CVE-1999-0877

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME...

CVE-1999-0871

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability...

CVE-2019-16216

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

IE Mode: A Window to the Web – or to Attackers?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Recently, Internet Explorer IE Mode has been weaponized by threat actors through multiple zero-day...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 This is a python PoC...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in the Internet Explorer component. The issue can be triggered via DNS spoofing with a malicious URL shortcut and WebDAV, enabling an attacker to execute arbitrary code and potentially run a reverse shell with SMB server intera...

CVE-2023-53875 GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

Gomlab GOM Player 安全漏洞

Gomlab GOM Player is a multimedia player software from the Korean company Gomlab. A security vulnerability exists in Gomlab GOM Player version 2.3.90.5360, which originates from a remote code execution vulnerability in the Internet Explorer component that could lead to the execution of arbitrary...

PT-2025-51293

Name of the Vulnerable Software and Affected Versions GOM Player version 2.3.90.5360 Description GOM Player has a remote code execution issue in its Internet Explorer component. An attacker can execute arbitrary code through DNS spoofing. The attack involves redirecting a victim using a malicious...

CVE-2025-64990

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

CVE-2025-64990 Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

CVE-2025-64990

TeamViewer DEX (formerly 1E DEX) contains a command injection in the 1E-Explorer-TachyonCore-LogoffUser instruction prior to V21.1. Root cause: improper input validation. Impact: authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote execution of elevated ...

CVE-2025-64987

CVE-2025-64987 applies to TeamViewer DEX (formerly 1E DEX). The issue is a command injection in the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction caused by improper input validation. Authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote execution of ...

CVE-2025-64986 Command Injection in 1E-Explorer-TachyonCore-DevicesListeningOnAPort Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

Exploit for CVE-2025-54100

CVE-2026-0386 Powershell's curl uses Invoke-WebRequest u...

CVE-2025-62565

CVE-2025-62565 is a Windows Shell elevation-of-privilege vulnerability caused by a use-after-free in Windows Shell. A locally authenticated attacker can exploit it to elevate privileges; CVSSv3.1 base score 7.3 (HIGH) with LOCAL attack vector, LOW attack complexity, LOW privileges required, and U...

CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability

...

CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability

...