CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2026-27190 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2026-27190 Source advisory: OSV:GHSA-HMH4-3XVX-Q5HR...

CVE-2026-27190

creationtimestamp| type| source ---|---|--- 2026-02-19 08:16:18+00:00| published-proof-of-concept| https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr 2026-02-21 00:25:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfdeebfrpv2s 2026-03-02...

CVE-2025-27190 Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access...

CVE-2024-27190

creationtimestamp| type| source ---|---|--- 2025-02-14 17:39:47+00:00| seen| Telegram/rlbnNF-jij67DefhaWE2LbN5fl2EUUZ-rkEH-Fpnh2-vyvll 2025-02-14 21:08:31+00:00| seen| Telegram/RRdQOw8f9kwnvVZifnHUvge8q6xOr6BUsm6NSfs8xwPa4a5...

CVE-2024-27190

Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2...

CVE-2024-27190

CVE-2024-27190 affects WordPress Plugin Download Media (Jean-David Daviet) with Missing Authorization in versions n/a through 1.4.2. Root cause: broken access control allowing unauthorized access. Exploitation status is not provided in the documents. Patch status for this entry is Unpatched; reme...

CVE-2024-27190 WordPress Download Media plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2...

WordPress Download Media Plugin <= 1.4.2 is vulnerable to Broken Access Control

Software Download Media Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27190 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96de5b41d24d Credits Steven Julian Required privilege...

CVE-2021-27190

creationtimestamp| type| source ---|---|--- 2021-02-12 07:43:04+00:00| seen| https://t.me/cibsecurity/23514...

CVE-2021-27190

CVE-2021-27190 targets PEEL SHOPPING 9.3.0 and 9.4.0, describing a Stored XSS where user input containing a polyglot payload is echoed back in HTML/JavaScript, enabling malicious script execution (e.g., cookie theft or redirects) in the affected web app. The public disclosures in Red Hat and NVD ...

Exploit for Cross-site Scripting in Peel Peel_Shopping

PoC exploit for CVE-YYYY-NNNN, a Stored XSS vulnerability in PEE...