CVE-2021-27528

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter...

CVE-2026-27528

Not used...

CVE-2022-27528

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

CVE-2025-27528

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: OSV:GHSA-98V7-XXXV-HCRH...

org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255363...

org.apache.inlong:manager-client (>=1.1.0-incubating <=2.1.0), org.apache.inlong:manager-client-examples (>=1.1.0-incubating <=2.1.0) +3 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-common (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-common MAVEN version =1.13.0, =1.1.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255362...

CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

CVE-2025-27528

CVE-2025-27528 describes a deserialization of untrusted data vulnerability in Apache InLong (versions 1.13.0–2.1.0) that can bypass InLong JDBC security and lead to arbitrary file reading. Public sources (Red Hat, NVD, and CVE records) consistently indicate the affected component as InLong JDBC a...

CVE-2025-27528

creationtimestamp| type| source ---|---|--- 2025-05-28 01:38:24+00:00| seen| https://seclists.org/oss-sec/2025/q2/172 2025-05-28 04:03:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lq7d4ejslm2z 2025-05-28 08:18:46+00:00| seen|...

CVE-2024-27528

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution...

CVE-2024-27528

creationtimestamp| type| source ---|---|--- 2024-11-08 21:28:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113449454744891513 2024-11-08 23:54:02+00:00| seen| https://t.me/cvedetector/10233...

CVE-2024-27528

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution...

CVE-2022-27528

creationtimestamp| type| source ---|---|--- 2022-04-12 00:25:56+00:00| seen| https://t.me/cibsecurity/40542...

CVE-2022-27528

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

CVE-2022-27528

Autodesk Navisworks 2022 is affected by a use-after-free vulnerability in the parsing of DWFX and SKP files, enabling potential code execution. The referenced advisories (ZDI for Navisworks Freedom/Manage, Red Hat and NVD variants) describe the fault as a parsing-time use-after-free in DWFX/SKP h...

CVE-2021-27528

creationtimestamp| type| source ---|---|--- 2021-03-23 17:38:21+00:00| seen| https://t.me/cibsecurity/25310...

CVE-2021-27528

DynPG 4.9.2 is affected by a cross-site scripting (XSS) vulnerability exploitable via the refID parameter. The issue permits remote attackers to inject JavaScript into victims’ sessions, with impact described as browser-level compromise for affected users. CVSS metrics included in the record show...

eIQNetworks ESA - Topology DELETEDEVICE Overflow (Metasploit)

$Id: eiqnetworksesatopology.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

eIQNetworks ESA Topology DELETEDEVICE Overflow

This module exploits a stack buffer overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the DELETEDEVICE command in the Topology server, a stack-based buffer overflow occurs. This module has only been tested against ESA v2.1.13. This module requires...