CVE-2026-27224 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2021-27224

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code...

CVE-2025-27224

creationtimestamp| type| source ---|---|--- 2025-10-27 18:50:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m473jc2hwf23...

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected Ping, Traceroute, and...

CVE-2020-27224

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview @theia/preview, can be exploited to execute arbitrary code...

CVE-2024-27224

CVE-2024-27224 is an out-of-bounds write in strncpy.c (strncpy), causing local elevation of privilege due to a missing bounds check. Documented as an EoP issue affecting Google Pixel components (Little Kernel) with exploitation details not provided in the supplied sources. The vulnerability is li...

CVE-2023-27224

creationtimestamp| type| source ---|---|--- 2023-03-22 23:36:05+00:00| seen| https://t.me/cibsecurity/60521...

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

CVE-2023-27224

CVE-2023-27224 affects NginxProxyManager v2.9.19. A vulnerability allows remote attackers to execute arbitrary code by injecting a Lua script into the configuration file, due to insufficient input/data sanitization at the management level. This is described across multiple sources, and the impact...

Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224)

TL;DR Galleon Systems’ GPS NTP time server had a command injection vulnerability in the firmware of their NTS GPS device which could allow total control of the device through the web management interface. The vulnerability - CVE-2022-27224 https://vulners.com/cve/CVE-2022-27224 Device: Galleon...

CVE-2022-27224

creationtimestamp| type| source ---|---|--- 2022-05-09 18:36:23+00:00| seen| https://t.me/cibsecurity/42176...

CVE-2022-27224

CVE-2022-27224 affects Galleon NTS-6002-GPS firmware 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can execute root-level command injections via shell metacharacters in the web-management Interface’s Network Tools (ping, traceroute, DNS lookup) input fields (ping_address, trace_addre...

CVE-2020-27224

creationtimestamp| type| source ---|---|--- 2021-02-24 20:36:59+00:00| seen| https://t.me/cibsecurity/24089...

CVE-2020-27224

The CVE-2020-27224 entry affects Eclipse Theia up to version 1.2.0, specifically the Markdown Preview module (@theia/preview). The issue enables arbitrary code execution due to a failure in how external data is processed during code segment construction in the Markdown Preview, leading to a code ...

CVE-2020-27224

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview @theia/preview, can be exploited to execute arbitrary code...

CVE-2021-27224

creationtimestamp| type| source ---|---|--- 2021-02-17 18:49:15+00:00| seen| https://t.me/cibsecurity/23750...

CVE-2021-27224

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code...

CVE-2021-27224

The CVE-2021-27224 entry concerns IrfanView 4.57 with the WPG plugin (WPG.dll) prior to version 3.1.0.0. A user-mode write access violation in WPG (starting at WPG+0x...12ec6) could allow remote attackers to execute arbitrary code. Public sources consistently describe an out-of-bounds/write condi...