CVE-2025-12683
- EPSS 0.02%
- Veröffentlicht 04.11.2025 04:23:02
- Zuletzt bearbeitet 04.11.2025 15:40:45
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of ...
CVE-2023-27704
- EPSS 0.04%
- Veröffentlicht 12.04.2023 14:15:07
- Zuletzt bearbeitet 10.02.2025 16:15:36
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).
CVE-2021-20784
- EPSS 0.45%
- Veröffentlicht 14.07.2021 02:15:07
- Zuletzt bearbeitet 03.12.2024 02:15:16
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.
CVE-2020-24567
- EPSS 0.13%
- Veröffentlicht 21.08.2020 03:15:11
- Zuletzt bearbeitet 21.11.2024 05:15:00
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which...