15 matches found
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
CVE-2026-27461
creationtimestamp| type| source ---|---|--- 2026-02-23 09:10:51+00:00| published-proof-of-concept| https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp 2026-02-24 05:32:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mflgv2iel42n 2026-02-25 05:40:18+00:00|...
CVE-2025-27461
During startup, the device automatically logs in the EPC2 Windows user without requesting a password...
CVE-2025-27461
CVE-2025-27461 affects the Endress+Hauser MEAC300-FNADE4 emissions data management device. The root cause is startup-time automatic login of the EPC2 Windows user without a password, effectively bypassing authentication and enabling full access where the device is physically reachable. The CVE is...
CVE-2024-27461
Incorrect default permissions in software installer for IntelR MAS GUI may allow an authenticated user to potentially enable denial of service via local access...
CVE-2024-27461
creationtimestamp| type| source ---|---|--- 2024-08-14 17:23:13+00:00| seen| https://t.me/cvedetector/3144...
CVE-2024-27461
Incorrect default permissions in software installer for IntelR MAS GUI may allow an authenticated user to potentially enable denial of service via local access...
Intel® MAS (GUI) Software Advisory
Summary: A potential security vulnerability in Intel® Memory and Storage Tool GUI Intel® MAS may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-27461 Description: Incorrect default permissions in softwa...
CVE-2023-27461
Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...
CVE-2023-27461
Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...
CVE-2023-27461 WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...
CVE-2023-27461
CVE-2023-27461 is a CSRF vulnerability in the WordPress plugin When Last Login (
CVE-2022-27461
CVE-2022-27461 affects nopCommerce 4.50.1. The vulnerability is an open redirect triggered when a user is lured to authenticate on a nopCommerce page by clicking a crafted link. Primary details across connected sources confirm the issue and its basic trigger, but there are no explicit public deta...
CVE-2020-27461
CVE-2020-27461 affects SEOPanel, where a remote code execution was possible via an authenticated file upload in the Settings Panel > Import website function on version 4.6.0. The vulnerability has been fixed in 4.7.0. The connected sources consistently describe the issue and its remediation (u...
CVE-2021-27461
CVE-2021-27461 is a path traversal vulnerability in Emerson Rosemount X-STREAM Gas Analyzer web servers. Affected products include X-STREAM enhanced XEGP, XEGK, XEFD, and XEXF (all revisions). The underlying issue allows an attacker to access stored data by crafting specific URLs, consistent with...