206166 matches found
CVE-2026-0859
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...
CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...
CVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...
Multiple vulnerabilities in EATON UPS Companion
Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...
kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...
CVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...
CVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...
CVE-2025-40942
CVE-2025-40942 affects TeleControl Server Basic prior to version 3.1.2.4. The issue is a local privilege escalation that could allow an attacker to execute arbitrary code with elevated privileges on the affected software. Remediation consistently cited across sources is to update TeleControl Serv...
PT-2026-2411
Name of the Vulnerable Software and Affected Versions Flame II HSPA USB Modem affected versions not specified Description The Flame II HSPA USB Modem contains a flaw due to an unquoted service path in its Windows service configuration. This allows attackers to potentially execute arbitrary code...
Flame II HSPA USB Modem 代码问题漏洞
The Flame II HSPA USB Modem is a wireless network card from Flame. The Flame II HSPA USB Modem suffers from a code issue vulnerability that stems from the presence of unquoted service paths in the Windows service configuration, which could lead to an attacker executing arbitrary code with elevate...
siemens TeleControl Server Basic 安全漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. A security vulnerability exists in siemens TeleControl Server Basic versions prior to V3.1.2.4, which stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary co...
HPE Aruba Networking Virtual Intranet Access 安全漏洞
HPE Aruba Networking Virtual Intranet Access is a client agent software from HPE America. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary code with root...
Outline 代码问题漏洞
Outline is an Outline open source knowledge base. A code issue vulnerability exists in Outline version 1.6.0, which stems from unquoted service paths and could lead to a local attacker executing arbitrary code with elevated system privileges...
Wondershare UBackit 代码问题漏洞
Wondershare UBackit is a computer data backup software from China's Wanxing Technology Wondershare. A code issue vulnerability exists in Wondershare UBackit version 2.0.5, which stems from an unquoted path to the wsbackup service, and could lead to the execution of arbitrary code and elevation of...
PT-2026-2638
Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...
PT-2026-2428
Name of the Vulnerable Software and Affected Versions Tftpd32 SE version 4.60 Description The software contains an unquoted service path issue that may allow local attackers to execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to...
Adobe Substance3D Sampler 缓冲区错误漏洞
Adobe Substance3D Sampler is a software for rendering 3D scenes from Audobee Adobe USA. A buffer error vulnerability exists in Adobe Substance3D Sampler 5.1.0 and prior versions, which stems from an out-of-bounds write and could lead to the execution of arbitrary code...
Adobe Bridge 安全漏洞
Adobe Bridge is a file viewer from the American company Audobee Adobe. A security vulnerability exists in Adobe Bridge version 15.1.2 and versions 16.0 and earlier, which stems from a heap-based buffer overflow that could lead to the execution of arbitrary code...
Adobe InDesign Desktop 安全漏洞
Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a heap buffer overflow vulnerability that originates from a partial overwrite of heap memory, which can be exploited by an attacker to...
Adobe Dreamweaver Desktop 输入验证错误漏洞
Adobe Dreamweaver Desktop is a web design and development software from the American company Audobee Adobe. Adobe Dreamweaver Desktop is vulnerable to an incorrect input validation error vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the system...