CVE-2026-49740

TYPO3 CMS: Insecure deserialization in core API (VariableFrontend and Registry) allows crafting serialized payloads to trigger PHP Object Injection with local write access to the cache store or sys_registry table. Impact could lead to Remote Code Execution or other high-impact effects as per the ...

esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

EUVD-2026-20996

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquirecertificate direct and issuance paths...

PT-2025-34141

Name of the Vulnerable Software and Affected Versions Directus versions 10.8.0 through 11.9.2 Description A flaw in the file update mechanism of the Directus API allows an unauthenticated actor to modify existing files with arbitrary content or upload new files with arbitrary content and...

CVE-2025-31489

Affected product: MinIO object storage server. Vulnerability: incomplete/signature validation for unsigned-trailer uploads allows a client with an existing bucket WRITE permission and knowledge of an access-key and bucket name to upload arbitrary objects by using any secret. Impact (as stated): p...

A Storage Write Removal Bug in contracts

Lines of code Vulnerability details Summary In fallbackLSP17Extendable, Calling functions that conditionally terminate the external EVM call using the assembly statements return... may result in incorrect removals of prior storage writes. Impact In LSP17Extendable.sol, fallbackLSP17Extendable is...

CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise...