Skip to main content

Lhaz

5 CVEs product

Monthly

CVE-2026-41530 MEDIUM This Month

Path traversal vulnerability in Lhaz and Lhaz+ archive extraction allows local users to write files to unintended directories when the automatic folder creation feature is enabled and a crafted archive is extracted. The vulnerability requires user interaction (extracting a malicious archive) and affects only the integrity of file placement, not confidentiality or availability. CVSS score is 3.3 (low); no public exploit code or active exploitation has been identified.

Path Traversal Lhaz
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2017-2249 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2248 HIGH This Week

Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2247 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2246 HIGH This Week

Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
EPSS 0% CVSS 4.6
MEDIUM This Month

Path traversal vulnerability in Lhaz and Lhaz+ archive extraction allows local users to write files to unintended directories when the automatic folder creation feature is enabled and a crafted archive is extracted. The vulnerability requires user interaction (extracting a malicious archive) and affects only the integrity of file placement, not confidentiality or availability. CVSS score is 3.3 (low); no public exploit code or active exploitation has been identified.

Path Traversal Lhaz
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy