CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

Linux Distros Unpatched Vulnerability : CVE-2020-27511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS...

Security Bulletin: The Dashboard of IBM Sterling B2B Integrator is Vulnerable to Denial of Service Due to Prototype (CVE-2020-27511)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2020-27511 DESCRIPTION: Prototype is vulnerable to a denial of service, caused by a regular expression denial of service ReDOS flaw in the stripTags and unescapeHTML...

mod_jk and mod_proxy_cluster security update

modjk 1.2.49-1 - Related: RHEL-27511 - Rebase to upstream 1.2.49 release modproxycluster 1.3.20-1 - Rebase modcluster to upstream 1.3.20.Final tag - Related: RHEL-27497 - Rebase to upstream 1.3.20.Final release...

CVE-2022-27511

creationtimestamp| type| source ---|---|--- 2022-06-17 06:23:29+00:00| seen| https://t.me/itsecnews/834...

CVE-2022-27511: Citrix ADM Remote Device Takeover

On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their Application Delivery Management ADM product. A remote, unauthenticated attacker can leverage CVE-2022-27511 to reset administrator credentials to the default...

CVE-2022-27511 Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted...

CVE-2022-27511

CVE-2022-27511 affects Citrix Application Delivery Management (ADM). A remote, unauthenticated attacker could leverage an improper access-control flaw to reset the administrator password at the next device reboot, enabling access via SSH with default credentials. Patched versions exist (Citrix AD...

Citrix ADM 13.0.x < 13.0.85.19 / 13.1.x < 13.1.21.53 Multiple Vulnerabilities (CTX460016)

Multiple vulnerabilities exist in Citrix Application Delivery Management ADM 13.0 prior to 13.0-85.19 and 13.1 prior to 13.1-21.53. An unauthenticated, remote attacker can exploit this to reset the administrator password and gain administrative access to the appliance. Note that Nessus has not...

CVE-2020-27511

CVE-2020-27511 concerns a ReDOS flaw in Prototype 1.7.3 where the functions stripTags and unescapeHTML can be abused by crafted HTML to exhaust the regular expression engine, potentially causing a denial of service. Public detail confirms the affected software and the underlying cause, with the N...

CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...