23321 matches found
February 2026 Patch Tuesday includes six actively exploited zero-days
Microsoft releases important security updates on the second Tuesday of every month, known as “Patch Tuesday.” This month’s update patches fix 59 Microsoft CVE’s including six zero-days. Let’s have a quick look at these six actively exploited zero-days. Windows Shell Security Feature Bypass...
PT-2026-7658
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 MSHTML affected versions not specified Description An OS command injection issue exists in XWEB Pro, allowing a user with network access to execute code remotely by injecting malicious input into the request...
KB5075944: Cumulative security update for Internet Explorer: February 10, 2026
KB5075944: Cumulative security update for Internet Explorer: February 10, 2026 Important Certain versions of Microsoft Internet Explorer have reached the end of support. Note that some versions of Internet Explorer may be supported past the latest OS end date when Extended Security Updates ESUs a...
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...
Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft
Detections for the CVE-2026-21509 vulnerability in MS Office...
CVE-2023-40290
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows...
CVE-2009-4804
Cross-site scripting XSS vulnerability in the Calendar Base cal extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."...
CVE-2009-4040
Cross-site scripting XSS vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page...
CVE-2003-1305
Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...
CVE-2008-7295
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...
CVE-2019-11700
A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox 67...
CVE-2019-20825
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used...
CVE-2019-20830
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used...
CVE-2011-0248
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted QTL file...
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...
CVE-1999-0331
Buffer overflow in Internet Explorer 4.01...
CVE-1999-0869
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing...
CVE-1999-0917
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files...
CVE-1999-0702
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability...
CVE-1999-0490
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag...