Lucene search
K

85 matches found

Cvelist
Cvelist
added 2026/04/14 4:57 p.m.24 views

CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability

...

7.8CVSS0.00192EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 6:15 p.m.5 views

CVE-2025-27918

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing o...

9.8CVSS0.00443EPSS
Exploits1References2
Circl
Circl
added 2025/11/06 5:28 p.m.9 views

CVE-2025-27918

creationtimestamp| type| source ---|---|--- 2025-11-06 17:28:49+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115503931619214286...

9.8CVSS5.8AI score0.00443EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-27918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud...

7.8CVSS7.1AI score0.01361EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2021-27918)

The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-27918 advisory. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a...

7.5CVSS8AI score0.02543EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.7 views

RHEL 8 : Release of OpenShift Serverless Client kn 1.16.0 (Moderate) (RHSA-2021:2704)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2704 advisory. Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered a...

7.5CVSS7.2AI score0.03692EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.10 views

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2024-0053)

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously...

9.8CVSS7.2AI score0.16342EPSS
Exploits11References115
CBLMariner
CBLMariner
added 2024/07/24 1:44 a.m.15 views

CVE-2021-27918 affecting package python-tensorboard for versions less than 2.16.2-2

CVE-2021-27918 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...

7.5CVSS6.9AI score0.02543EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 7 : cli (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader CVE-2021-27918 Note th...

7.5CVSS9.6AI score0.02543EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.30 views

RHEL 8 : Release of OpenShift Serverless Client kn 1.17.0 (Moderate) (RHSA-2021:3555)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3555 advisory. Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered a...

7.5CVSS7.2AI score0.07032EPSS
Exploits5References20
Vulnrichment
Vulnrichment
added 2024/03/06 8:25 p.m.17 views

CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

8.2CVSS6.9AI score0.00965EPSS
Exploits0References5
CVE
CVE
added 2024/03/06 8:25 p.m.80 views

CVE-2024-27918

Coder’s CVE-2024-27918 describes an OIDC authentication flaw where the CODER_OIDC_EMAIL_DOMAIN verification can be bypassed, allowing registration/login with emails not on the allowlist when using public OIDC providers. Affected are Coder instances with OIDC enabled and domain-based allowlists, w...

8.2CVSS8.3AI score0.00965EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/03/06 8:25 p.m.31 views

CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

8.2CVSS8.5AI score0.00965EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/03/04 8:45 p.m.21 views

Coder's OIDC authentication allows email with partially matching domain to register

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider such as publi...

8.2CVSS6.9AI score0.00965EPSS
Exploits0References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.25 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:3076)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3076 advisory. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the midd...

7.5CVSS6.9AI score0.07032EPSS
Exploits2References10
Amazon
Amazon
added 2023/06/12 12:0 a.m.63 views

Important: webkitgtk4

Issue Overview: A logic issue was addressed with improved state management. CVE-2020-22592 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2,...

9.8CVSS9AI score0.34574EPSS
Exploits14
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 6:34 p.m.37 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-30633 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a...

7.5CVSS6.8AI score0.07492EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/10 12:0 a.m.10 views

CVE-2023-27918

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL...

6.2AI score0.00508EPSS
Exploits0References2
CVE
CVE
added 2023/05/10 12:0 a.m.51 views

CVE-2023-27918

The CVE-2023-27918 entry concerns a cross-site scripting (XSS) vulnerability in the WordPress plugin “Appointment and Event Booking Calendar for WordPress - Amelia.” Affected version range is Amelia prior to 1.0.76. The underlying issue is a failure to sanitize/escape user-controlled input, enabl...

6.1CVSS6.2AI score0.00508EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/10 12:0 a.m.14 views

CVE-2023-27918

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL...

6.4AI score0.00508EPSS
Exploits0References2
Rows per page
Query Builder