Lucene search
K

286 matches found

Cvelist
Cvelist
added 2026/06/28 1:32 a.m.38 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
CVE
CVE
added 2026/06/28 1:32 a.m.86 views

CVE-2026-58052

Technical details are not publicly available in the provided documents; monitor for updates.

4.8CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-53084

Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.8 views

CVE-2026-45595

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS5.4AI score0.00423EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-45595

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS0.00423EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.10 views

EUVD-2026-35554

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS5.4AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.38 views

CVE-2026-45595

Technical details about CVE-2026-45595 are not publicly available in the provided documents. Monitor for updates about affected components, root cause, and remediation.

5.4CVSS5.5AI score0.00423EPSS
Exploits0References1Affected Software13
Vulnrichment
Vulnrichment
added 2026/06/09 5:5 p.m.13 views

CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability

...

5.4CVSS5.4AI score0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.34 views

CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability

...

5.4CVSS0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Microsoft Windows Mark of the Web (MOTW) 处理逻辑错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows Mark of the Web MOTW. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are...

5.4CVSS5.8AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.6 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS6AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 p.m.13 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.17 views

PT-2026-36002

Name of the Vulnerable Software and Affected Versions B1 Free Archiver version 1.5.86 Description An issue exists where files extracted from downloaded archives bypass Windows Mark of the Web MotW protections. The software fails to propagate the Zone.Identifier alternate data stream—a mechanism...

5.5AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 12:0 a.m.17 views

CVE-2025-50328

CVE-2025-50328 affects B1 Free Archiver v1.5.86. The vulnerability occurs when files extracted from downloaded archives do not propagate the Zone.Identifier (MotW) ADS to extracted files, allowing them to bypass Windows Defender SmartScreen and security prompts. This can enable untrusted code exe...

7.3CVSS6.1AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 12:0 a.m.37 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

0.00334EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.10 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00334EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/17 4:31 a.m.15 views

Malicious code in polyutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

6.3AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/15 9:58 p.m.9 views

Malicious code in clawdist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3008887b6c2929530cd48dc996c91d70eb92432465d02f4ff28e6d5927350097 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

6.4AI score
Exploits0References6
OSV
OSV
added 2026/02/15 9:58 p.m.4 views

MAL-2026-909 Malicious code in clawdist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3008887b6c2929530cd48dc996c91d70eb92432465d02f4ff28e6d5927350097 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

6.5AI score
Exploits0References6
OSV
OSV
added 2026/02/13 10:56 a.m.15 views

MAL-2026-878 Malicious code in magichat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b999f3f5762dc9bcb0dc2e91ef10116a368aca535d2f07fa2519e8d64bbc0902 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

6.5AI score
Exploits0References6
Rows per page
Query Builder