Lucene search
K

32 matches found

NVD
NVD
added 2026/06/28 2:16 a.m.51 views

CVE-2026-58052

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.39 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39972

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References3
CVE
CVE
added 2026/06/28 1:32 a.m.120 views

CVE-2026-58052

Technical details are not publicly available in the provided documents; monitor for updates.

4.8CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-53084

Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.6 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS6AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 p.m.13 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS0.00334EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.10 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00334EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.7 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

B1FREE 安全漏洞

B1FREE is a one-click backup and recovery tool developed by Andrew as an individual developer. Version B1FREE 1.5.86 contains a security vulnerability. This vulnerability arises from the failure to propagate the Zone.Identifier alternate data stream when extracting files from the downloaded...

7.3CVSS5.9AI score0.00334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.18 views

PT-2026-36002

Name of the Vulnerable Software and Affected Versions B1 Free Archiver version 1.5.86 Description An issue exists where files extracted from downloaded archives bypass Windows Mark of the Web MotW protections. The software fails to propagate the Zone.Identifier alternate data stream—a mechanism...

5.5AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/29 12:0 a.m.9 views

EUVD-2025-209592

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 11:15 p.m.5 views

CVE-2025-14585

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

9.8CVSS0.00363EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2025/09/26 11:23 p.m.3 views

SUSE CVE-2025-59342

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

6.9CVSS9.1AI score0.02829EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/08/27 10:20 a.m.2 views

CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...

7.3CVSS6.2AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 10:20 a.m.5 views

CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...

7.3CVSS0.00157EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/10 1:6 a.m.5 views

golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this...

6.1CVSS6.8AI score0.00458EPSS
Exploits0References7
OSV
OSV
added 2025/03/12 7:15 p.m.7 views

AZL-58458 CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.7 views

AZL-58469 CVE-2025-22870 affecting package packer for versions less than 1.9.5-9

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
Rows per page
Query Builder