CVE-2025-49940

CVE-2025-49940 is a DOM-based XSS in WordPress Fusion Builder (fusion-builder) up to version 3.13.2. The root cause is improper input neutralization during web page generation, enabling script execution in the browser context. Affected software: Fusion Builder fusion-builder (WordPress plugin)

CVE-2025-49923 WordPress Seriously Simple Podcasting plugin <= 3.11.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a through = 3.11.1...

CVE-2025-49552 Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate ...

EUVD-2025-34399

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...

CVE-2025-58738

CVE-2025-58738 is a local-execution vulnerability caused by a use-after-free in Inbox COM Objects. Reported impact: unauthorized code execution on the affected system with local attacker access. Documented impact aligns with high-severity CVSS metrics (AV: Local, AC: High, PR: None, UI: Required;...

CVE-2025-58738 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

...

CVE-2025-58725

CVE-2025-58725 is described in connected documents as a heap-based buffer overflow in Windows COM that allows a locally authenticated attacker to elevate privileges. The CVE is associated with Windows COM components, with a CVSS v3.1 score of 7.0 (Local, High impact, Privilege escalation) and Exp...

CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

...

CVE-2025-58732 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

...

CVE-2025-9437

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

PT-2025-42144

Name of the Vulnerable Software and Affected Versions Internet Information Services affected versions not specified Description A race condition exists in Inbox COM Objects due to concurrent execution using a shared resource with improper synchronization. This allows an unauthorized attacker to...

PT-2025-42068

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A use-after-free issue exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a...

Microsoft Windows COM 安全漏洞

Microsoft Windows COM is a technology for the purpose of reusing software from Microsoft Corporation USA.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components. A security vulnerability exists in Microsoft Windows COM...

PT-2025-42067

Name of the Vulnerable Software and Affected Versions versions prior to 2025-58731 Description A use after free issue exists in Inbox COM Objects, potentially allowing an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a newer version th...

PT-2025-42061

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow exists in Windows COM. An authorized attacker with local access can exploit this flaw to elevate privileges. Successful exploitation could lead to code execution...

Microsoft Inbox COM Objects 资源管理错误漏洞

Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code on a system...

EUVD-2011-5253

Malware in sbrugna...

EUVD-2007-5625

Malware in sbrugna...