CVE-2026-27488

creationtimestamp| type| source ---|---|--- 2026-02-21 11:10:39+00:00| seen| https://gist.github.com/alon710/8020ebfa325f2d0cb09d65e8bdeb4cc0...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

CVE-2022-27488

A cross-site request forgery CSRF in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2,...

CVE-2020-27488

Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...

CVE-2025-27488

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally...

CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

...

CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

...

CVE-2025-27488

CVE-2025-27488 affects Microsoft Windows Hardware Lab Kit (HLK). The vulnerability arises from use of hard-coded credentials in HLK, enabling an authorized attacker to elevate privileges locally. The CVE is tracked in multiple feeds (NVD, MSRC) with a CVSSv3 base score of 6.7 (Medium) and a local...

CVE-2025-27488

creationtimestamp| type| source ---|---|--- 2025-05-13 16:27:02+00:00| seen| https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review 2025-05-13 18:30:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16182...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

CVE-2024-27488

ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...

CVE-2022-27488

CVE-2022-27488 describes a cross-site request forgery (CSRF) vulnerability in multiple Fortinet products (FortiVoiceEnterprise, FortiSwitch, FortiMail, FortiRecorder, FortiNDR) where an unauthenticated attacker can cause an authenticated admin to trigger commands on the CLI via a crafted HTTP GET...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.9 security update

Red Hat OpenShift Service Mesh 2.2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Envoy security bypass ( CVE-2023-27488)

Summary Potential Enyoy security bypass vulnerability CVE-2022-25881 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-27488 DESCRIPTION: Envoy could allow a remote attacker to...

CVE-2023-27488

creationtimestamp| type| source ---|---|--- 2023-04-04 22:25:49+00:00| seen| https://t.me/cibsecurity/61422...

CVE-2023-27488 vulnerabilities

Vulnerabilities for packages: envoy...

CVE-2023-27488 vulnerabilities

Vulnerabilities for packages: envoy...

CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

CVE-2021-27488

CVE-2021-27488 affects Datakit CrossCAD/Ware libraries (CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr) embedded in Luxion KeyShot up to v10.1. The vulnerability stems from improper validation when parsing CATPart files, enabling an out-of-bounds write and potential code exe...

CVE-2021-27488

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An...