SUSE CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter...

CVE-2021-27232

The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage...

SUSE CVE-2012-0439

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via 1 a pointer argument to the SetEngine method or 2 an XPItem pointer argument to an unspecified method...

📄 Microsoft Windows Server 2025 jscript.dll Use-After-Free

The exploit targets a use-After-free vulnerability in the JScript engine component jscript.dll of Internet Explorer 11 on Windows Server 2025. ============================================================================================================================================= | Title :...

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 CVSS score: 8.8 - A use-after-free...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-0015link is external Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability CVE-2020-7796link is external Synacor Zimbra Collaboratio...

Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability

Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully...

CVE-2018-19444

A use after free in the TextBox field Validate action in IReaderContentProvider can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free locatio...

CVE-2018-19450

A command injection can occur for specially crafted PDF files in Foxit Reader SDK ActiveX 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution...

CVE-2011-0248

Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted QTL file...

CVE-2020-10599

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

CVE-2022-23763

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections...

CVE-2020-7873

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution...

CVE-2020-7874

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension...

CVE-2020-7812

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC...

CVE-2020-7803

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution...

CVE-2013-6127

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the...

CVE-1999-0917

The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files...

CVE-1999-0670

Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands...