FeedSoftware

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2013-0074

Critical Advisory: Resolving CVE-2013-0074 and the Risks of Legacy Microsoft Silverlight Deployments

Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.

Silverlight

View Detail

CVE-2013-0431

CVE-2013-0431: Analyzing the Oracle Java JRE Sandbox Bypass and Its Active Ransomware Exploitation

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.

Java Runtime Environment (JRE)

View Detail

CVE-2016-0034

CVE-2016-0034: Critical Microsoft Silverlight RCE Vulnerability Technical Advisory

Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).

Silverlight

View Detail

CVE-2026-42897

Critical Vulnerability Advisory: CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

Microsoft Exchange Server

View Detail

CVE-2022-44698

Defeating MOTW: A Deep Dive into the CVE-2022-44698 Microsoft Defender SmartScreen Bypass

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Defender

View Detail

CVE-2023-23376

In-Depth Analysis: CVE-2023-23376 Windows CLFS Driver Privilege Escalation

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Windows

View Detail

CVE-2023-28252

CVE-2023-28252: Critical Windows CLFS Driver Privilege Escalation Advisory

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Windows

View Detail

CVE-2023-22518

Critical Advisory: CVE-2023-22518 Atlassian Confluence Improper Authorization Vulnerability

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.

Confluence Data Center and Server

View Detail

CVE-2023-38203

CVE-2023-38203: Critical Adobe ColdFusion Deserialization Vulnerability Threat Advisory

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

ColdFusion

View Detail

CVE-2026-2441

CVE-2026-2441: Critical Use-After-Free Vulnerability in Google Chromium CSS Engine

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Chromium

View Detail

CVE-2026-33825

CVE-2026-33825: Defending Against Microsoft Defender Privilege Escalation (CWE-1220)

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

Defender

View Detail

CVE-2009-0238

Microsoft Office Excel Remote Code Execution (CVE-2009-0238) Technical Security Advisory

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.

Office

View Detail