Lucene search
K

10268 matches found

RedhatCVE
RedhatCVE
added 2026/01/14 12:26 p.m.7 views

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

6.5CVSS6.9AI score0.00287EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/01/14 9:59 a.m.10 views

USN-7960-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2025-59830 It was discovered that Rack did not properly handle...

7.5CVSS7.1AI score0.00848EPSS
Exploits0
OSV
OSV
added 2026/01/14 9:59 a.m.6 views

USN-7960-1 ruby-rack vulnerabilities

It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2025-59830 It was discovered that Rack did not properly handle...

7.5CVSS6.7AI score0.00911EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/01/14 12:25 a.m.2 views

SUSE CVE-2025-71101

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI...

6.5CVSS6.6AI score0.00117EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 3 : w3m-0.5.1-17.AXS3 (AXSA:2010-392:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-392:01 advisory. The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML...

6.8CVSS7.3AI score0.05741EPSS
Exploits4References2
OSV
OSV
added 2026/01/13 11:15 p.m.4 views

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS5.8AI score0.00262EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22027

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

6CVSS7.3AI score0.00209EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/13 10:52 p.m.19 views

CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS0.00262EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.8 views

TYPO3 CMS Allows Broken Access Control in Edit Document Controller

Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...

6.5CVSS6.9AI score0.00287EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/01/13 3:34 p.m.21 views

CVE-2025-71101 platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI...

0.00117EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 3:34 p.m.4 views

CVE-2025-71101 platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI...

7.1CVSS6.5AI score0.00117EPSS
Exploits0References7
CVE
CVE
added 2026/01/13 3:34 p.m.31 views

CVE-2025-71101

CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...

7.1CVSS6.2AI score0.00117EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...

7.5CVSS5.9AI score0.00516EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/13 1:3 p.m.3 views

Incorrect Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by...

6.5CVSS6.7AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 12:15 p.m.5 views

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

6.5CVSS0.00287EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 12:15 p.m.5 views

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

6.5CVSS6.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/01/13 11:53 a.m.19 views

CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

5.3CVSS0.00287EPSS
Exploits0References4
CVE
CVE
added 2026/01/13 11:53 a.m.14 views

CVE-2025-59020

The CVE-2025-59020 issue in TYPO3 CMS arises from abusing the defVals parameter to bypass field-level access checks during backend record creation. This allows insertion of data into restricted exclude fields for tables where the user has write access to a limited set of fields. Affected TYPO3 ve...

6.5CVSS6.5AI score0.00287EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/13 11:53 a.m.3 views

CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

5.3CVSS6.5AI score0.00287EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.3 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that stems from the utilization of the defVals parameter that can bypass field-level access checks and may result in the insertion of arbitrary data into exclusion fields prohibited by a...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References4
Rows per page
Query Builder