Lucene search
K

29 matches found

NVD
NVD
added 4 days ago17 views

CVE-2026-58052

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.8 views

Windows Mark of the Web Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS5.4AI score0.00423EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.8 views

PT-2026-47984

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A failure in the Mark of the Web MOTW protection mechanism allows an unauthorized attacker to bypass a security feature over a network, which can affect the system. Recommendations At the...

5.4CVSS5.4AI score0.00423EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

B1FREE 安全漏洞

B1FREE is a one-click backup and recovery tool developed by Andrew as an individual developer. Version B1FREE 1.5.86 contains a security vulnerability. This vulnerability arises from the failure to propagate the Zone.Identifier alternate data stream when extracting files from the downloaded...

7.3CVSS5.9AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.4 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 12:0 a.m.5 views

EUVD-2025-209592

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00334EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/12/17 12:0 a.m.7 views

Microsoft Edge Mark-Of-The-Web Removal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

8.8CVSS7.2AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 6:31 p.m.4 views

EUVD-2025-203807

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

6.3AI score0.00478EPSS
Exploits3References6
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.4 views

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

6.5AI score0.00478EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.3 views

Mozilla Firefox < 61.0

The version of Firefox installed on the remote Windows host is prior to 61.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-15 advisory. - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jo...

9.8CVSS8.3AI score0.04831EPSS
Exploits3References19
RedhatCVE
RedhatCVE
added 2025/11/12 10:6 a.m.2 views

CVE-2025-12905

Inappropriate implementation in Downloads in Google Chrome allowed a remote attacker to bypass Mark of the Web via a crafted HTML page...

5.4CVSS6.3AI score0.00141EPSS
Exploits0References2
NVD
NVD
added 2025/11/08 12:15 a.m.7 views

CVE-2025-12905

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Chromium security severity: Low...

5.4CVSS0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.7 views

PT-2025-45514

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.80 Description A flaw exists in Google Chrome’s Downloads functionality on Windows. This issue allows a remote attacker to bypass the Mark of the Web security feature using a specially crafted HTML...

5.4CVSS6.3AI score0.00141EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.7 views

PT-2025-51553

Name of the Vulnerable Software and Affected Versions Blue Mail versions 1.140.103 and below Description Blue Mail’s attachment interaction functionality saves documents to the file system without a Mark-of-the-Web tag. This bypasses file protection mechanisms in Windows OS and third-party...

9.3CVSS9AI score0.99945EPSS
Exploits35References8
SUSE CVE
SUSE CVE
added 2025/04/17 1:32 a.m.2 views

SUSE CVE-2025-33026

In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

7.8CVSS7.2AI score0.0023EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/04/04 12:0 a.m.5 views

The vulnerability of the MOTW mechanism of the WinRAR file archiver allows a hacker to execute arbitrary code.

The vulnerability of the Mark of the Web MOTW file archiver WinRAR is related to the lack of a warning message for users regarding unsafe actions related to the user interface when processing symbolic links that point to executable files. Exploiting this vulnerability allows a malicious actor to...

9CVSS7.5AI score0.01218EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2025/01/22 3:48 a.m.3 views

SUSE CVE-2025-0411

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...

7CVSS7.2AI score0.67071EPSS
Exploits8References3
BDU FSTEC
BDU FSTEC
added 2024/09/12 12:0 a.m.7 views

The vulnerability of the Mark of the Web mechanism in Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of the Mark of the Web mechanism in Windows operating systems is related to the breach of data protection mechanisms. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions...

6.4CVSS6AI score0.09835EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2024/09/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-38217

Microsoft Windows Mark of the Web MOTW contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW...

5.4CVSS5.8AI score0.09835EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.2 views

PT-2024-6052

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue concerns a security feature bypass vulnerability in the Mark of the Web MOTW protection mechanism of Microsoft Windows. This vulnerability can be exploited by an attacker ...

6.4CVSS5.8AI score0.09835EPSS
Exploits1References63
Rows per page
Query Builder