CVE-2026-27290

creationtimestamp| type| source ---|---|--- 2026-04-15 01:19:06+00:00| seen| Telegram/dGt1m22sw1SGsA9Eug0OSHT5OJOK3joaNLENVhZetMIBpOs 2026-04-15 11:15:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjresr2ms27 2026-04-15 20:37:08+00:00| seen|...

MiracleLinux 8 : nodejs:14 (AXSA:2021-2343:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2343:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

CVE-2022-27290

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service DoS via the curTime parameter...

CVE-2024-27290

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...

Linux Distros Unpatched Vulnerability : CVE-2021-27290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely...

CVE-2025-27290

Cross-Site Request Forgery CSRF vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through = 1.0...

CVE-2025-27290

Cross-Site Request Forgery CSRF vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through = 1.0...

CVE-2025-27290 WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through = 1.0...

RHEL 8 : nodejs-ssri (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ssri: Regular expression DoS ReDoS when parsing malicious SRI in strict mode CVE-2021-27290 Note that Nessus...

CVE-2024-27290 Docassemble HTML and javascript injection

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

Security Bulletin: Docker based datastores for IBM Instana do not currently require authentication

Summary Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker with network or system access to the datastores could interrogate the datastores with read/write privileges CVE-2023-27290. Vulnerability Details CVEID:CVE-2023-27290 DESCRIPTION:...

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...

CVE-2023-27290

creationtimestamp| type| source ---|---|--- 2023-03-04 02:35:34+00:00| seen| https://t.me/cibsecurity/59411...

CVE-2023-27290 IBM Observability with Instana missing authentication

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

CVE-2023-27290

CVE-2023-27290 : Docker-based datastores for IBM Observability with Instana do not require authentication, enabling network-accessible read/write access. Affects IBM Observability with Instana versions 239-0..239-4, 241-0..241-5, 243-0..243-6, and 245-0..245-2. CVSSv3.1 base score 9.1 (CRITICAL) ...

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-27290 DESCRIPTION: Node.js ssri...

CVE-2022-27290

The CVE-2022-27290 entry concerns the D-Link DIR-619 Ax v1.00 router, where a stack overflow in the function formSetWanDhcpplus can cause a Denial of Service via the curTime parameter. The issue is documented across multiple connected sources (NVD, Red Hat, CNVD, CVE lists, etc.), consistently de...

Rocky Linux 8 : nodejs:12 (RLSA-2021:3073)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3073 advisory. - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the...

Rocky Linux 8 : nodejs:14 (RLSA-2021:3074)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3074 advisory. - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the...