CVE-2021-27103

Accellion FTA 912411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA912416 and later...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

CVE-2025-27103

creationtimestamp| type| source ---|---|--- 2025-03-13 19:48:26+00:00| seen| https://t.me/cvedetector/20246...

CVE-2025-27103

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-27103

Summary (CVE-2025-27103) DataEase (open source BI tool) prior to v2.10.6 is affected by a bypass of the patch for CVE-2024-55953 that allows authenticated users to read and deserialize arbitrary files via the background JDBC connection. The issue arises from the unfiltered JDBC connection string ...

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

USN-6677-1: libde265 vulnerabilities | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to...

Ubuntu: Security Advisory (USN-6677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6677-1: libde265 vulnerabilities

It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libde265 vulnerabilities (USN-6677-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6677-1 advisory. It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system we...

CVE-2024-27103

creationtimestamp| type| source ---|---|--- 2024-02-28 19:27:00+00:00| seen| https://t.me/ctinow/195776 2024-02-28 19:27:07+00:00| seen| https://t.me/ctinow/195782...

CVE-2024-27103

Querybook (Big Data Querying UI) is affected by a stored XSS vulnerability (CVE-2024-27103) arising from unsanitized input passed to dangerouslySetInnerHTML during search result highlighting and in the query auto-suggestion feature. The issue is triggered when highlighted results or suggested tab...

CVE-2024-27103 Querybook Stored Cross-Site Scripting allows Privilege Elevation

Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to...

Debian: Security Advisory (DLA-3676-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3676-1] libde265 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3676-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky November 30, 2023 https://wiki.debian.org/LTS -...

Debian dla-3676 : horizon-doc - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3676 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3676-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-27103

creationtimestamp| type| source ---|---|--- 2023-03-15 17:24:51+00:00| seen| https://t.me/cibsecurity/60054...

DEBIAN-CVE-2023-27103

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derivecollocatedmotionvectors at motion.cc...