Lucene search
K

2508 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 8:7 p.m.14 views

TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

7.2CVSS5.2AI score0.00238EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 7:9 p.m.13 views

TYPO3 CMS has Insecure Deserialization via Core API

Problem TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted...

6.3CVSS5.9AI score0.00215EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/12 7:9 p.m.12 views

EUVD-2026-35401

TYPO3 CMS has Insecure Deserialization via Core API...

6.3CVSS5.2AI score0.00215EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/12 7:9 p.m.6 views

Deserialization of Untrusted Data

Overview typo3/cms-install is a TYPO3 extension install. The Install Tool is used for installation, upgrade, system administration and setup tasks. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute...

9.3CVSS6.2AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 7:9 p.m.8 views

Deserialization of Untrusted Data

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage...

9.3CVSS6.2AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 7:9 p.m.6 views

Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 7:9 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 7:9 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 7:9 p.m.8 views

GHSA-C78M-C52X-JGWP TYPO3 CMS has Insecure Deserialization via Core API

Problem TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted...

6.3CVSS6AI score0.00215EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-49067

Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-41728

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...

7.5CVSS5.4AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-40993

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

7.3CVSS5.4AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.14 views

CVE-2026-46695

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS0.00289EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.12 views

CVE-2026-48289

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47930

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.15 views

CVE-2026-49740

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS5.8AI score0.00215EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.9 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.4AI score0.00939EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35886

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.13 views

CVE-2026-41728

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...

7.5CVSS0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.30 views

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Rows per page
Query Builder