Chromium: CVE-2026-11027 Insufficient validation of untrusted input in Glic

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-11027

Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Ruckus Wireless ICX7450-48 Cross-site Scripting (CVE-2018-11027)

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...

CVE-2025-11027

A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once aga...

Linux Distros Unpatched Vulnerability : CVE-2019-11027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers...

WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Date: 2023-06-19 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Date: 2023-06-19 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

Memory Misreference Vulnerability in Multiple Adobe Products (CNVD-2021-11027)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. A memory misreference vulnerability exists in several Adobe products. An attacker can exploit this vulnerability to execute arbitrary code...

Debian: Security Advisory (DLA-2208-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2208-1] wordpress security update

Package : wordpress Version : 4.1.30+dfsg-0+deb8u1 CVE ID : CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 Debian Bug : 959391 Multiple CVEs were discovered in the src:wordpress package. CVE-2020-11026 Files with a specially crafted name when uploaded to the Media section can lead to...

CVE-2020-11027

CVE-2020-11027 affects WordPress: password reset tokens fail to invalidate after password changes, enabling an attacker with email access to impersonate a user. Affected versions include 3.x through 5.3.x; patch released in WordPress 5.4.1 (and 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.x, 3.x as listed). Con...

CVE-2020-11027 Password reset links invalidation issue in WordPress

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...

CVE-2016-11027

creationtimestamp| type| source ---|---|--- 2020-04-07 19:18:29+00:00| seen| https://t.me/cibsecurity/11081...

CVE-2016-11027

CVE-2016-11027 affects Samsung mobile devices running M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The entry provides the Samsung ID SVE-2016-7132 but does not specify exploit details, affected models, versions beyond Andro...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

[SECURITY] [DLA 1956-1] ruby-openid security update

Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

CVE-2019-11027

Ruby OpenID (ruby-openid) up to version 2.8.0 contains a remote SSRF vulnerability in the OpenID discovery/verification flow. Exploitation could cause the server to connect to an attacker-controlled URL, potentially leaking private information. Public advisories describe impact as remote, with hi...

CVE-2018-11027

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML...