MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2025-14098 | Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104. | 7.8 | 无 | 2026-06-12 | 2026-06-12 |
| CVE-2026-47223 | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). A 32-bit unsigned integer overflow in the bounds check pos + ht.salt_len > descSize allows an attacker-controlled salt_len field to bypass validation, causing CByteBuffer::CopyFrom to memcpy up to ~4 GiB past the end of a 64. This iss | 5.4 | 0.05% | 2026-06-12 | 2026-06-13 |
| CVE-2026-11774 | An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer overflow of up to approximately 2 megabytes of attacker-controlled data. After a successful SASL bind with integrity protection (SSF > 0), a remote attacker can cause a Denial of Service (DoS) | 7.6 | 0.08% | 2026-06-11 | 2026-06-11 |
| CVE-2025-66280 | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later | 5.1 | 0.14% | 2026-06-10 | 2026-06-10 |
| CVE-2026-34711 | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | 7.5 | 0.07% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47925 | Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | 0.02% | 2026-06-09 | 2026-06-12 |
| CVE-2023-29146 | The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size. | 8.2 | 0.01% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47291 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | 9.8 | 0.18% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47288 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. | 7.1 | 0.32% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45593 | Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. | 7.8 | 0.08% | 2026-06-09 | 2026-06-11 |
| CVE-2026-45592 | Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally. | 7.8 | 0.08% | 2026-06-09 | 2026-06-11 |
| CVE-2026-44812 | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | 7.8 | 0.10% | 2026-06-09 | 2026-06-09 |
| CVE-2026-44803 | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | 7.8 | 0.10% | 2026-06-09 | 2026-06-09 |
| CVE-2026-42974 | Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | 8.1 | 0.09% | 2026-06-09 | 2026-06-10 |
| CVE-2026-42916 | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | 0.08% | 2026-06-09 | 2026-06-11 |
| CVE-2026-41977 | DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. | 5.0 | 0.01% | 2026-06-09 | 2026-06-09 |
| CVE-2026-41849 | An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48. | 7.5 | 0.04% | 2026-06-09 | 2026-06-09 |
| CVE-2026-48112 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style __.SYMDEF symbol table, the ParseLibSymbols function reads a 32-bit namesSize field via Get32 at a position that can equal the buffer size, reading 4 bytes past the end of the heap allocation. This reads uninitialized heap data under the | 6.5 | 0.03% | 2026-06-05 | 2026-06-08 |
| CVE-2026-48095 | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing attackers to cause arbitrary code execution or application crashes. CInStream::GetCuSize() in the NTFS handler computes the compression-unit buffer size as (UInt32)1 << (BlockSizeLog + CompressionUnit), and a crafted image with ClusterSizeLog >= 28 and Compression | 8.8 | 0.06% | 2026-06-05 | 2026-06-08 |
| CVE-2026-11299 | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | 6.5 | 0.03% | 2026-06-05 | 2026-06-09 |