Bandisoft
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Bandisoft product.
RSS Feeds for Bandisoft security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Bandisoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Bandisoft Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Bandisoft. Last year, in 2025 Bandisoft had 1 security vulnerability published. Right now, Bandisoft is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.10 |
| 2024 | 4 | 0.00 |
| 2023 | 1 | 8.80 |
| 2022 | 1 | 7.80 |
It may take a day or so for new Bandisoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Bandisoft Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-33027 | Apr 15, 2025 |
Bandizip <=7.37 MoW Bypass VulnerabilityIn Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, Bandizip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content. |
Bandizip
|
| CVE-2024-45872 | Oct 03, 2024 |
Bandisoft BandiView 7.05 Buffer Overflow via PSD ValidationBandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. |
Bandiview
|
| CVE-2024-45871 | Oct 03, 2024 |
Bandisoft BandiView 7.05 - Incorrect Access Control in sub_0x232bd8 for DOSBandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). |
Bandiview
|
| CVE-2024-45870 | Oct 03, 2024 |
Bandisoft BandiView 7.05 IAC via crafted POC fileBandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. |
Bandiview
|
| CVE-2024-22526 | Apr 12, 2024 |
Buffer Overflow in Bandiview v7.0 via EXR image (DoS)Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. |
Bandiview
|
| CVE-2023-4863 | Sep 12, 2023 |
Heap Buffer Overflow in libwebp (Chrome <116.0.5845.187 / libwebp 1.3.2)Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
Honeyview
|
| CVE-2021-26635 | Jun 02, 2022 |
In the code that verifies the file size in the ark library, it is possible to manipulate the offset readIn the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution. |
Ark Library
|