CVE-2025-27997

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...

Valve Steam Client 安全漏洞

Valve Steam Client is a digital game distribution client from Valve Corporation, USA. A security vulnerability exists in Valve Steam Client version 1738026274, which originates from a specially crafted executable or DLL, and may result in elevated privileges...

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL...

CVE-2025-27998

CVE-2025-27998 affects Valve’s Steam Client (version 1738026274). The issue allows local privilege escalation via a crafted executable or DLL, with a CVSSv3.1 base score of 8.4 (HIGH) and impact on confidentiality, integrity, and availability. Affected component: Steam Client; root cause and exac...

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL...

GHSA-9HQ9-CR36-4WPJ TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

CVE-2025-47939

TYPO3 CMS vulnerability CVE-2025-47939 affects TYPO3 versions prior to 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. The issue is an unrestricted file upload in the File Abstraction Layer: the file management backend allowed uploading any file type, including potentially ...

CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restrictio...

CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restrictio...

CVE-2025-4769

A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The...

The vulnerability of the ThinServer.exe executable file of the ThinServer component of the Rockwell Automation ThinManager centralized application management platform allows a attacker to load arbitrary files.

The vulnerability of the ThinServer.exe executable file of the ThinServer component of Rockwell Automation’s ThinManager application platform is related to errors in processing the relative path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to...

Malicious code in telegramdoxing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cdffd265ab7e5d199258a068bf6c251370ae931fc905109bd2fb659cd7d9114 The package contains an embedded malicious executable probably blank grabber started when running the module. Probably continuation of 2025-05-pydoxing ---...

MAL-2025-191888 Malicious code in telegramdoxing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cdffd265ab7e5d199258a068bf6c251370ae931fc905109bd2fb659cd7d9114 The package contains an embedded malicious executable probably blank grabber started when running the module. Probably continuation of 2025-05-pydoxing ---...

Malicious code in pyinite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ed8f43159750189f4cea17185b5ee087dda83db8574bf258010068c524fc723 File is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious. --- Category: MALICIOUS - The campaign...

MAL-2025-191834 Malicious code in pyinite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ed8f43159750189f4cea17185b5ee087dda83db8574bf258010068c524fc723 File is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious. --- Category: MALICIOUS - The campaign...

Ensure That the Permissions on Important Files and Directories Are Minimized

According to the principle of least privilege, the minimum access permission must be correctly set for key files or directories in the system, especially those containing sensitive information. Only users with relevant permissions can access these files or directories. If the file or directory...

Ensure That Partitions without Executable Files Are Mounted Using noexec

A data drive only stores data generated during service running. No command is executed in the data drive. Therefore, you can mount the drive or partition using noexec to improve security and reduce the attack surface. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be...

Do Not Allow Hidden Executable Files

In Linux, the name of a hidden file starts with a dot .. Hidden executable files are not allowed in the system. Note that . and . are not hidden files. They refer to the current directory and upper-level directory, respectively. The .bashrc, .bashprofile, and .bashlogout files are script files us...

Malicious code in telepycore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3dcd0a2a8162a703ef9d7b90566e4c55116a7f4f4d3b8759ca0d2640acd4ee4 Package can only be used requires additional triggering to install a remote executable, ensure it starts on logon and name mimic network service. Though...