CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...

EUVD-2025-206456

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...

PT-2026-5143

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.3 RU10 Patch 1 Symantec Endpoint Protection versions prior to 14.3 RU9 Patch 2 Symantec Endpoint Protection versions prior to 14.3 RU8 Patch 3 Description The software may be susceptible to a C...

CVE-2025-67264

CVE-2025-67264 describes an OS command-injection in the com.sprd.engineermode component on Doogee Note59/Note59 Pro/Note59 Pro+. The vulnerability allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, attributed to incomplete patching of CVE-202...

CVE-2025-66523

CVE-2025-66523 reflects a Cross-Site Scripting (XSS) issue in na1.foxitesign.foxit.com prior to 2026-01-16, caused by URL parameters being embedded directly into JavaScript code or HTML attributes without proper encoding or sanitization. An authenticated user can trigger script injection by visit...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

Vulnerability fixed in Microsoft Developer Tools

Microsoft has fixed a vulnerability in Inbox COM Objects. A malicious party could exploit the vulnerability to execute arbitrary code in the context of the vulnerable application without prior authentication. Inbox Component Object Model COM objects is an architecture for developers to develop...

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...

PT-2026-2806

Name of the Vulnerable Software and Affected Versions Cal.com versions 3.1.6 through 6.0.6 Description Cal.com, an open-source scheduling software, has a critical flaw in a custom NextAuth JWT callback. This issue allows attackers to gain full authenticated access to any user's account by supplyi...

Microsoft Windows SDK < 10.0.26100.7463 Inbox COM Objects (Global Memory) RCE (January 2026)

The version of Microsoft Windows SDK installed on the remote host is prior to 10.0.26100.7463. It is, therefore, affected by a remote code execution vulnerability: - Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. CVE-2026-21219 Note that Nessus has no...

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

CVE-2017-12758

https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution remote. The component is: comappointment component...

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

EUVD-2026-1681

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

CVE-2025-66521

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-66502 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...