CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

...

CVE-2026-21219

CVE-2026-21219 describes a Use-after-Free in Inbox COM Objects (Global Memory) that allows an unauthenticated attacker to achieve Remote Code Execution by local access. Affected software is the Inbox COM Objects component of Windows apps (notably those handling mail via Outlook/Exchange); the iss...

CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

...

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...

Microsoft Inbox COM Objects 资源管理错误漏洞

Microsoft Inbox COM Objects is a built-in COM component for the Windows operating system from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Inbox COM Objects. An attacker can exploit this vulnerability to remotely execute code...

PT-2026-2762

Name of the Vulnerable Software and Affected Versions versions prior to 2026-21219 Description A use after free issue exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a newer version that contai...

Microsoft Windows SDK < 10.0.26100.7463 Inbox COM Objects (Global Memory) RCE (January 2026)

The version of Microsoft Windows SDK installed on the remote host is prior to 10.0.26100.7463. It is, therefore, affected by a remote code execution vulnerability: - Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. CVE-2026-21219 Note that Nessus has no...

CVE-2025-41077

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

CVE-2025-41077

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

CVE-2025-41077

CVE-2025-41077 affects Viafirma Inbox v4.5.13 with an Insecure Direct Object Reference (IDOR) flaw. The vulnerability allows any authenticated, unprivileged user to list all users, access and modify their data (including emails) and then use password recovery to impersonate other users, potential...

CVE-2025-41077 Multiple vulnerabilities in Viafirma products

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

EUVD-2026-1931

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

CVE-2025-41077 Multiple vulnerabilities in Viafirma products

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

PT-2026-2266

Name of the Vulnerable Software and Affected Versions Viafirma Inbox version 4.5.13 Description An IDOR Insecure Direct Object Reference issue exists in Viafirma Inbox version 4.5.13. An authenticated user without appropriate privileges can list all users, access, and modify their data. This...

Viafirma Inbox 安全漏洞

Viafirma Inbox is an electronic signature inbox from the Spanish company Viafirma. A security vulnerability exists in Viafirma Inbox version 4.5.13, which stems from the presence of an insecure direct object reference that could cause any authenticated but unprivileged user to list all users,...

CVE-2025-15464

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

CVE-2025-15464

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

CVE-2025-15464 KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

CVE-2025-15464

The CVE-2025-15464 entry concerns yintibao Fun Print Mobile (Android, ARM64) with version 6.05.15 affected. The issue is an exported PandoraEntry activity that processes unvalidated external intents, enabling external applications to gain application context and directly launch Gmail with inbox a...

PT-2026-1770

Name of the Vulnerable Software and Affected Versions Gmail affected versions not specified Description An exported activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. This allows unauthorized access to Gmail...