CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

CVE-2026-26927

creationtimestamp| type| source ---|---|--- 2026-04-02 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2026-26927/ 2026-04-02 15:21:07+00:00| published-proof-of-concept| Telegram/613aY007LGHyW6rIrja4BsrlzuBvUbPzSCrjge10VR5WoE...

MiracleLinux 8 : jasper-2.0.14-5.el8 (AXSA:2021-2685:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2685:01 advisory. jasper: Heap-based buffer overflow in cpcreate in jpcenc.c CVE-2020-27828 jasper: Heap-based buffer over-read in jp2decode in jp2dec.c CVE-2021-3272...

CVE-2025-26927

creationtimestamp| type| source ---|---|--- 2025-04-16 00:23:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmvd7acbxo2u 2025-04-16 00:48:47+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114344888017241235 2025-04-16 13:56:09+00:00| published-proof-of-concept...

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

WordPress AI Hub Theme <= 1.3.3 is vulnerable to Arbitrary File Upload

Software AI Hub Type Theme Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-26927 Patch priority High CVSS severity High 10 Developer EPC PSID 5de783124503 Credits luc Required privilege Unauthenticated Published 10 April, 2025...

Linux Distros Unpatched Vulnerability : CVE-2024-26927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about head-fullsize -...

CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

Rocky Linux 8 : jasper (RLSA-2021:4235)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4235 advisory. - There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary...

Important: jasper

Issue Overview: A flaw was found in the Jasper tool's jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-27828 ...

openSUSE: Security Advisory for jasper (SUSE-SU-2022:1479-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-26927

Windows Graphics Component Remote Code Execution Vulnerability...

CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability

...

CVE-2022-26927

CVE-2022-26927 : Affects the Windows Graphics Component and enables remote code execution. The CVSSv3.1 base score is 8.8 (HIGH) with a NETWORK attack vector, LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED; confidentiality, integrity and availability are all High. Th...

KB5013945: Windows 10 version 1909 Security Update (May 2022)

The remote Windows host is missing security update 5013945. It is, therefore, affected by multiple vulnerabilities - Windows LDAP Remote Code Execution Vulnerability CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137,...

KB5013941: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2022)

The remote Windows host is missing security update 5013941. It is, therefore, affected by multiple vulnerabilities - Windows LDAP Remote Code Execution Vulnerability CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137,...

SUSE: Security Advisory (SUSE-SU-2022:1479-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:1475-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2decode bsc1184757. - CVE-2021-3443: Fixed NULL pointer deref in jp2decode bsc1184798. - CVE-2021-26927: Fixed NULL pointer deref in jp2decode bsc1182104. - CVE-2021-26926: Fixed an out of bounds rea...

CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2

CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2. An upgraded version of the package is available that resolves this issue...