CVE-2026-21627

creationtimestamp| type| source ---|---|--- 2026-03-30 17:49:10+00:00| seen| https://bsky.app/profile/mysites.guru/post/3mic7vp46v526 2026-03-30 19:49:04+00:00| seen| https://bsky.app/profile/mysites.guru/post/3micgmbotup2x 2026-04-13 19:49:04+00:00| seen|...

CVE-2026-21627 Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

Linux Distros Unpatched Vulnerability : CVE-2025-21627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the...

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid address...

CVE-2022-21627

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2025-21627

GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contai...

CVE-2025-21627

creationtimestamp| type| source ---|---|--- 2025-02-25 17:03:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lizdqxo5qz2l 2025-02-25 19:03:39+00:00| seen| https://t.me/cvedetector/18901 2025-02-25 19:23:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5...

CVE-2025-21627 GLPI Cross-site Scripting vulnerability

GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contai...

CVE-2024-21627

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

CVE-2024-21627

creationtimestamp| type| source ---|---|--- 2024-01-02 22:26:55+00:00| seen| https://t.me/ctinow/162058 2024-01-03 01:37:33+00:00| seen| https://t.me/cibsecurity/74204 2024-01-23 10:26:59+00:00| seen| https://t.me/ctinow/171833...

CVE-2024-21627 Some attribute not escaped in Validate::isCleanHTML method

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

CVE-2024-21627

CVE-2024-21627 affects PrestaShop; the issue is in isCleanHTML not reliably detecting/escaping HTML attributes, potentially allowing XSS via event attributes in some modules prior to patch versions. Affected versions: 8.1.3 and 1.7.8.11 (patched in those releases). Workaround: use the HTMLPurifie...

CVE-2023-21627 Incorrect Type Conversion or Cast in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while calling service API with invalid address...

CVE-2023-21627

CVE-2023-21627 is a memory corruption issue in the Trusted Execution Environment when a service API is called with an invalid address. The vulnerability affects Qualcomm components (TEE) and is documented in multiple feeds, with the NVD/NIST entry noting memory corruption and a base CVSS v3.1 sco...

Mageia: Security Advisory (MGASA-2022-0390)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-21627

creationtimestamp| type| source ---|---|--- 2022-10-19 00:14:44+00:00| seen| https://t.me/cibsecurity/51712...

Oracle VirtualBox 6.1.x < 6.1.40 Security Update (cpuoct2022) - Windows

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

Oracle VirtualBox 6.1.x < 6.1.40 Security Update (cpuoct2022) - Mac OS X

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

Oracle VirtualBox 6.1.x < 6.1.40 Security Update (cpuoct2022) - Linux

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

CVE-2022-21627

CVE-2022-21627 affects Oracle VM VirtualBox (Core) up to version 6.1.40. A high-privilege attacker with logon to the host can trigger a hang or frequent crash (DOS) of VirtualBox. Base CVSS v3.1 score is 4.4 (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Mitigation: upgrade to VirtualBox 6.1.40 or later,...