CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...

CVE-2021-27577

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

CVE-2026-27577

creationtimestamp| type| source ---|---|--- 2026-02-26 00:40:19+00:00| seen| https://gist.github.com/alon710/047ec00f4a4d15a45b489fce0a995744 2026-02-26 00:50:19+00:00| seen| https://gist.github.com/alon710/166e0bc3fefcdaa30e1841507d50e54c 2026-02-26 00:54:37+00:00| seen|...

CVE-2026-27577

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-27577 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-27577 Source advisory: OSV:GHSA-VPCF-GVG4-6QWR...

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise servic...

Linux Distros Unpatched Vulnerability : CVE-2021-27577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0...

CVE-2025-27577

creationtimestamp| type| source ---|---|--- 2025-08-11 05:56:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lw44flgpzh2e...

CVE-2023-27577

Summary : CVE-2023-27577 affects flarum prior to 1.7.0. A compromised admin account can exploit a flaw in the LESS parser to perform path traversal and read sensitive server files (e.g., /etc/passwd) by supplying an absolute path in the custom LESS setting. The vulnerability’s impact depends on t...

CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

CVE-2022-27577

creationtimestamp| type| source ---|---|--- 2022-04-12 00:25:58+00:00| seen| https://t.me/cibsecurity/40544...

CVE-2022-27577

The CVE-2022-27577 vulnerability affects SICK MSC800 PLCs (all versions before 4.15). The root cause is a TCP initial sequence number that can be predicted, enabling an attacker to send forged packets that appear to originate from a trusted host and potentially compromise MSC800 services. Affecte...

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise servic...

CVE-2021-27577

creationtimestamp| type| source ---|---|--- 2021-12-23 09:12:11+00:00| published-proof-of-concept| https://t.me/ptswarm/98...

Debian DSA-4957-1 : trafficserver - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4957 advisory. - Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0...

Apache Traffic Server (ATS) 7.0.0 < 8.1.2, 9.0.0 < 9.0.2 Multiple Vulnerabilities

Apache Traffic Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:trafficserver"...

CVE-2021-27577

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...