Lucene search
K

42 matches found

Nuclei
Nuclei
added 19 hours ago29 views

Changedetection.io RSS Single Watch - Cross-Site Scripting

changedetection.io 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL. id: CVE-2026-27645 info: name: Changedetection.io RSS...

6.1CVSS6AI score0.00445EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/25 4:6 a.m.23 views

CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

6.1CVSS0.00445EPSS
Exploits1References2
Circl
Circl
added 2026/02/23 8:40 p.m.8 views

CVE-2026-27645

creationtimestamp| type| source ---|---|--- 2026-02-23 20:40:13+00:00| published-proof-of-concept| https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w 2026-02-25 05:52:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfnyhqe6aq2u...

6.1CVSS5.7AI score0.00445EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.9 views

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...

8.8CVSS7AI score0.01277EPSS
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-27645 Malicious code in node-red-contrib-objstore (npm)

The package node-red-contrib-objstore was found to contain malicious code...

7.2AI score
Exploits0
Circl
Circl
added 2025/03/06 12:0 a.m.26 views

CVE-2025-27645

creationtimestamp| type| source ---|---|--- 2025-03-06 00:00:15+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6s7nlzp2v 2025-03-06 02:16:25+00:00| seen| Telegram/HJXkiRMjIdD6blqOzFjmpeXVwHs6GaSyLwwIpnDF2ng9SHpD 2025-03-06 12:00:10+00:00| seen|...

9.8CVSS5.8AI score0.00832EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/05 12:0 a.m.8 views

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

7.2AI score0.00832EPSS
Exploits1References2
CVE
CVE
added 2025/03/05 12:0 a.m.70 views

CVE-2025-27645

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 and Application 20.0.2368 allows insecure extension installation by trusting HTTP permission methods on the server side. This vulnerability, CVE-2025-27645, is reported with a CVSS v3.1 base score of 9.8 (NETWORK, HIGH im...

9.8CVSS7.2AI score0.00832EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2025/03/05 12:0 a.m.34 views

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

0.00832EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.8 views

Siemens SIMATIC S7-1500 TM MFP BIOS Double Free (CVE-2021-27645)

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. This...

2.5CVSS6.3AI score0.00374EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2024/06/05 12:0 a.m.394 views

glibc security update

2.17-326.3 - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi 2.17-326.3 - nscd: Fix timeout type in netgroup cache RHEL-34263 2.17-326.2 - nscd: Do not use sendfile for the netgroup cache - nscd: Use-after-free in netgroup cache - CVE-2024-33599: nscd: buffer overflow in...

7.5CVSS8.8AI score0.8833EPSS
Exploits16
Cloud Foundry
Cloud Foundry
added 2023/05/18 12:0 a.m.45 views

USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library ...

9.8CVSS8.9AI score0.05223EPSS
Exploits5Affected Software3
Circl
Circl
added 2023/04/11 4:23 p.m.6 views

CVE-2023-27645

creationtimestamp| type| source ---|---|--- 2023-04-11 16:23:23+00:00| seen| https://t.me/cibsecurity/61862 2025-02-14 10:00:36+00:00| seen| Telegram/NSkSgVEwnMSF5jFGjNpW86GU7OPY28XMmeX0wCEbvMm1XJ...

9.8CVSS8.7AI score0.01455EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/11 12:0 a.m.24 views

CVE-2023-27645

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters...

9.7AI score0.01455EPSS
Exploits1References3
CVE
CVE
added 2023/04/11 12:0 a.m.63 views

CVE-2023-27645

POWERAMP audioplayer (versions 925–954) contains a vulnerability that allows a remote attacker to gain privileges via the reverb and EQ preset parameters. The issue is documented across multiple sources (NVD/Red Hat and PT-Software) as a high-severity vulnerability with network access and no requ...

9.8CVSS9.4AI score0.01455EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/03/29 7:15 p.m.23 views

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...

8.8CVSS9AI score0.01277EPSS
Exploits0References2
CVE
CVE
added 2023/03/29 12:0 a.m.68 views

CVE-2022-27645

CVE-2022-27645 affects NETGEAR R6700v3 routers. The flaw in readycloud_control.cgi allows network-adjacent attackers to bypass authentication, gaining code execution in the root context. Impact is high (C/H/I/A). Sources note this is tied to ZDI-15762; no explicit fix/version is provided in the c...

8.8CVSS8.9AI score0.01277EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/29 12:0 a.m.10 views

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...

8.8CVSS8.9AI score0.01277EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.48 views

Security Bulletin: Redhat glibc Vulnerability affects Watson Speech Services

Summary A Redhat glibc Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-27645 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by...

2.5CVSS6.3AI score0.00374EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/14 12:0 a.m.33 views

NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2022-0085)

The remote NewStart CGSL host, running version MAIN 6.02, has glibc packages installed that are affected by multiple vulnerabilities: - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE...

9.8CVSS7.9AI score0.04729EPSS
Exploits5References19
Rows per page
Query Builder