Photon OS 5.0: Telegraf PHSA-2026-5.0-0841

An update of the telegraf package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0841. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-27889 vulnerabilities

Vulnerabilities for packages: k3s, rke2-runtime-fips, milvus...

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker...

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker...

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker...

CVE-2025-27889

Technical details for CVE-2025-27889 are not provided in the connected documents; the supplied materials focus on CVE-2025-47812 and lack specifics (product/version/impact) for CVE-2025-27889. Monitor for updates.

CVE-2023-27889

Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...

CVE-2024-27889

creationtimestamp| type| source ---|---|--- 2024-03-04 21:26:16+00:00| seen| https://t.me/ctinow/199609 2024-03-04 21:26:20+00:00| seen| https://t.me/ctinow/199613...

CVE-2024-27889 Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW).

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall NGFW. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with...

CVE-2023-27889

creationtimestamp| type| source ---|---|--- 2023-05-10 12:20:26+00:00| seen| https://t.me/cibsecurity/63725...

CVE-2023-27889

CVE-2023-27889 — LIQUID SPEECH BALLOON plugin : A CSRF vulnerability affecting WordPress plugin versions prior to 1.2. The issue allows a remote unauthenticated attacker to hijack a user’s session and perform unintended operations by forcing the user to view a malicious page. A fix exists in vers...

CVE-2023-27889

Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...

CVE-2023-27889

Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...

WordPress LIQUID SPEECH BALLOON Plugin < 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software LIQUID SPEECH BALLOON Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27889 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b1811e420432 Credits Ryo Sato of BroadBa...

CVE-2022-27889

creationtimestamp| type| source ---|---|--- 2022-06-14 18:23:56+00:00| seen| https://t.me/cibsecurity/44406...

CVE-2022-27889

CVE-2022-27889 concerns the Multipass service used in Palantir Foundry. The issue arises from code paths that can be abused to perform an application‑level denial of service on authentication or authorization operations, potentially causing failures and degraded login performance for affected env...

MyBB 1.8.25 - Chained Remote Command Execution

Exploit Title: MyBB 1.8.25 - Chained Remote Command Execution Exploit Author: SivertPL [email protected] Date: 19.03.2021 Description: Nested autourl Stored XSS - templateset second order SQL Injection leading to RCE through improper string interpolation in eval. Software Link:...

CVE-2021-27889

creationtimestamp| type| source ---|---|--- 2021-03-15 19:29:06+00:00| seen| https://t.me/cibsecurity/24904 2021-03-22 10:14:45+00:00| exploited| https://t.me/infobes/301 2021-03-29 05:54:18+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2955 2024-11-14 06:08:18+00:00|...

CVE-2021-27889

CVE-2021-27889 is an XSS vulnerability in MyBB’s message parsing via Nested Auto URLs present in versions prior to 1.8.26. The issue arises when processing user-supplied content, potentially allowing an attacker to inject HTML/JS in forums, posts, or private messages. Public sources (NVD) describ...