This page lists publicly disclosed CVE vulnerabilities affecting nsasoft spotauditor (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-25666 | SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition. | [email protected] | 6.9 | 0.24% | 2026-04-05 | 2026-04-20 |
| CVE-2019-25596 | SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash. | [email protected] | 6.9 | 0.19% | 2026-03-22 | 2026-03-23 |
| CVE-2019-25434 | SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application. | [email protected] | 6.7 | 0.37% | 2026-02-20 | 2026-03-05 |
| CVE-2019-25340 | SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field. | [email protected] | 6.7 | 0.42% | 2026-02-12 | 2026-02-20 |
| CVE-2019-25336 | SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system. | [email protected] | 8.4 | 0.21% | 2026-02-12 | 2026-02-20 |
| CVE-2021-27722 | An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering. | [email protected] | 7.5 | 1.34% | 2021-11-02 | 2024-11-21 |