vulnerability in the /api/upload component that allows code execution via a crafted .ssh file. The available documents consistently reference this flaw and the affected version, but do not provide a vendor patch/versi...

8.8CVSS8.7AI score0.01226EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.3 views

zdir 路径遍历漏洞

zdir is a lightweight directory listing program by the individual developer of helloxz. A security vulnerability exists in zdir version v3.2.0. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted .ssh files...

8.8CVSS8.5AI score0.01226EPSS
Exploits1References2
Rows per page
Query Builder