EUVD-2026-13661

Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute...

Security Bulletin: due to the use of IBM WebSphere Application Server and WebSphere Application Server Liberty, IBM Watson Explorer is vulnerable to a cross-site scripting vulnerability.

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

📄 Microsoft Windows Server 2025 jscript.dll Use-After-Free

The exploit targets a use-After-free vulnerability in the JScript engine component jscript.dll of Internet Explorer 11 on Windows Server 2025. ============================================================================================================================================= | Title :...

Microsoft Windows 11 Build 26200 File Explorer Auditor

This Metasploit module provides a defensive pre-execution assessment for the Windows vulnerability where File Explorer fails to properly restrict access to sensitive system locations...

CVE-2019-25463

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

CVE-2019-25463 SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

CVE-2019-25463

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

CVE-2019-25463 SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

Nsasoft SpotIE Internet Explorer Password Recovery 缓冲区错误漏洞

Nsasoft SpotIE Internet Explorer Password Recovery is a password recovery tool developed by the US company Nsasoft. Version 2.9.5 of Nsasoft SpotIE Internet Explorer Password Recovery contains a buffer overflow vulnerability. This vulnerability stems from a buffer overflow in the registration key...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...

EUVD-2026-10690

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-10584

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

EUVD-2026-10585

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-26121

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-26121

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-23661

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-23661

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-23664

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-23662

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...