27 matches found
About Remote Code Execution – Microsoft Word (CVE-2026-21514) vulnerability
About Remote Code Execution - Microsoft Word CVE-2026-21514 vulnerability. This vulnerability is from February Microsoft Patch Tuesday. Reliance on Untrusted Inputs in a Security Decision CWE-807 in Microsoft Office Word allows an unauthenticated attacker to bypass OLE security features when...
Patch Tuesday, October 2025 ‘End of 10’ Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for...
GHSA-XP8G-32QH-MV28 Decap CMS Cross Site Scripting (XSS) vulnerability
Decap CMS through 3.8.3 is vulnerable to stored Cross-Site Scripting XSS in the admin preview pane. User-controlled fields e.g., title, description, tags, and body are rendered in the preview without sufficient sanitization/escaping. An attacker with low-privilege author/contributor access can...
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Impact Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS = 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer...
Cross-site Scripting (XSS)
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Markdown Editor Preview Pane. An attacker can inject malicious content into a website or application by exploiting this vulnerability. Details Cross-site scripting or XS...
CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...
CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...
Microsoft Outlook 安全漏洞
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Outlook due to invalid handling of user input in the preview pane. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Microsoft Windows Explorer Preview Pane Security Bypass
Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Google Dork: n/a Date: December 25th, 2021 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7, 8.1, 10, 11 x86/x64...
Windows Explorer Preview Pane HTML File Link Spoofing
Exploit Title: Windows Explorer Preview Pane HTML File Link Spoofing Vulnerability Google Dork: n/a Date: December 25th, 2021 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7, 8.1, 10, 11 x86/x64 Tested on:...
Microsoft Windows Explorer Preview Pane Security Bypass Vulnerability
Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt. Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Exploit Author: Eduar...
Microsoft Windows Explorer Preview Pane HTML File Link Spoofing Vulnerability
The Windows Explorer Preview Pane feature allows for spoofing of links contained in an HTML based file because upon moving the mouse over the link nothing happens and it cannot be right-clicked to show the actual target. Exploit Title: Windows Explorer Preview Pane HTML File Link Spoofing...
CVE-2020-16947
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user is logged on with...
CVE-2020-1483
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrativ...
Microsoft Outlook Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, t...
Adobe Font Manager Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability coul...
Adobe Font Manager Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability coul...
Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability (ADV200006)
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a use...
Type 1 Font Parsing Remote Code Execution Vulnerability
Microsoft has become aware of limited targeted Windows 7 based attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. We appreciate the efforts of our...
CVE-2019-1205
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could th...