CVE-2026-27615

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

CVE-2021-27615

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615

creationtimestamp| type| source ---|---|--- 2025-03-10 19:38:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7041 2025-03-10 19:48:43+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114139864929960883 2025-03-10 23:13:49+00:00| seen|...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615

CVE-2025-27615 affects umatiGateway. The Red Hat entry describes that the user interface may be publicly accessible when using the provided docker-compose file, allowing configuration to be viewed and altered. The root cause appears to be UI exposure beyond localhost, with a patch in commit 5d81a...

CVE-2023-27615

creationtimestamp| type| source ---|---|--- 2023-10-06 16:29:33+00:00| seen| https://t.me/cibsecurity/71719...

CVE-2023-27615

Cross-Site Request Forgery CSRF vulnerability in Dipak C. Gajjar WP Super Minify plugin = 1.5.1 versions...

CVE-2023-27615

CVE-2023-27615 affects the WP Super Minify WordPress plugin (versions = 1.6 or apply an appropriate mitigation per vendor advisories. The CVE description in the initial document confirms the CSRF nature and affected component, while other connected sources also consistently reference the same vul...

CVE-2023-27615 WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Dipak C. Gajjar WP Super Minify plugin = 1.5.1 versions...

CVE-2022-27615

CVE-2022-27615 affects Synology DNS Server prior to 2.2.2-5027, via a path traversal in the cgi component that can allow remote authenticated users to delete arbitrary files. The issue arises from improper restriction of pathnames to restricted directories. Connected sources confirm affected soft...

CVE-2021-27615

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...

CVE-2021-27615

SAP Manufacturing Execution versions 15.1, 1.5.2, 15.3, and 15.4 are affected by a cross-site scripting vulnerability due to missing HTTP security headers in HTTP responses. The described root cause is the absence of these headers, which can enable an attacker to execute XSS. Exploitation status,...

WordPress Loginizer log SQLi Scanner

Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in versions before 1.6.4. The vulnerable parameter is in the log parameter. Wordpress has forced updates of the plugin to all servers Module Options msf use auxiliary/scanner/http/wploginizerlogsqli msf...

WordPress Loginizer Plugin SQL injection (CVE-2020-27615)

An SQL injection vulnerability exists in WordPress Loginizer Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

CVE-2020-27615

creationtimestamp| type| source ---|---|--- 2020-10-22 00:51:26+00:00| seen| https://t.me/cibsecurity/15509 2020-11-05 14:43:56+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wploginizerlogsqli.rb 2025-02-06 03:13:44+00:00| seen|...

WordPress Loginizer plugin < 1.6.4 blind SQLi (CVE-2020-27615)

The Loginizer Plugin for WordPress running on the remote web server is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting ...

CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

CVE-2020-27615

The CVE-2020-27615 entry concerns the WordPress Loginizer plugin prior to 1.6.4. Affected component: loginizer_log or related backend SQL paths in the plugin. Root cause: unauthenticated SQL injection due to improper input handling (noted as via the log parameter, loginizer_login_failed, and lz_v...