CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-34396

MailEnable

CVE-2024-56837

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defense...

CVE-2024-56837

Siemens RUGGEDCOM ROX II family devices (ROX II) prior to v2.17.0 are affected by a code-injection vulnerability caused by insufficient validation during installation and loading of certain configuration files. Several sources document that an attacker could exploit this to spawn a reverse shell ...

jfs: Verify inode mode when loading from disk

...

SUSE CVE-2025-40312

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 "isofs: Verify inode mode when loading from disk" does...

PT-2025-49828

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description A flaw exists in the RUGGEDCOM ROX II family that could allow an attacker to gain root access on the affected system. This is due to inadequate validation when installing and loading certai...

PT-2025-50135

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to execute arbitrary code. The MailEnable administrative executable attempts to load MEAINFY.D...

MailEnable 代码问题漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a code issue vulnerability that stems from an insecure DLL loading mechanism that can be exploited by an attacker to...

CVE-2025-13992

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2025-40312

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 "isofs: Verify inode mode when loading from disk" does...

CVE-2025-40312

Technical details about CVE-2025-40312 are not provided in the connected documents. The advisories reference numerous CVEs but do not include specifics for this CVE. Monitor vendor advisories for fixes and impacted products.

Linux Distros Unpatched Vulnerability : CVE-2025-40312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 isofs: Verify inode mod...

EUVD-2025-201461

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

BIT-LIBPYTHON-2025-13837 Out-of-memory when loading Plist

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

Out-of-memory when loading Plist

...

Stored XSS in contacts app via organisation and title field

None...

SUSE CVE-2025-13992

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...