24 matches found
CVE-2021-27193
Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation...
CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
@vevedh/bke-dsi-cacem (>=2.0.4 <=4.0.1), @xrengine/analytics (>=0.5.0 <=0.5.8) +2 more potentially affected by CVE-2026-27193 via @feathersjs/authentication-oauth (>=5.0.0-pre.10 <=5.0.12)
@feathersjs/authentication-oauth NPM version =5.0.0-pre.10, =2.0.4, =0.5.0, =0.5.4, =0.0.1, =2.0.4 Source cves: CVE-2026-27193 Source advisory: SNYK:JS-FEATHERSJSAUTHENTICATIONOAUTH-15325870...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2025-27193
Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-27193
Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-27193
creationtimestamp| type| source ---|---|--- 2025-04-08 17:46:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10956...
CVE-2025-27193
Adobe Bridge CVE-2025-27193 is a heap-based buffer overflow affecting Bridge 14.1.5, 15.0.2 and earlier, enabling arbitrary code execution when a user opens a crafted file. Root cause is improper memory handling during file processing; impact is at the user level with possible code execution. Exp...
CVE-2024-27193
creationtimestamp| type| source ---|---|--- 2024-03-15 14:22:15+00:00| seen| https://t.me/ctinow/208784 2024-03-15 14:26:37+00:00| seen| https://t.me/ctinow/208795...
CVE-2024-27193
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through = 3.8.8...
CVE-2024-27193
CVE-2024-27193 is a Reflected XSS in the PayU India WordPress plugin (affected: PayU India Official Plugin ≤ 3.8.2) due to improper input neutralization during web page generation. The issue concerns the type parameter being reflected in the response, enabling an attacker to inject scripts when a...
CVE-2024-27193 WordPress PayU India plugin <= 3.8.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through = 3.8.8...
WordPress PayU India Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)
Software PayU India Type Plugin Vulnerable versions = 3.8.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27193 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a1061bd589de Credits Dimas Maulana Required privilege...
CVE-2023-27193
creationtimestamp| type| source ---|---|--- 2023-04-14 16:25:54+00:00| seen| https://t.me/cibsecurity/62128...
CVE-2023-27193
CVE-2023-27193 affects DUALSPACE v1.1.3, enabling local privilege escalation via the key_ad_new_user_avoid_time field. Reported impact is high (CVSS v3.1: Local, Privileges Required: Low, User Interaction: None, Confidentiality/Integrity/Availability: High). Technical details across connected sou...
CVE-2023-27193
An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the keyadnewuseravoidtime field...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
The CVRF-CSAF-Converter (Python tool) is vulnerable to XML External Entities (XXE) in versions before 1.0.0-rc2, allowing an attacker to disclose arbitrary local files from the system running the converter. The issue arises from XXE handling in the input processing. Remediation: upgrade to 1.0.0-...
CVE-2021-27193
creationtimestamp| type| source ---|---|--- 2022-03-06 15:43:25+00:00| seen| Telegram/EN-JCEjIsuaC8l7X3n0gqtHHnDT3ECllZwH6JYEzX8Epg 2022-03-06 16:05:56+00:00| published-proof-of-concept| Telegram/3MYHFHxXT7KFvvIwr64AVvek8By53dLVWRcLtibUl4x...
Popular Netop Remote Learning Software Found Vulnerable to Hacking
Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately...