CVE-2026-27266

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2021-27266

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

DEBIAN-CVE-2025-14933

NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-27266

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

CVE-2025-27266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

CVE-2025-27266

CVE-2025-27266 is a DOM-based XSS in the WordPress plugin Hover Image Button, with vulnerability reported for versions up to 1.1.2 and earlier. The connected documents confirm improper input neutralization during web page generation as the root cause. No explicit fix version is provided in the su...

CVE-2025-27266 WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

CVE-2025-27266 WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity (XXE) attack (CVE-2024-27266)

Summary IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2024-27266 DESCRIPTION: IBM Maximo Application Suite is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A...

CVE-2024-27266

creationtimestamp| type| source ---|---|--- 2024-03-14 20:27:02+00:00| seen| https://t.me/ctinow/208105 2024-03-14 20:32:04+00:00| seen| https://t.me/ctinow/208119...

Security Bulletin: IBM Maximo Asset Management application may be affected by XML External Entity (XXE) attack (CVE-2024-27266)

Summary IBM Maximo Asset Management application may be affected by XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2024-27266 DESCRIPTION: IBM Maximo Application Suite is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could...

CVE-2023-27266

creationtimestamp| type| source ---|---|--- 2023-02-27 18:28:14+00:00| seen| https://t.me/cibsecurity/58966...

CVE-2023-27266

Mattermost vulnerability CVE-2023-27266 arises from the API response construction for /api/v4/users/me/teams not honoring ShowEmailAddress. This allows a user with team admin privileges to learn the team owner's email address from the response. Affected software: Mattermost (web/API level). Root ...

CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

CVE-2021-27266

CVE-2021-27266 affects Foxit PhantomPDF 10.1.0.37527. The issue arises from improper validation in the handling of U3D objects embedded in PDF files, leading to an out-of-bounds read (read past end of an allocated object). An attacker can leverage this in conjunction with other vulnerabilities to...

CVE-2020-27266

creationtimestamp| type| source ---|---|--- 2021-01-20 00:26:25+00:00| seen| https://t.me/cibsecurity/22311...

CVE-2020-27266

CVE-2020-27266 affects Dana Diabecare RS, AnyDana-i and AnyDana-A insulin pumps and companion mobile apps. Description and connected advisories confirm a client-side control vulnerability that enables physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy, po...