CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability

...

CVE-2026-27925

creationtimestamp| type| source ---|---|--- 2026-04-14 15:49:19+00:00| seen| https://www.thezdi.com/blog/2026/4/14/the-april-2026-security-update-review 2026-04-15 06:53:38+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0119...

CVE-2020-27925

An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call...

CVE-2025-27925

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input...

CVE-2025-27925

creationtimestamp| type| source ---|---|--- 2025-03-10 23:48:29+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114140807757279366 2025-03-11 00:54:06+00:00| seen| https://t.me/cvedetector/20002 2025-03-11 04:41:13+00:00| seen|...

CVE-2025-27925

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input...

CVE-2025-27925

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input...

CVE-2025-27925

Nintex Automation versions 5.6 and 5.7, prior to 5.8, are affected by insecure deserialization of user input. The CVE-2025-27925 entry describes a vulnerability in Nintex Automation with impact across confidentiality, integrity, and availability (per CVSS scores: high- to critical-severity ranges...

CVE-2025-27925

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input...

CVE-2023-27925

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-27925

CVE-2023-27925 is a cross-site scripting vulnerability in VK Blocks and VK Blocks Pro in the Post function, affecting version 1.53.0.1 and earlier. The issue allows an authenticated remote attacker to inject arbitrary scripts via the affected Post function. Public connected sources confirm the at...

JVN#95792402: WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Version| Vector| Score ---|---|--- CVSS v3|...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...

Metasploit Wrap-Up

Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...

Zimbra Zip Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Zip Path Traversal in Zimbra mboximport CVE-2022-27925', 'Description' = %q This module POSTs a ZIP file containing path...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

CVE-2022-27925 Description On May 10, 2022, Zimbra released...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

CVE-2022-27925 Setup git clone https://github.com/miko...

Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)

A Directory Traversal vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

CVE-20...