Lucene search
K

20851 matches found

CVE
CVE
added 2026/05/12 9:56 p.m.18 views

CVE-2026-42854

Summary: The Arduino-ESP32 core is affected by a stack overflow in the WebServer multipart boundary parser. A boundary derived from the HTTP header (Content-Type: multipart/form-data; boundary=...) with length > ~8000 can overflow the 8192-byte loopTask stack, potentially enabling remote code ...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

7.1CVSS0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 8:16 p.m.13 views

CVE-2026-42444

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.13 views

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.8 views

CVE-2026-42355

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.8 views

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

5.5CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 7:23 p.m.11 views

EUVD-2026-29793

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

4.4CVSS5.8AI score0.00217EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 7:23 p.m.12 views

CVE-2026-44215

Summary: NanaZip versions 5.0.1252.0 through before 6.0.1698.0 contain a bug in the UFS/UFS2 filesystem image parser that allows a one-byte heap out-of-bounds null write when opening a crafted UFS image. Vulnerability details: attacker-controlled byte offset within a ~254-byte window past the hea...

7.1CVSS5.8AI score0.00217EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 7:23 p.m.8 views

CVE-2026-44215 NanaZip: Heap out-of-bounds write in NanaZip UFS directory parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

4.4CVSS5.8AI score0.00217EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 7:22 p.m.14 views

CVE-2026-42445

NanaZip 5.0.1252.0–before 6.0.1698.0 contains an uncontrolled recursion vulnerability in the UFS/UFS2 filesystem image parser. The function GetAllPaths recurses into subdirectories without a depth limit or visited-inode tracking, allowing a crafted UFS image with a very deep directory tree or an ...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:22 p.m.6 views

CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/12 7:22 p.m.8 views

EUVD-2026-29789

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:22 p.m.19 views

CVE-2026-42444

NanaZip: Unbounded resource consumption DoS in the littlefs image parser. From 5.0.1252.0 to before 6.0.1698.0, the parser reads BlockCount from a crafted superblock without validation, then allocates per-iteration path entries. A 44-byte littlefs image with BlockCount = 0xFFFFFFFF causes ~4 bill...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 7:22 p.m.5 views

CVE-2026-42444 NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:21 p.m.33 views

CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

3.3CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 7:21 p.m.10 views

EUVD-2026-29787

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

3.3CVSS5.9AI score0.00111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:21 p.m.6 views

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

3.3CVSS5.9AI score0.00111EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:21 p.m.19 views

CVE-2026-42442

Summary: CVE-2026-42442 affects NanaZip, an open source file archive, in versions 5.0.1252.0 through before 6.0.1698.0. A null‑pointer dereference occurs in the UFS/UFS2 filesystem image parser when opening a crafted UFS image whose root inode (inode 2) is set to IFLNK (symlink) instead of IFDIR ...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:20 p.m.33 views

CVE-2026-42355 NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:20 p.m.18 views

CVE-2026-42355

CVE-2026-42355 affects NanaZip, an open‑source file archive. The issue is an uncontrolled recursion in the Electron Archive (ASAR) parser when opening a crafted .asar with deeply nested JSON in the header. The recursion occurs in both nlohmann::json::parse and the handler’s GetAllPaths, consuming...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder