12 matches found
CVE-2026-27793
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...
CVE-2021-27707
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without...
CVE-2025-27707
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for IntelR TiberTM Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access...
CVE-2024-27707
Server Side Request Forgery SSRF vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file...
CVE-2024-27707
creationtimestamp| type| source ---|---|--- 2024-03-07 22:27:02+00:00| seen| https://t.me/ctinow/202841...
CVE-2024-27707
Server Side Request Forgery SSRF vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file...
CVE-2024-27707
CVE-2024-27707 affects hcengineering Huly Platform v0.6.202. The vulnerability is a Server Side Request Forgery (SSRF) in the file upload path that allows attackers to run arbitrary code via a crafted SVG file. Multiple sources (NVD/Red Hat/CNNVD and related CVE ecosystems) confirm the presence o...
CVE-2024-27707
Server Side Request Forgery SSRF vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file...
CVE-2023-27707
creationtimestamp| type| source ---|---|--- 2023-03-16 17:31:02+00:00| seen| https://t.me/cibsecurity/60153...
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...
CVE-2023-27707
CVE-2023-27707 affects DedeCMS v5.7.106. It describes an SQL injection in /dede/group_store.php via the rank_* parameter, enabling a remote attacker to execute arbitrary code. The CVSS v3.1 base score is 7.2 (HIGH) with network attack, low complexity, and no user interaction; impact on confidenti...
CVE-2021-27707
CVE-2021-27707 affects Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN. The issue is a buffer overflow in the port mapping feature: the function formDelPortMapping directly passes the parameter portMappingIndex to strcpy without bounds checking, enabling arbitrary code execution via a ...