21 matches found
CVE-2026-27237
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Exploit for CVE-2025-27237
CVE-2025-27237 Local privilege escalation vulnerability in Za...
CVE-2025-27237
creationtimestamp| type| source ---|---|--- 2025-10-06 06:48:15+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m2izeyov7l2t 2025-10-06 13:50:04+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m2jqx7zo3s2r 2025-10-06 17:33:28+00:00| seen|...
CVE-2025-27237
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...
CVE-2025-27237
CVE-2025-27237 affects Zabbix Agent and Agent 2 on Windows. The OpenSSL configuration is loaded from a path writable by low-privileged users, enabling an attacker to plant a malicious openssl.cnf that loads an arbitrary DLL at service restart, potentially achieving Local Privilege Escalation. The...
CVE-2025-27237 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...
CVE-2024-27237
In wipensmemory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-27237
creationtimestamp| type| source ---|---|--- 2024-03-11 20:26:43+00:00| seen| https://t.me/ctinow/205024 2025-02-18 21:11:31+00:00| seen| Telegram/0CTfQtYLZ2ub03XB3s1BZ5TyP3Me3COld2GoxAafxlcFc6Tm...
CVE-2024-27237
CVE-2024-27237 involves a logic error in wipe_ns_memory() within nsmemwipe.c that can cause an incorrect size calculation. This flaw permits local information disclosure without requiring elevated privileges or user interaction. The vulnerability is described across multiple sources (NVD/Red Hat/...
CVE-2023-27237
creationtimestamp| type| source ---|---|--- 2023-05-12 14:26:55+00:00| seen| https://t.me/cibsecurity/63999 2025-01-24 20:04:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3002...
CVE-2023-27237
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack...
CVE-2023-27237
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack...
CVE-2023-27237
LavaLite CMS v9.0.0 is reported vulnerable to a host header injection attack. The root cause cited across multiple sources is insufficient sanitization of HTTP host headers, enabling manipulation that could affect request routing or cache behavior. No explicit exploit details or in‑the‑wild activ...
CVE-2022-27237
CVE-2022-27237 describes a cross-site scripting (XSS) vulnerability in an NI Web Server component used with several NI products. The advisory indicates the affected surface is the NI Web Server component across multiple NI product deployments, with remediation guidance requiring upgrading to one ...
CVE-2022-27237
There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...
OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)
An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-27237
CVE-2020-27237 affects OpenClinic GA 5.173.3. The vulnerability is an SQL injection in the getAssets.jsp page, allowing unauthenticated injection via multiple input parameters (e.g., supplierUID, serviceuid, nomenclature, description, code, etc.) as shown in the connected advisories. Multiple sou...
CVE-2021-27237
creationtimestamp| type| source ---|---|--- 2021-02-16 22:48:13+00:00| seen| https://t.me/cibsecurity/23680...
CVE-2021-27237
The admin panel in BlackCat CMS 1.3.6 allows stored XSS by an admin via the Display Name field to backend/preferences/ajaxsave.php...
CVE-2021-27237
The CVE-2021-27237 issue affects BlackCat CMS 1.3.6: the admin panel allows stored XSS via the Display Name field sent to backend/preferences/ajax_save.php. Multiple connected records (Red Hat, CNVD, NVD, OSV, etc.) document this stored XSS in BlackCat CMS 1.3.6, with no further technical details...