CVE-2024-27092

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

CVE-2025-27092

creationtimestamp| type| source ---|---|--- 2025-02-20 00:07:11+00:00| published-proof-of-concept| https://t.me/TheDarkWebInformer/12948 2025-02-20 01:25:14+00:00| seen| https://bsky.app/profile/will.willofmiletus.com/post/3lil4zhtabk2d 2025-02-20 02:16:43+00:00| seen|...

CVE-2025-27092 Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2025-27092 Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2024-27092

creationtimestamp| type| source ---|---|--- 2024-03-14 11:51:46+00:00| seen| https://t.me/ctinow/207653...

CVE-2024-27092

CVE-2024-27092 – Hoppscotch (API development ecosystem) involves a lack of validation for the field pair Label (Edit Team) – TeamName, enabling attackers to send emails with spoofed content presented as Hoppscotch. The issue is documented to affect Hoppscotch prior to the fix and is mitigated by ...

CVE-2023-27092

Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter...

CVE-2023-27092

CVE-2023-27092 describes a Cross Site Scripting vulnerability in Jbootfly where an attacker can obtain sensitive information via the username parameter. Affected data exposure is indicated (confidentiality impact low; integrity impact low; availability none) with CVSSv3.1: Network attack vector, ...

CVE-2022-27092

creationtimestamp| type| source ---|---|--- 2022-05-20 16:30:39+00:00| seen| https://t.me/cibsecurity/43032...

CVE-2022-27092

...

CVE-2022-27092

This CVE ID is rejected/not used and does not represent an active vulnerability entry.

KB5001330: Windows 10 Version 2004 / Windows 10 Version 20H2 Security Update (April 2021)

The remote Windows host is missing a security update. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2021-27092

Azure AD Web Sign-in Security Feature Bypass Vulnerability...

CVE-2021-27092

Azure AD Web Sign-in Security Feature Bypass Vulnerability...

CVE-2021-27092

CVE-2021-27092: Azure AD Web Sign-in Security Feature Bypass Vulnerability. The connected data confirms a concrete vulnerability in Azure Active Directory web sign-in, enabling arbitrary browsing via federated endpoints. CVSS metrics show a high to critical impact (CVSSv3.1: 9.8, NETWORK, LOW exp...

CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability

...

KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...