CVE-2021-27434

Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior .NET 4.5, 4.0, and 3.5 Framework versions only are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27434)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27434 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set th...

MAL-2025-27434 Malicious code in nft-collection077 (npm)

The package nft-collection077 was found to contain malicious code...

CVE-2025-27434

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

CVE-2025-27434

creationtimestamp| type| source ---|---|--- 2025-03-11 01:41:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7081 2025-03-11 01:48:20+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114141278894705682 2025-03-11 02:00:59+00:00| seen|...

CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

Linux Distros Unpatched Vulnerability : CVE-2024-27434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP fla...

RockyLinux 8 : kernel-rt (RLSA-2024:5102)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5102 advisory. kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to never block...

kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

CVE-2024-27434 is a flaw in the Linux kernel’s iwlwifi driver related to handling Management Frame Protection MFP in certain Wi-Fi configurations. When connecting to an access point using TKIP as the group cipher, the driver incorrectly applies the MFP flag to the Group Temporal Key GTK, which is...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2024-27434 affecting package hyperv-daemons for versions less than 6.6.35.1-1

CVE-2024-27434 affecting package hyperv-daemons for versions less than 6.6.35.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2023-27434

Cross-Site Request Forgery CSRF vulnerability in WPGrim Classic Editor and Classic Widgets plugin = 1.2.5 versions...

CVE-2023-27434

CVE-2023-27434 affects WPGrim Classic Editor and Classic Widgets plugin (versions

CVE-2023-27434 WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WPGrim Classic Editor and Classic Widgets plugin = 1.2.5 versions...

WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Classic Editor and Classic Widgets Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27434 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c89f9ac26cdb Credits...

CVE-2022-27434

UNIT4 TETA Mobile Edition (ME) prior to 29.5.HF17 contains a SQL injection in the errorReporting page via the ProfileName parameter. Affected product: UNIT4 TETA Mobile Edition (ME). Root cause: improper handling of the ProfileName input enabling SQL injection. Impact per CVSS: high confidentiali...

CVE-2021-27434

CVE-2021-27434 affects Unified Automation .NET based OPC UA Client/Server SDK Bundle (versions up to 3.0.7 on .NET Framework 4.5, 4.0, 3.5). Root cause is an uncontrolled recursion that may trigger a stack overflow. Impact, per CVSS3.1: high confidentiality impact with no functional integrity or ...