54753 matches found
CVE-2025-59021
Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...
CVE-2025-59022 TYPO3 CMS Allows Broken Access Control in Recycler Module
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...
CVE-2025-59022
CVE-2025-59022 affects TYPO3 CMS: back-end users with Recycler Module access can delete arbitrary data from any TCA-defined table, bypassing permissions and potentially rendering sites unavailable. Affected versions include 10.0.0–10.4.54, 11.0.0–11.5.48, 12.0.0–12.4.40, 13.0.0–13.4.22, and 14.0....
EUVD-2026-2088
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...
CVE-2025-59022 TYPO3 CMS Allows Broken Access Control in Recycler Module
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...
CVE-2025-59021 TYPO3 CMS Allows Broken Access Control in Redirects Module
Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...
CVE-2025-59021 TYPO3 CMS Allows Broken Access Control in Redirects Module
Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...
CVE-2025-59021
CVE-2025-59021 affects TYPO3 CMS. Backend users with redirects module access and write permission on the sys_redirect table could read, create, and modify any redirect record, bypassing user-mounted scoping and enabling redirects to arbitrary URLs (phishing- or abuse‑prone). Affected versions: 10...
EUVD-2026-2089
Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a TLS server is configured with pskCallback or ALPNCallback. A remote attacker can crash or exhaust resources of a TLS server by sending input that causes the callback to throw an error...
EUVD-2026-2405
Malicious code in helium-module npm...
Malicious Package
Overview helium-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in helium-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 643f63c743fd06fb24cb2d488e001ce0efab3f0d82014801ea2eebad96041692 The package helium-module was found to contain malicious code. Source: ghsa-malware d34558c0d1e56c0103ad087e485e142f3918050a1b0bdc15fc7e7b46c1a2ae1f...
MAL-2026-244 Malicious code in helium-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 643f63c743fd06fb24cb2d488e001ce0efab3f0d82014801ea2eebad96041692 The package helium-module was found to contain malicious code. Source: ghsa-malware d34558c0d1e56c0103ad087e485e142f3918050a1b0bdc15fc7e7b46c1a2ae1f...
CVE-2026-0498
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
Zoho ManageEngine ADManager Plus 安全漏洞
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks such as batch management of user accoun...
PT-2026-2679
Name of the Vulnerable Software and Affected Versions Windows TPM affected versions not specified Description An out-of-bounds read issue exists in Windows TPM. A local attacker who is authorized can potentially disclose information. The vulnerability allows attackers to obtain sensitive...
PT-2026-2540
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to memory management within the vidtv driver. Specifically, local pointers are not initialized to NULL after memory ownership is transferred...
PT-2026-2476
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...