206157 matches found
CVE-2026-0859
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...
CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...
CVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...
Multiple vulnerabilities in EATON UPS Companion
Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...
kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...
CVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...
CVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...
CVE-2025-40942
CVE-2025-40942 affects TeleControl Server Basic prior to version 3.1.2.4. The issue is a local privilege escalation that could allow an attacker to execute arbitrary code with elevated privileges on the affected software. Remediation consistently cited across sources is to update TeleControl Serv...
PT-2026-2411
Name of the Vulnerable Software and Affected Versions Flame II HSPA USB Modem affected versions not specified Description The Flame II HSPA USB Modem contains a flaw due to an unquoted service path in its Windows service configuration. This allows attackers to potentially execute arbitrary code...
Flame II HSPA USB Modem 代码问题漏洞
The Flame II HSPA USB Modem is a wireless network card from Flame. The Flame II HSPA USB Modem suffers from a code issue vulnerability that stems from the presence of unquoted service paths in the Windows service configuration, which could lead to an attacker executing arbitrary code with elevate...
siemens TeleControl Server Basic 安全漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. A security vulnerability exists in siemens TeleControl Server Basic versions prior to V3.1.2.4, which stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary co...
PT-2026-2391
Name of the Vulnerable Software and Affected Versions PTPublisher version 2.3.4 Description The software contains an unquoted service path vulnerability in the PTProtect service. This allows local attackers to potentially execute arbitrary code with elevated privileges. The vulnerable path is...
MiracleLinux 9 : postgresql:15 (AXSA:2025-10826:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10826:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...
HPE Aruba Networking Virtual Intranet Access 安全漏洞
HPE Aruba Networking Virtual Intranet Access is a client agent software from HPE America. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary code with root...
Cobian Backup 代码问题漏洞
Cobian Backup is a file backup software by Luis Cobian Personal Developer. A code issue vulnerability exists in Cobian Backup version 0.9, which stems from the presence of an unquoted service path to the CobianReflectorService, which could lead to the execution of arbitrary code by a local user...
Outline 代码问题漏洞
Outline is an Outline open source knowledge base. A code issue vulnerability exists in Outline version 1.6.0, which stems from unquoted service paths and could lead to a local attacker executing arbitrary code with elevated system privileges...
Cain & Abel 代码问题漏洞
Cain & Abel is a password recovery tool from Cain & Abel. A code issue vulnerability exists in Cain & Abel version 4.9.56, which stems from the presence of unquoted service paths that could lead to a local attacker executing arbitrary code with elevated privileges...
Wondershare UBackit 代码问题漏洞
Wondershare UBackit is a computer data backup software from China's Wanxing Technology Wondershare. A code issue vulnerability exists in Wondershare UBackit version 2.0.5, which stems from an unquoted path to the wsbackup service, and could lead to the execution of arbitrary code and elevation of...
PT-2026-2638
Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...
PT-2026-2428
Name of the Vulnerable Software and Affected Versions Tftpd32 SE version 4.60 Description The software contains an unquoted service path issue that may allow local attackers to execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to...