GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

CVE-2026-9264

CVE-2026-9264 affects SketchUp 2026 where the Dynamic Components feature fails to sanitize inputs in the component options window. The root cause is improper input sanitization, allowing a crafted SKP to run arbitrary system commands and read local files via an embedded Internet Explorer 11 brows...

EUVD-2026-31386

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

Trimble SketchUp 安全漏洞

Trimble SketchUp is a 3D modeling software developed by Trimble in the United States. It is designed for architects, urban planning experts, producers, game developers, and professionals in related fields. Trimble SketchUp has a security vulnerability that stems from improper handling of dynamic...

PT-2026-42704

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users...

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product...

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users shoul...

Exploit for Out-of-bounds Write in Microsoft

CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBSc...

KB5082806: Cumulative security update for Internet Explorer: April 14, 2026

KB5082806: Cumulative security update for Internet Explorer: April 14, 2026 Important Certain versions of Microsoft Internet Explorer have reached the end of support. Note that some versions of Internet Explorer may be supported past the latest OS end date when Extended Security Updates ESUs are...

📄 Microsoft Windows Server 2025 jscript.dll Use-After-Free

The exploit targets a use-After-free vulnerability in the JScript engine component jscript.dll of Internet Explorer 11 on Windows Server 2025. ============================================================================================================================================= | Title :...

CVE-2019-25463

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

CVE-2019-25463

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

CVE-2019-25463 SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

CVE-2019-25463 SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

Nsasoft SpotIE Internet Explorer Password Recovery 缓冲区错误漏洞

Nsasoft SpotIE Internet Explorer Password Recovery is a password recovery tool developed by the US company Nsasoft. Version 2.9.5 of Nsasoft SpotIE Internet Explorer Password Recovery contains a buffer overflow vulnerability. This vulnerability stems from a buffer overflow in the registration key...

KB5078738: Cumulative security update for Internet Explorer: March 10, 2026

KB5078738: Cumulative security update for Internet Explorer: March 10, 2026 Important Certain versions of Microsoft Internet Explorer have reached the end of support. Note that some versions of Internet Explorer may be supported past the latest OS end date when Extended Security Updates ESUs are...

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft releases important security updates on the second Tuesday of every month, known as “Patch Tuesday.” This month’s update patches fix 59 Microsoft CVE’s including six zero-days. Let’s have a quick look at these six actively exploited zero-days. Windows Shell Security Feature Bypass...

PT-2026-7658

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 MSHTML affected versions not specified Description An OS command injection issue exists in XWEB Pro, allowing a user with network access to execute code remotely by injecting malicious input into the request...

Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...