CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27748

creationtimestamp| type| source ---|---|--- 2026-03-03 15:37:09+00:00| seen| https://infosec.exchange/users/quarkslab/statuses/116165982849269143 2026-03-03 15:37:36+00:00| seen| https://bsky.app/profile/quarkslab.bsky.social/post/3mg63xocxwc2l 2026-03-05 18:01:35+00:00| seen|...

PT-2026-22806

Name of the Vulnerable Software and Affected Versions Avira Internet Security affected versions not specified Description An improper link resolution issue exists in the Software Updater component of Avira Internet Security. The Software Updater, running with SYSTEM privileges, deletes a file...

Microsoft Office Multiple Vulnerabilities (Apr 2025) - Mac OS X

This host is missing an important security update for Microsoft Office on Mac OSX according to Microsoft security update April 2025 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ROOT-OS-DEBIAN-12-CVE-2020-27748 CVE-2020-27748 in rootio-xdg-utils - Patched by Root

Root has patched CVE-2020-27748 in the rootio-xdg-utils package for Root:Debian:12. Multiple fixed versions available...

CVE-2025-27748

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2025-27748

CVE-2025-27748 is a Microsoft Office remote code execution vulnerability caused by a use-after-free in Office components. The issue permits a local attacker to execute code on an affected host. Public details in the provided documents indicate this vulnerability is addressed via Microsoft's April...

CVE-2025-27748

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-09 07:18:23+00:00| seen| https://poliverso.org/objects/0477a01e-45bed739-4cf70d274d3babdb 2025-04-10 11:32:21+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2020-27748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added vi...

CVE-2020-27748 affecting package xdg-utils 1.1.3-7

CVE-2020-27748 affecting package xdg-utils 1.1.3-7. No patch is available currently...

Advisory ROSA-SA-2024-2444

Software: xdg-utils 1.1.3 OS: ROSA-CHROME packageevrstring: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially send...

RHEL 7 : xdg-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xdg-utils: local file inclusion vulnerability CVE-2020-27748 - xdg-utils: improper parse of mailto URIs...

CVE-2021-27748

CVE-2021-27748 is associated with IBM WebSphere HCL Digital Experience and represents a Server-Side Request Forgery (SSRF) vulnerability that affects on‑premise deployments and containerized environments. The Nuclei template flags an SSRF issue in WebSphere DX, enabling an attacker to bypass secu...

CVE-2021-27748

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-27748.yaml...

CVE-2023-27748

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2023-27748

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2023-27748

CVE-2023-27748 affects BlackVue DR750-2CH LTE version 1.012_2022.10.26. The issue is that firmware uploads are not checked for authenticity, enabling an attacker to upload crafted firmware that can contain backdoors and allow arbitrary code execution. Documents confirm the vulnerability exists bu...

CVE-2023-27748

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2023-27748

creationtimestamp| type| source ---|---|--- 2023-04-12 19:26:45+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4160 2023-04-14 00:25:13+00:00| seen| https://t.me/cibsecurity/62081...

Amazon Linux 2023 : xdg-utils (ALAS2023-2023-007)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-007 advisory. A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to...