EUVD-2021-27132

Malware in sbrugna...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

CVE-2025-27132

creationtimestamp| type| source ---|---|--- 2025-05-06 09:21:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15077 2025-05-06 10:21:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loinx6vi5n2t 2025-05-06 12:48:18+00:00| seen|...

CVE-2025-27132

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...

CVE-2025-27132 arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +149 more potentially affected by CVE-2024-27132 via mlflow (>=0.8.2 <=2.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-27132 Source advisory: OSV:GHSA-6749-M5CP-6CG7...

CVE-2024-27132

creationtimestamp| type| source ---|---|--- 2024-02-23 23:26:27+00:00| seen| https://t.me/ctinow/192293 2024-02-23 23:32:13+00:00| seen| https://t.me/ctinow/192305 2024-12-06 18:30:05+00:00| seen| https://t.me/truesecator/6517...

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +149 more potentially affected by CVE-2024-27132 via mlflow (>=0.8.2 <=2.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-27132 Source advisory: OSV:PYSEC-2024-240...

CVE-2024-27132

MLflow suffers from insufficient sanitization of template variables, enabling XSS when loading an untrusted recipe and potentially enabling client-side RCE in Jupyter Notebook. The root cause is lack of input sanitization in rendering templates. Public details about affected versions or patches a...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-27132

The CVE-2023-27132 entry targets TSplus Remote Work: version 16.0.0.0 stores a cleartext password on the var pass line of the HTML source code for the secure single sign-on web portal. Connected sources corroborate that credentials are stored in plaintext within the HTML of the login page (e.g., ...

CVE-2021-27132

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-27132.yaml...

CVE-2021-27132

The CVE-2021-27132 issue affects Sercomm VD625 Smart Modems (firmware AGSOT_2.1.0). The vulnerability is a CRLF injection in the Content-Disposition header during the download function, enabling header manipulation that could enable session hijacking, cross-site scripting, or cache poisoning as d...

CVE-2020-27132

Cisco Jabber Desktop and Mobile Client (Windows, MacOS, and mobile platforms) has multiple CVEs (notably 26085, 27132, 27133, 27134, 27127) tied to the 12.1–12.9 release family. The issues include: a zero-click cross-site scripting path that can escape the Chromium sandbox to achieve remote code ...