CVE-2026-27475

creationtimestamp| type| source ---|---|--- 2026-02-19 19:34:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfadn3dema2c 2026-02-24 21:20:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfn3tvv3k42m...

CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2026-27475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An...

CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

CVE-2022-27475

Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...

CVE-2025-27475

Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally...

CVE-2025-27475 Windows Update Stack Elevation of Privilege Vulnerability

...

CVE-2025-27475

CVE-2025-27475 is a Windows Update Stack elevation-of-privilege vulnerability. Description: sensitive data stored in improperly locked memory within the Windows Update Stack can enable a locally authenticated attacker to escalate privileges. CVSS v3.1 metrics indicate LOCAL attack vector, HIGH im...

CVE-2023-27475

creationtimestamp| type| source ---|---|--- 2023-03-07 20:23:43+00:00| seen| https://t.me/cibsecurity/59601...

CVE-2023-27475

This CVE concerns github.com/gookit/goutil, specifically the Unzip logic in fsutil.Unzip that can be exploited for path traversal (Zip Slip). The issue affects versions prior to 0.6.0 and is fixed by upgrading to 0.6.0 or later. The vulnerability arises from insufficient validation of relative fi...

CVE-2023-27475 Goutil vulnerable to path traversal when unzipping files

Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version...

CVE-2022-27475

creationtimestamp| type| source ---|---|--- 2022-04-13 16:23:33+00:00| seen| https://t.me/cibsecurity/40715...

CVE-2022-27475

Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...

CVE-2022-27475

CVE-2022-27475 is an XSS vulnerability in tramyardg hotel-mgmt-system (version 1.0) due to lack of proper data validation/escaping in /admin.php. Exploitation would allow execution of arbitrary JavaScript in the victim’s browser; impact details are described in the linked records as client-side s...

CVE-2021-27475

Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier is affected by CVE-2021-27475 due to deserialization of untrusted data. The vulnerability allows a crafted malicious serialized object to execute remote code when opened by a local CCW user, requiring user interaction....

CVE-2021-27475 Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

CVE-2021-27475 Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

OSV-2020-2158 Global-buffer-overflow in arrow::Status arrow::internal::ValidateArrayFullImpl::ValidateListLike<arrow::Li

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27475 Crash type: Global-buffer-overflow READ 4 Crash state: arrow::Status arrow::internal::ValidateArrayFullImpl::ValidateListLikearrow::Li arrow::internal::ValidateArrayFullImpl::ValidateWithType...