CVE-2026-47224

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...

CVE-2026-47224

Summary: CVE-2026-47224 affects NanaZip on Windows: a heap buffer-overflow read in the LVM2 physical-volume metadata parser (via the upstream 7-Zip LvmHandler) can be triggered by opening a crafted LVM disk image. Affected are NanaZip versions 3.0.1000.0 through 6.0.1697.999; the issue is fixed i...

EUVD-2026-31937

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

CVE-2025-59054

dstack is a software development kit SDK to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the /data mount. The guest will open t...