16 matches found
CVE-2026-27474
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
DEBIAN-CVE-2026-27474
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
Linux Distros Unpatched Vulnerability : CVE-2026-27474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not...
CVE-2025-27474
Use of uninitialized resource in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
CVE-2025-27474
Use of uninitialized resource in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
CVE-2025-27474
CVE-2025-27474 is a Windows RRAS vulnerability described as the use of an uninitialized resource that enables an unauthorized attacker to disclose information over a network. The connected sources corroborate that this CVE affects Windows Routing and Remote Access Service (RRAS) and result in inf...
CVE-2025-27474
creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review...
CVE-2024-27474
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery CSRF. This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators...
Exploit for Cross-Site Request Forgery (CSRF) in Leantime
Leantime-POC CVE-2024-27474, CVE-2024-27476, CVE-2024-27477...
CVE-2023-27474
Directus (real‑time API and App dashboard for SQL content) has a HTML injection vulnerability in reset URLs when an allow‑listed reset URL is used. The issue arises from query parameters in the reset URL, enabling an attacker to craft emails directing users to the server domain that may include m...
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
CVE-2022-27474
creationtimestamp| type| source ---|---|--- 2022-04-15 16:19:58+00:00| seen| https://t.me/cibsecurity/40850...
CVE-2022-27474
SuiteCRM v7.11.23 is affected by CVE-2022-27474, enabling remote code execution via a crafted payload injected into the FirstName field. The issue originates from improper handling/validation of externally entered data within a code path that builds a code segment, allowing an attacker to execute...
CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre...
CVE-2021-27474
CVE-2021-27474 affects Rockwell Automation FactoryTalk AssetCentre (v10.00 and earlier). The root issue is failure to properly restrict all functions relating to IIS remoting services, potentially allowing a remote, unauthenticated attacker to modify sensitive data in AssetCentre. Affected compon...