CVE-2026-26034

The CVE concerns UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The issue is an Incorrect Default Permissions (CWE-276) that enables arbitrary code execution with SYSTEM privileges by loading a specially crafted DLL. According to the provided metrics, it is a Local attack with LOW att...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26033

The advisory concerns CVE-2026-26033 affecting UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The vulnerability is CWE-428 Unquoted Search Path/Element, allowing a user with write access to a system drive directory to execute arbitrary code with SYSTEM privileges. Affected component i...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

PT-2026-23127

Name of the Vulnerable Software and Affected Versions UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 Description The UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 has an issue related to incorrect default permissions. This allows an attacker to execute arbitrary code...

PT-2026-23126

Name of the Vulnerable Software and Affected Versions UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 Description The UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element issue. This allows a user with write access to a directory on...

Dell UPS Multi-UPS Management Console 安全漏洞

Dell UPS Multi-UPS Management Console is an uninterruptible power supply management software developed by the American company Dell. Version 01.06.0001 of Dell UPS Multi-UPS Management Console contains a security vulnerability. This vulnerability arises from incorrect default permissions, which...

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...

CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (February 2026)

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Remote code execution due to a directory traversal vulnerability...

PT-2026-22916

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from incorrect implementation of the...

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from incorrect implementation of the...

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

MajorDoMo Console Eval Unauthenticated RCE

This module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panel's PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call intended to...