CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

CVE-2026-27730

creationtimestamp| type| source ---|---|--- 2026-02-25 07:14:26+00:00| published-proof-of-concept| https://github.com/esm-dev/esm.sh/security/advisories/GHSA-p2v6-84h2-5x4r 2026-02-25 17:01:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfp5tgnldv2s 2026-02-25...

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

CVE-2025-27730

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally...

CVE-2025-27730

CVE-2025-27730 is a local privilege escalation in Windows Digital Media caused by a use-after-free. Authorized attackers can elevate privileges on affected Windows builds. Public vulnerability records confirm the issue and Microsoft has released security updates to fix it (e.g., KB5055527/KB50555...

CVE-2025-27730 Windows Digital Media Elevation of Privilege Vulnerability

...

CVE-2025-27730

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review...

CVE-2024-27730

creationtimestamp| type| source ---|---|--- 2024-08-15 21:49:47+00:00| seen| https://t.me/cvedetector/3283...

CVE-2024-27730

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature...

CVE-2024-27730

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature...

CVE-2023-27730

creationtimestamp| type| source ---|---|--- 2023-04-10 00:34:53+00:00| seen| https://t.me/cibsecurity/61728...

CVE-2023-27730

CVE-2023-27730 affects Nginx NJS 0.7.10 , with a segmentation violation in the function njs_lvlhsh_find located in src/njs_lvlhsh.c . The incident is reflected with a CVSS v3.1 base score of 7.5 (HIGH) and affects availability (A) while confidentiality and integrity are unchanged. The attack vect...

CVE-2023-27730

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njslvlhshfind at src/njslvlhsh.c...

CVE-2021-27730

The CVE-2021-27730 issue concerns Accellion FTA (versions up to 9_12_432). It describes an argument injection vulnerability accessible via a crafted POST to an admin endpoint. A fix is available in version FTA_9_12_444 and later. Impact is noted in public metrics (e.g., CVSS) as high/critical dep...

CVE-2020-27730

CVE-2020-27730 affects the NGINX Controller Agent : versions 1.0.1, 2.0.0–2.9.0, and 3.0.0–3.9.0 do not use absolute paths when invoking system utilities, enabling a local attacker to escalate privileges to root and execute arbitrary code. Public disclosures from Red Hat and F5 corroborate the vu...