Oracle Linux 9 : libtiff (ELSA-2026-12271)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-12271 advisory. 4.4.0-15.3 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159330 Tenable has extracted the preceding description block directly...

CVE-2020-12271

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...

CVE-2025-12271

creationtimestamp| type| source ---|---|--- 2025-10-27 13:49:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115446447915141841...

PT-2025-43940

🚨 CVE-2025-12271 A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be...

CVE-2024-12271

The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-12271

creationtimestamp| type| source ---|---|--- 2024-12-12 12:48:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113639929918430241 2024-12-12 14:40:28+00:00| seen| https://t.me/cvedetector/12788...

CVE-2024-12271

CVE-2024-12271 — Stored XSS in 360 Javascript Viewer (WordPress) Affected: 360 Javascript Viewer plugin for WordPress (all versions up to and including 1.7.29).Root cause: Insufficient input sanitization and output escaping for the ref parameter, enabling stored cross-site scripting.Impact: Authe...

CVE-2024-12271 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting

The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-12271 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting

The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The U.S. Federal Bureau of Investigation FBI has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed...

CVE-2019-12271

creationtimestamp| type| source ---|---|--- 2024-02-23 15:11:18+00:00| seen| https://t.me/ctinow/191786...

Sophos XG Firewall SQL Injection (CVE-2020-12271)

An SQL injection vulnerability exists in Sophos XG Firewall. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2020-12271

creationtimestamp| type| source ---|---|--- 2020-10-19 12:56:35+00:00| seen| https://t.me/CyberGovIL/888 2021-10-25 22:32:43+00:00| seen| MISP/63ddead6-4b82-414c-ad8e-c516b950b446 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen|...

CVE-2020-12271

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...

CVE-2020-12271

CVE-2020-12271 is a SQL injection vulnerability in Sophos XG Firewall SFOS against the backend PostgreSQL database. Affected products include SFOS versions on Sophos XG Firewalls (configured with Administration HTTPS or WAN-exposed User Portal). The root cause is improper validation of user-suppl...

CVE-2019-12271

Sandline Centraleyezer (On Premises) is affected by CVE-2019-12271 due to server-side lack of enforcement for uploaded filename extensions (adding ".jpg" is not enforced). This enables unrestricted file upload, with the potential for dangerous file types to be uploaded and, per CNVD-2020-03045, p...

CVE-2018-12271

Affected software: com.getdropbox.Dropbox app for iOS, version 100.2. Root cause: The LAContext Biometric (TouchID) validation can be bypassed by overriding the LAContext return value to true because kSecAccessControlUserPresence is not used. This enables authentication with an arbitrary fingerpr...

CVE-2017-12271

CVE-2017-12271 affects Cisco SPA300 and SPA500 Series IP Phones. The issue is a lack of cross-site request forgery (CSRF) protection in the web interface, allowing an unauthenticated, remote attacker to trigger unwanted actions by tricking a user into executing an adverse action. Documented impac...

Fedora Update for librsvg2 FEDORA-2011-12271

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE9 Security Update : Tomcat (YOU Patch Number 12271)

This update of tomcat fixes an information leak due to incorrect IP address filtering. CVE-2008-3271 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41249;...