19 matches found
CVE-2021-27264
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2023-27264
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/playbookID API...
CVE-2020-27264
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...
CVE-2025-27264
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through = 1.0.0...
CVE-2025-27264
creationtimestamp| type| source ---|---|--- 2025-03-03 18:03:48+00:00| seen| https://t.me/cvedetector/19367 2025-08-19 13:26:45+00:00| seen| MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72...
CVE-2025-27264
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through = 1.0.0...
CVE-2025-27264 WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through = 1.0.0...
CVE-2025-27264
CVE-2025-27264 corresponds to a WordPress plugin issue in NotFound Doctor Appointment Booking (WordPress Doctor Appointment Booking) that enables Local File Inclusion via PHP Include/Require. The CVE entry cites affected versions from n/a through 1.0.0. CIRCL and Red Hat CVE references further sp...
CVE-2025-27264 WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through = 1.0.0...
CVE-2024-27264
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563...
CVE-2024-27264 IBM Performance Tools for i privilege escalation
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563...
CVE-2024-27264 IBM Performance Tools for i privilege escalation
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563...
Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in IBM Performance Tools for i [CVE-2024-27264].
Summary IBM i is vulnerable to a user gaining elevated privilege due to a program being called without library qualification in IBM Performance Tools for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in th...
CVE-2023-27264 IDOR: Updating a playbook via the Playbooks API
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/playbookID API...
CVE-2023-27264
CVE-2023-27264 describes a missing permissions check in Mattermost Playbooks that allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. Root cause appears to be insufficient authorization on the Playbooks update path. Affected product: Mattermost Pl...
CVE-2023-27264 IDOR: Updating a playbook via the Playbooks API
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/playbookID API...
CVE-2021-27264
CVE-2021-27264 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability stems from improper validation in the handling of embedded U3D objects within PDF files, leading to an out-of-bounds read (read past end of an allocated object). This can allow a remote attacker who entices a user to view a m...
CVE-2020-27264
creationtimestamp| type| source ---|---|--- 2021-01-20 00:26:20+00:00| seen| https://t.me/cibsecurity/22306...
CVE-2020-27264
The CVE-2020-27264 issue affects Dana Diabecare RS, AnyDana-i and AnyDana-A: the insulin pump communication protocol uses deterministic keys, enabling unauthenticated, physically proximate attackers to brute-force keys over Bluetooth Low Energy. Affected versions are all prior to 3.0 for Dana Dia...