CVE-2022-26077

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff...

CVE-2025-5833

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this...

CVE-2025-5833 Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this...

CVE-2021-26077

creationtimestamp| type| source ---|---|--- 2025-02-14 10:06:00+00:00| seen| Telegram/BLcWoLTAiVFGLu6frKqmLYoA306d-PdJVcv0iLblJ4LW2fZt...

CVE-2024-26077

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26077 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26077 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26077

Adobe Experience Manager (AEM) 6.5.20 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing malicious JavaScript to run in a victim’s browser when visiting a page containing the field. The CVE entry (CVE-2024-26077) is active and referenc...

CVE-2023-26077

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078,...

CVE-2023-26077

The CVE-2023-26077 issue affects Atera Agent for Windows (versions 1.8.3.6 and earlier). It arises from the MSI installer’s repair functionality creating temporary files in directories with insecure permissions, enabling potential local privilege escalation (e.g., via DLL hijacking) when exploite...

CVE-2022-26077

Open Automation Software OAS Platform V16.00.0112 is affected by CVE-2022-26077 via the OAS Engine configuration communications, where cleartext transmission allows network sniffing to disclose sensitive information. The root cause is unencrypted configuration traffic over the OAS Engine, enablin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Atlassian Connect Spring Boot (ACSB) has a Broken Authentication issue in affected versions: 1.1.0 to 2.1.3 and 2.1.4 to 2.1.5. The root cause is acceptance of context JWTs in lifecycle endpoints (e.g., installation) where server-to-server JWTs are required, enabling authenticated re-installation...

CVE-2020-26077

creationtimestamp| type| source ---|---|--- 2020-11-18 20:40:48+00:00| seen| https://t.me/cibsecurity/16533...

CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

CVE-2020-26077

CVE-2020-26077 concerns Cisco IoT Field Network Director (FND) and describes an access-control error that could let an authenticated, remote attacker view user lists from different domains. The flaw arises when an API request alters the domain for a requested user list, enabling cross-domain expo...