Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.7 views

CVE-2021-27193

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation...

9.8CVSS7.2AI score0.0148EPSS
Exploits0References1
OSV
OSV
added 2026/02/21 4:9 a.m.5 views

CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...

8.2CVSS5.5AI score0.00354EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/02/19 8:32 p.m.6 views

@vevedh/bke-dsi-cacem (>=2.0.4 <=4.0.1), @xrengine/analytics (>=0.5.0 <=0.5.8) +2 more potentially affected by CVE-2026-27193 via @feathersjs/authentication-oauth (>=5.0.0-pre.10 <=5.0.12)

@feathersjs/authentication-oauth NPM version =5.0.0-pre.10, =2.0.4, =0.5.0, =0.5.4, =0.0.1, =2.0.4 Source cves: CVE-2026-27193 Source advisory: SNYK:JS-FEATHERSJSAUTHENTICATIONOAUTH-15325870...

8.2CVSS5.8AI score0.00354EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.10 views

CVE-2022-27193

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...

6.1CVSS6.6AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 6:15 p.m.7 views

CVE-2025-27193

Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00347EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/08 6:15 p.m.16 views

CVE-2025-27193

Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.7AI score0.00347EPSS
Exploits0
Circl
Circl
added 2025/04/08 5:46 p.m.4 views

CVE-2025-27193

creationtimestamp| type| source ---|---|--- 2025-04-08 17:46:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10956...

7.8CVSS8.7AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 5:39 p.m.66 views

CVE-2025-27193

Adobe Bridge CVE-2025-27193 is a heap-based buffer overflow affecting Bridge 14.1.5, 15.0.2 and earlier, enabling arbitrary code execution when a user opens a crafted file. Root cause is improper memory handling during file processing; impact is at the user level with possible code execution. Exp...

7.8CVSS7.6AI score0.00347EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2024/03/15 2:22 p.m.6 views

CVE-2024-27193

creationtimestamp| type| source ---|---|--- 2024-03-15 14:22:15+00:00| seen| https://t.me/ctinow/208784 2024-03-15 14:26:37+00:00| seen| https://t.me/ctinow/208795...

7.1CVSS8.7AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2024/03/15 1:15 p.m.10 views

CVE-2024-27193

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through = 3.8.8...

7.1CVSS6.9AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2024/03/15 12:50 p.m.66 views

CVE-2024-27193

CVE-2024-27193 is a Reflected XSS in the PayU India WordPress plugin (affected: PayU India Official Plugin ≤ 3.8.2) due to improper input neutralization during web page generation. The issue concerns the type parameter being reflected in the response, enabling an attacker to inject scripts when a...

7.1CVSS7.2AI score0.00357EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/15 12:50 p.m.27 views

CVE-2024-27193 WordPress PayU India plugin <= 3.8.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through = 3.8.8...

7.1CVSS7.1AI score0.00357EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.12 views

WordPress PayU India Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Software PayU India Type Plugin Vulnerable versions = 3.8.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27193 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a1061bd589de Credits Dimas Maulana Required privilege...

7.1CVSS6.5AI score0.00357EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2023/04/14 4:25 p.m.6 views

CVE-2023-27193

creationtimestamp| type| source ---|---|--- 2023-04-14 16:25:54+00:00| seen| https://t.me/cibsecurity/62128...

7.8CVSS7.5AI score0.00376EPSS
Exploits1References1
CVE
CVE
added 2023/04/14 12:0 a.m.59 views

CVE-2023-27193

CVE-2023-27193 affects DUALSPACE v1.1.3, enabling local privilege escalation via the key_ad_new_user_avoid_time field. Reported impact is high (CVSS v3.1: Local, Privileges Required: Low, User Interaction: None, Confidentiality/Integrity/Availability: High). Technical details across connected sou...

7.8CVSS7.6AI score0.00376EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.6 views

CVE-2023-27193

An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the keyadnewuseravoidtime field...

6.9AI score0.00376EPSS
Exploits1References3
NVD
NVD
added 2022/03/15 5:15 a.m.9 views

CVE-2022-27193

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...

6.1CVSS0.00663EPSS
Exploits0References1
CVE
CVE
added 2022/03/15 4:15 a.m.108 views

CVE-2022-27193

The CVRF-CSAF-Converter (Python tool) is vulnerable to XML External Entities (XXE) in versions before 1.0.0-rc2, allowing an attacker to disclose arbitrary local files from the system running the converter. The issue arises from XXE handling in the input processing. Remediation: upgrade to 1.0.0-...

6.1CVSS5.3AI score0.00663EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2022/03/06 3:43 p.m.6 views

CVE-2021-27193

creationtimestamp| type| source ---|---|--- 2022-03-06 15:43:25+00:00| seen| Telegram/EN-JCEjIsuaC8l7X3n0gqtHHnDT3ECllZwH6JYEzX8Epg 2022-03-06 16:05:56+00:00| published-proof-of-concept| Telegram/3MYHFHxXT7KFvvIwr64AVvek8By53dLVWRcLtibUl4x...

9.8CVSS8.9AI score0.0148EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/22 2:52 p.m.4 views

Popular Netop Remote Learning Software Found Vulnerable to Hacking

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately...

9.8CVSS8.1AI score0.0148EPSS
Exploits0
Rows per page
Query Builder