CVE-2025-14500

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

Siemens SCALANCE LPE9403 Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-27394)

Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2025-27394

creationtimestamp| type| source ---|---|--- 2025-03-11 11:35:11+00:00| seen| Telegram/BUC-FpXySBJlIgXgQmiFYagG3wm0MhpRzVS07GXFjNvPGc 2025-03-11 11:35:12+00:00| seen| Telegram/7ohonUKXJXc8nNP-FALzHo1dYyqTYbEicJy56ekdY6IuU 2025-03-11 13:26:45+00:00| seen| https://t.me/cvedetector/20070 2025-03-13...

CVE-2025-27394

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2025-27394

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2024-27394

creationtimestamp| type| source ---|---|--- 2024-09-23 17:58:32+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/11175...

Ubuntu: Security Advisory (USN-6949-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27394

A use-after-free UAF vulnerability was found in the TCP implementation of the Linux kernel. This issue occurs when memory that has been deallocated is accessed or incorrectly, potentially leading to security risks, such as data corruption or arbitrary code execution. Mitigation Mitigation for thi...

CVE-2024-27394

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcpaoconnectinit Since callrcu, which is called in the hlistforeachentryrcu traversal of tcpaoconnectinit, is not part of the RCU read critical section, it is possible that the RCU grace period will pas...

CVE-2024-27394

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcpaoconnectinit Since callrcu, which is called in the hlistforeachentryrcu traversal of tcpaoconnectinit, is not part of the RCU read critical section, it is possible that the RCU grace period will pas...

SUSE CVE-2024-27394

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcpaoconnectinit Since callrcu, which is called in the hlistforeachentryrcu traversal of tcpaoconnectinit, is not part of the RCU read critical section, it is possible that the RCU grace period will pas...

BELL-CVE-2024-27394

Bulletin has no description...

CVE-2024-27394

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcpaoconnectinit Since callrcu, which is called in the hlistforeachentryrcu traversal of tcpaoconnectinit, is not part of the RCU read critical section, it is possible that the RCU grace period will pas...

CVE-2023-27394

creationtimestamp| type| source ---|---|--- 2023-03-29 00:46:14+00:00| seen| https://t.me/cibsecurity/60968...

CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

CVE-2023-27394

CVE-2023-27394 affects the Osprey Pump Controller; versions prior to 20230518 are vulnerable to an unauthenticated OS command injection via HTTP GET parameters in DataLogView.php, EventsView.php, and AlarmsView.php, allowing arbitrary shell commands to be executed. The issue is confirmed in multi...

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...

CVE-2021-27394

CVE-2021-27394 affects Mendix Application platforms (Mendix 7 versions before 7.23.19; Mendix 8 before 8.17.0; Mendix 8.12 before 8.12.5; Mendix 8.6 before 8.6.9; Mendix 9 before 9.0.5). Authenticated, non-administrative users can elevate privileges by manipulating user roles to gain administrati...