CVE-2026-27884

creationtimestamp| type| source ---|---|--- 2026-02-26 02:10:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfq4jc5s4c2v 2026-03-05 21:51:33+00:00| seen| https://infosec.exchange/users/obivan/statuses/116178779673639923 2026-03-05 21:51:41+00:00| seen|...

CVE-2026-27884

NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...

CVE-2026-27884

CVE-2026-27884 affects NetExec’s spider_plus module prior to version 1.5.1, where saving files from SMB shares could be manipulated due to path traversal characters like ../ in SMB paths. An attacker could craft a filename in an SMB share that, when spider_plus crawls and downloads, writes or ove...

CVE-2024-27884

This issue was addressed with a new entitlement. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to access user-sensitive data...

CVE-2022-27884

creationtimestamp| type| source ---|---|--- 2022-03-25 21:31:15+00:00| seen| https://t.me/cibsecurity/39568...

CVE-2021-27884

creationtimestamp| type| source ---|---|--- 2021-03-02 02:49:52+00:00| seen| https://t.me/cibsecurity/24317...

CVE-2021-27884

The vulnerability CVE-2021-27884 affects YMFE YApi up to version 1.9.2, where JWT signing secret is generated using Math.random() in Node.js. This weak randomness allows an attacker to recreate other users’ JWTs by exploiting predictable secret generation. Connected advisories (GHSA-2H3H-VW8R-82R...