42 matches found
Changedetection.io RSS Single Watch - Cross-Site Scripting
changedetection.io 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL. id: CVE-2026-27645 info: name: Changedetection.io RSS...
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...
CVE-2026-27645
creationtimestamp| type| source ---|---|--- 2026-02-23 20:40:13+00:00| published-proof-of-concept| https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w 2026-02-25 05:52:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfnyhqe6aq2u...
CVE-2022-27645
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...
MAL-2025-27645 Malicious code in node-red-contrib-objstore (npm)
The package node-red-contrib-objstore was found to contain malicious code...
CVE-2025-27645
creationtimestamp| type| source ---|---|--- 2025-03-06 00:00:15+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6s7nlzp2v 2025-03-06 02:16:25+00:00| seen| Telegram/HJXkiRMjIdD6blqOzFjmpeXVwHs6GaSyLwwIpnDF2ng9SHpD 2025-03-06 12:00:10+00:00| seen|...
CVE-2025-27645
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...
CVE-2025-27645
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 and Application 20.0.2368 allows insecure extension installation by trusting HTTP permission methods on the server side. This vulnerability, CVE-2025-27645, is reported with a CVSS v3.1 base score of 9.8 (NETWORK, HIGH im...
CVE-2025-27645
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...
Siemens SIMATIC S7-1500 TM MFP BIOS Double Free (CVE-2021-27645)
The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. This...
glibc security update
2.17-326.3 - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi 2.17-326.3 - nscd: Fix timeout type in netgroup cache RHEL-34263 2.17-326.2 - nscd: Do not use sendfile for the netgroup cache - nscd: Use-after-free in netgroup cache - CVE-2024-33599: nscd: buffer overflow in...
USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library ...
CVE-2023-27645
creationtimestamp| type| source ---|---|--- 2023-04-11 16:23:23+00:00| seen| https://t.me/cibsecurity/61862 2025-02-14 10:00:36+00:00| seen| Telegram/NSkSgVEwnMSF5jFGjNpW86GU7OPY28XMmeX0wCEbvMm1XJ...
CVE-2023-27645
An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters...
CVE-2023-27645
POWERAMP audioplayer (versions 925–954) contains a vulnerability that allows a remote attacker to gain privileges via the reverb and EQ preset parameters. The issue is documented across multiple sources (NVD/Red Hat and PT-Software) as a high-severity vulnerability with network access and no requ...
CVE-2022-27645
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...
CVE-2022-27645
CVE-2022-27645 affects NETGEAR R6700v3 routers. The flaw in readycloud_control.cgi allows network-adjacent attackers to bypass authentication, gaining code execution in the root context. Impact is high (C/H/I/A). Sources note this is tied to ZDI-15762; no explicit fix/version is provided in the c...
CVE-2022-27645
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...
Security Bulletin: Redhat glibc Vulnerability affects Watson Speech Services
Summary A Redhat glibc Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-27645 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by...
NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2022-0085)
The remote NewStart CGSL host, running version MAIN 6.02, has glibc packages installed that are affected by multiple vulnerabilities: - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE...