Latest CVE Feed
-
5.5
MEDIUMCVE-2017-5978
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.... Read more
- Published: Mar. 01, 2017
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2017-5976
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.... Read more
- Published: Mar. 01, 2017
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-7727
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation zziplib zziplib- Published: Mar. 06, 2018
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-6542
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.... Read more
- Published: Feb. 02, 2018
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-7726
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.... Read more
- Published: Mar. 06, 2018
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-7725
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.... Read more
- Published: Mar. 06, 2018
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-6869
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.... Read more
- Published: Feb. 09, 2018
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-6541
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via ... Read more
- Published: Feb. 02, 2018
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-6381
In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variab... Read more
- Published: Jan. 29, 2018
- Modified: Jul. 10, 2025
-
5.8
MEDIUMCVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.... Read more
- Published: Oct. 01, 2018
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2025-27736
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-27735
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2024-32231
Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.... Read more
Affected Products : stash- Published: Aug. 15, 2024
- Modified: Jul. 10, 2025
-
7.8
HIGHCVE-2025-27733
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_1507 windows windows_server_2012_r2 windows_server_2008_r2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-45993
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.... Read more
Affected Products : giflib- Published: Sep. 30, 2024
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2024-43346
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3.... Read more
Affected Products : modal_window- Published: Aug. 18, 2024
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2025-26664
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2024-45920
A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.... Read more
Affected Products : solvait- Published: Sep. 30, 2024
- Modified: Jul. 10, 2025
-
7.5
HIGHCVE-2024-44860
An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.... Read more
Affected Products : solvait- Published: Sep. 26, 2024
- Modified: Jul. 10, 2025
-
8.1
HIGHCVE-2025-26663
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption