5.3
CVE-2025-34402 - MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in the JavaScript…
5.3
CVE-2025-34403 - MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in the JavaScript…
5.3
CVE-2025-34406 - MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the response. By supplying a crafte…
5.3
CVE-2025-34404 - MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in th…
5.3
CVE-2025-34397 - MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a c…
5.3
CVE-2025-34407 - MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre…
7.8
CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
7.8
CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.
7.8
CVE-2025-64680 - Windows DWM Core Library Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
7.8
CVE-2025-64679 - Windows DWM Core Library Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.