CVE-2026-1277

creationtimestamp| type| source ---|---|--- 2026-03-16 18:31:57+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-1277.yaml 2026-03-17 21:03:02+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mhbuolj5kc2h 2026-04-03...

CVE-2025-1277

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2026-1277

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2020-1277

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...

CVE-2019-1277

An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'...

CVE-2025-1277

creationtimestamp| type| source ---|---|--- 2025-04-18 03:57:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12382...

CVE-2025-1277

CVE-2025-1277 is a memory corruption vulnerability in Autodesk applications triggered when parsing malicious PDF files, enabling arbitrary code execution in the affected process. Public sources describe the root cause as a PDF parsing issue leading to memory corruption; the attack vector is Local...

CVE-2025-1277 PDF File Parsing Memory Corruption Vulnerability

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2024-1277

creationtimestamp| type| source ---|---|--- 2024-03-08 09:51:53+00:00| seen| https://t.me/ctinow/203182...

CVE-2024-1277

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to...

CVE-2024-1277

CVE-2024-1277 affects Ocean Extra for WordPress up to version 2.2.4, enabling Stored XSS via custom fields due to insufficient input sanitization and output escaping. Exploitation requires authentication (contributor+). A fix is available in version 2.2.5; upgrade Ocean Extra to 2.2.5 or later to...

CVE-2023-1277

creationtimestamp| type| source ---|---|--- 2023-03-08 22:24:01+00:00| seen| https://t.me/cibsecurity/59688...

CVE-2023-1277

The CVE-2023-1277 issue affects kylin-system-updater up to 1.4.20kord on Ubuntu Kylin, with the vulnerable component: the InstallSnap function of the Update Handler. The root cause is a command injection vulnerability that can be exploited locally. The vulnerability has been publicly disclosed; e...

CVE-2023-1277 kylin-system-updater Update InstallSnap command injection

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been...

SUSE CVE-2015-1277

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures...

CVE-2022-41854 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, hadoop-fips, management-api-for-apache-cassandra-4.1, management-api-for-apache-cassandra-4.0...

CVE-2022-1277

creationtimestamp| type| source ---|---|--- 2022-07-29 16:18:26+00:00| seen| https://t.me/cibsecurity/47252...

CVE-2022-1277

Inavitas Solar Log is affected by an unauthenticated SQL injection (CVE-2022-1277). The vulnerability affects the Inavitas Solar Log product, with unauthenticated access and potential impact per the CVE entry. Exploitation details are not provided in the documents; MT-level risk assessment is not...

CVE-2022-1277 SQL Injection in Inavitas Solar Log

Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability...

EulerOS 2.0 SP5 : mailman (EulerOS-SA-2022-1277)

According to the versions of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the...