Lucene search
+L

5 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-42447

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...

3.6CVSS0.00139EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-42447 jadx: HTML Injection in Summary panel

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...

3.6CVSS6.2AI score0.00139EPSS
Exploits0References5
OSV
OSV
added 2026/05/21 5:9 p.m.7 views

GHSA-JF2Q-463C-6F52 androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)

Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...

4.8CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 a.m.9 views

CVE-2013-0742

Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long ZIP directory entry name in an XPS file...

9.3CVSS8.8AI score0.34707EPSS
Exploits1References1
OSV
OSV
added 2021/03/11 12:15 a.m.5 views

UBUNTU-CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS7.1AI score0.01517EPSS
Exploits0References3
Rows per page
Query Builder