Lucene search
K

206166 matches found

NVD
NVD
added 2026/01/13 12:15 p.m.10 views

CVE-2026-0859

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...

7.8CVSS0.00165EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/13 11:54 a.m.2 views

CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...

5.2CVSS7.2AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2026/01/13 10:15 a.m.7 views

CVE-2025-40942

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...

8.8CVSS0.00144EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/13 10:1 a.m.7 views

Multiple vulnerabilities in EATON UPS Companion

Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...

8.6CVSS7.8AI score0.00266EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/13 9:50 a.m.2 views

kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...

7.8CVSS5.8AI score0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/13 9:44 a.m.22 views

CVE-2025-40942

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...

8.8CVSS0.00144EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 9:44 a.m.4 views

CVE-2025-40942

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...

8.8CVSS7.1AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 9:44 a.m.19 views

CVE-2025-40942

CVE-2025-40942 affects TeleControl Server Basic prior to version 3.1.2.4. The issue is a local privilege escalation that could allow an attacker to execute arbitrary code with elevated privileges on the affected software. Remediation consistently cited across sources is to update TeleControl Serv...

8.8CVSS7.1AI score0.00144EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.3 views

PT-2026-2411

Name of the Vulnerable Software and Affected Versions Flame II HSPA USB Modem affected versions not specified Description The Flame II HSPA USB Modem contains a flaw due to an unquoted service path in its Windows service configuration. This allows attackers to potentially execute arbitrary code...

9.8CVSS7.2AI score0.00356EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Flame II HSPA USB Modem 代码问题漏洞

The Flame II HSPA USB Modem is a wireless network card from Flame. The Flame II HSPA USB Modem suffers from a code issue vulnerability that stems from the presence of unquoted service paths in the Windows service configuration, which could lead to an attacker executing arbitrary code with elevate...

9.8CVSS6.1AI score0.00356EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

siemens TeleControl Server Basic 安全漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. A security vulnerability exists in siemens TeleControl Server Basic versions prior to V3.1.2.4, which stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary co...

8.8CVSS6.2AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

HPE Aruba Networking Virtual Intranet Access 安全漏洞

HPE Aruba Networking Virtual Intranet Access is a client agent software from HPE America. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary code with root...

7.8CVSS6.2AI score0.00156EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Outline 代码问题漏洞

Outline is an Outline open source knowledge base. A code issue vulnerability exists in Outline version 1.6.0, which stems from unquoted service paths and could lead to a local attacker executing arbitrary code with elevated system privileges...

8.5CVSS6AI score0.00196EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Wondershare UBackit 代码问题漏洞

Wondershare UBackit is a computer data backup software from China's Wanxing Technology Wondershare. A code issue vulnerability exists in Wondershare UBackit version 2.0.5, which stems from an unquoted path to the wsbackup service, and could lead to the execution of arbitrary code and elevation of...

8.5CVSS6.2AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.15 views

PT-2026-2638

Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...

5.2CVSS7.1AI score0.00165EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.9 views

PT-2026-2428

Name of the Vulnerable Software and Affected Versions Tftpd32 SE version 4.60 Description The software contains an unquoted service path issue that may allow local attackers to execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to...

8.5CVSS7.3AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Adobe Substance3D Sampler 缓冲区错误漏洞

Adobe Substance3D Sampler is a software for rendering 3D scenes from Audobee Adobe USA. A buffer error vulnerability exists in Adobe Substance3D Sampler 5.1.0 and prior versions, which stems from an out-of-bounds write and could lead to the execution of arbitrary code...

7.8CVSS6.1AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Adobe Bridge 安全漏洞

Adobe Bridge is a file viewer from the American company Audobee Adobe. A security vulnerability exists in Adobe Bridge version 15.1.2 and versions 16.0 and earlier, which stems from a heap-based buffer overflow that could lead to the execution of arbitrary code...

7.8CVSS6.2AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.3 views

Adobe InDesign Desktop 安全漏洞

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a heap buffer overflow vulnerability that originates from a partial overwrite of heap memory, which can be exploited by an attacker to...

7.8CVSS6.5AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Adobe Dreamweaver Desktop 输入验证错误漏洞

Adobe Dreamweaver Desktop is a web design and development software from the American company Audobee Adobe. Adobe Dreamweaver Desktop is vulnerable to an incorrect input validation error vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the system...

8.6CVSS6.3AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder