CVE-2022-27258

Multiple Cross-Site Scripting XSS vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter...

CVE-2025-27258

creationtimestamp| type| source ---|---|--- 2025-10-13 07:13:08+00:00| seen| Telegram/hZ02D8mMsGGgMocYjEJDhPNB5Brhz3JWFNr1ar5PufLztoU...

CVE-2025-27258 Ericsson Network Manager: escalation of privilege vulnerability

Ericsson Network Manager ENM versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege...

CVE-2023-27258

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers...

CVE-2023-27258 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers...

CVE-2023-27258 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers...

CVE-2023-27258

CVE-2023-27258 affects the IDAttend IDWeb application, versions 3.1.052 and earlier. The root cause is a missing authentication check in the GetStudentGroupStudents method, allowing unauthenticated attackers to retrieve student and teacher data. Exploitation status is not specified in the provide...

CVE-2022-27258

creationtimestamp| type| source ---|---|--- 2022-04-15 20:20:20+00:00| seen| https://t.me/cibsecurity/40884...

CVE-2022-27258

CVE-2022-27258 corresponds to multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla up to version 7.0.3. The issue arises from the rpath parameter, enabling a remote attacker to include arbitrary web script or HTML. Affected product: Hubzilla (core) prior to 7.0.3. Root cause details ar...

SolarWinds Orion Platform 2020.2.0 < 2020.2.4

The version of SolarWinds Orion Platform installed on the remote host is prior to 2020.2.4. It is, therefore, affected by a vulnerability as referenced in the orionplatform202024 advisory. - This vulnerability allows remote attackers to execute escalate privileges on affected installations of...

CVE-2021-27258

SolarWinds Orion Platform 2020.2 is affected by CVE-2021-27258 through an improper access control in the SaveUserSetting endpoint, enabling unauthenticated privilege escalation from Guest to Administrator. This is a network-authless issue, with multiple sources (ZDI advisory ZDI-21-192, Red Hat a...

CVE-2020-27258

creationtimestamp| type| source ---|---|--- 2021-01-20 00:26:27+00:00| seen| https://t.me/cibsecurity/22313...

CVE-2020-27258

The CVE-2020-27258 issue affects SOOIL Dana Diabecare RS pumps and the AnyDana-i/AnyDana-A mobile apps. It is an information-disclosure vulnerability in the BLE communication protocol that allows unauthenticated attackers within Bluetooth proximity to extract the pump keypad lock PIN. Public sour...