34 matches found
CVE-2026-27919
creationtimestamp| type| source ---|---|--- 2026-04-14 15:49:19+00:00| seen| https://www.thezdi.com/blog/2026/4/14/the-april-2026-security-update-review 2026-04-14 17:55:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116404344289228337 2026-04-14 20:09:15+00:00| seen|...
CVE-2026-0772
Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...
CVE-2026-0772
Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...
CVE-2025-27919
creationtimestamp| type| source ---|---|--- 2025-11-06 17:28:49+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115503931619214286...
CVE-2025-27919
An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...
Linux Distros Unpatched Vulnerability : CVE-2021-27919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which...
CVE-2020-27919
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution...
CVE-2024-27919
creationtimestamp| type| source ---|---|--- 2024-04-09 08:14:27+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6990 2024-04-09 15:41:27+00:00| published-proof-of-concept| https://t.me/proxybar/1998 2024-04-09 21:09:22+00:00| seen| https://t.me/arpsyndicate/4424...
CVE-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an...
CVE-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an...
Security Advisory 0094
Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the following...
BELL-CVE-2021-27919 CVE-2021-27919 does not affect BellSoft software
Bulletin has no description...
CVE-2023-27919
CVE-2023-27919 describes an authentication bypass in the NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) , affecting all versions. The vulnerability allows a remote unauthenticated attacker to alter information stored in the system. The provided documents do not include a published fix or...
Amazon Linux 2 : golang, --advisory ALAS2-2022-1830 (ALAS-2022-1830)
The version of golang installed on the remote host is prior to 1.18.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1830 advisory. A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an...
Important: golang
Issue Overview: An out of bounds read vulnerability was found in golang. When using the archive/zip standard library stdlib and an unexpected file is parsed, it can cause golang to attempt to read outside of a slice array causing a panic in the runtime. A potential attacker can use this...
CVE-2022-27919
creationtimestamp| type| source ---|---|--- 2022-03-25 23:30:54+00:00| seen| https://t.me/cibsecurity/39577...
CVE-2022-27919
CVE-2022-27919 affects Gradle Enterprise prior to 2022.1. The issue allows remote code execution when the installation process omits an initial configuration file, because the configuration enables anonymous access to administration and the API. Impact is demonstrated as remote code execution wit...
Fedora: Security Advisory for golang (FEDORA-2021-6a3024b3fd)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)
Summary IBM Cloud Private is vulnerable to a Go vulnerability Vulnerability Details CVEID: CVE-2021-27919 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with “../”. By persuading a victim to open a...
Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-27919)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-27919 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with “../”. By persuading a victim to...