Lucene search
K

21 matches found

OSV
OSV
added 2026/03/11 1:16 a.m.5 views

CVE-2026-27237

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.00167EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/26 4:31 p.m.169 views

Exploit for CVE-2025-27237

CVE-2025-27237 Local privilege escalation vulnerability in Za...

7.3CVSS6AI score0.00325EPSS
Exploits2
Circl
Circl
added 2025/10/06 6:48 a.m.4 views

CVE-2025-27237

creationtimestamp| type| source ---|---|--- 2025-10-06 06:48:15+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m2izeyov7l2t 2025-10-06 13:50:04+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m2jqx7zo3s2r 2025-10-06 17:33:28+00:00| seen|...

7.3CVSS6AI score0.00325EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2025/10/03 12:15 p.m.2 views

CVE-2025-27237

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

7.3CVSS6AI score0.00325EPSS
Exploits2References2
CVE
CVE
added 2025/10/03 11:28 a.m.38 views

CVE-2025-27237

CVE-2025-27237 affects Zabbix Agent and Agent 2 on Windows. The OpenSSL configuration is loaded from a path writable by low-privileged users, enabling an attacker to plant a malicious openssl.cnf that loads an arbitrary DLL at service restart, potentially achieving Local Privilege Escalation. The...

7.3CVSS6.5AI score0.00325EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/10/03 11:28 a.m.27 views

CVE-2025-27237 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

7.3CVSS0.00325EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.6 views

CVE-2024-27237

In wipensmemory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.2AI score0.00088EPSS
Exploits0References1
Circl
Circl
added 2024/03/11 8:26 p.m.4 views

CVE-2024-27237

creationtimestamp| type| source ---|---|--- 2024-03-11 20:26:43+00:00| seen| https://t.me/ctinow/205024 2025-02-18 21:11:31+00:00| seen| Telegram/0CTfQtYLZ2ub03XB3s1BZ5TyP3Me3COld2GoxAafxlcFc6Tm...

5.5CVSS4.8AI score0.00088EPSS
Exploits0References1
CVE
CVE
added 2024/03/11 6:55 p.m.108 views

CVE-2024-27237

CVE-2024-27237 involves a logic error in wipe_ns_memory() within nsmemwipe.c that can cause an incorrect size calculation. This flaw permits local information disclosure without requiring elevated privileges or user interaction. The vulnerability is described across multiple sources (NVD/Red Hat/...

5.5CVSS6AI score0.00088EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2023/05/12 2:26 p.m.7 views

CVE-2023-27237

creationtimestamp| type| source ---|---|--- 2023-05-12 14:26:55+00:00| seen| https://t.me/cibsecurity/63999 2025-01-24 20:04:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3002...

6.1CVSS6AI score0.00587EPSS
Exploits0References2
OSV
OSV
added 2023/05/12 11:15 a.m.24 views

CVE-2023-27237

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack...

6.1CVSS7.6AI score0.00587EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/05/12 12:0 a.m.10 views

CVE-2023-27237

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack...

7.3AI score0.00587EPSS
Exploits0References5
CVE
CVE
added 2023/05/12 12:0 a.m.55 views

CVE-2023-27237

LavaLite CMS v9.0.0 is reported vulnerable to a host header injection attack. The root cause cited across multiple sources is insufficient sanitization of HTTP host headers, enabling manipulation that could affect request routing or cache behavior. No explicit exploit details or in‑the‑wild activ...

6.1CVSS6.4AI score0.00587EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/04/21 4:32 a.m.79 views

CVE-2022-27237

CVE-2022-27237 describes a cross-site scripting (XSS) vulnerability in an NI Web Server component used with several NI products. The advisory indicates the affected surface is the NI Web Server component across multiple NI product deployments, with remediation guidance requiring upgrading to one ...

6.1CVSS6AI score0.00525EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2022/04/21 4:32 a.m.28 views

CVE-2022-27237

There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...

6.2AI score0.00525EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2021/04/25 12:0 a.m.4 views

OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)

An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.00876EPSS
Exploits8
CVE
CVE
added 2021/04/15 1:37 p.m.56 views

CVE-2020-27237

CVE-2020-27237 affects OpenClinic GA 5.173.3. The vulnerability is an SQL injection in the getAssets.jsp page, allowing unauthenticated injection via multiple input parameters (e.g., supplierUID, serviceuid, nomenclature, description, code, etc.) as shown in the connected advisories. Multiple sou...

9.8CVSS9.8AI score0.00866EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2021/02/16 10:48 p.m.5 views

CVE-2021-27237

creationtimestamp| type| source ---|---|--- 2021-02-16 22:48:13+00:00| seen| https://t.me/cibsecurity/23680...

4.8CVSS4.9AI score0.0096EPSS
Exploits1References1
OSV
OSV
added 2021/02/16 7:15 p.m.13 views

CVE-2021-27237

The admin panel in BlackCat CMS 1.3.6 allows stored XSS by an admin via the Display Name field to backend/preferences/ajaxsave.php...

4.8CVSS5.7AI score
Exploits0References3
CVE
CVE
added 2021/02/16 6:23 p.m.47 views

CVE-2021-27237

The CVE-2021-27237 issue affects BlackCat CMS 1.3.6: the admin panel allows stored XSS via the Display Name field sent to backend/preferences/ajax_save.php. Multiple connected records (Red Hat, CNVD, NVD, OSV, etc.) document this stored XSS in BlackCat CMS 1.3.6, with no further technical details...

4.8CVSS4.8AI score0.0096EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder