CVE-2026-27938

creationtimestamp| type| source ---|---|--- 2026-02-26 05:39:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqiab7qyg2h...

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

CVE-2025-27938 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "rooms"...

CVE-2025-27938 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "rooms"...

CVE-2025-27938

Growatt Cloud Applications (Growatt Cloud portal) suffers an unauthenticated authorization bypass that allows access to restricted user “rooms” information. Public docs indicate this affects versions up to 3.6.0 (and prior) and that no patch version is specified; exploitation status not publicly ...

CVE-2025-27938

creationtimestamp| type| source ---|---|--- 2025-04-15 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04...

Linux Distros Unpatched Vulnerability : CVE-2022-27938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw. CVE-2022-27938 Note that...

CVE-2024-27938

creationtimestamp| type| source ---|---|--- 2024-03-11 23:27:08+00:00| seen| https://t.me/ctinow/205136 2024-03-11 23:27:19+00:00| seen| https://t.me/ctinow/205144...

CVE-2024-27938

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

CVE-2024-27938 SMTP Smuggling in Postal

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

CVE-2024-27938 SMTP Smuggling in Postal

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

CVE-2024-27938

CVE-2024-27938 concerns Postal, an open source SMTP server. The vulnerability affects Postal versions older than 3.0.0 and enables SMTP Smuggling, potentially allowing an incoming email to be spoofed as if sent from a server the recipient user authorized. The impact is limited to inbound mail flo...

CVE-2023-27938

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution...

CVE-2023-27938

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution...

CVE-2023-27938

CVE-2023-27938 affects Apple GarageBand for macOS, where an out-of-bounds read occurs while parsing a malicious MIDI file. The underlying issue stems from improper input handling in the MIDI parsing code, resolved by input validation improvements and a patch in GarageBand for macOS 10.4.8. Impact...

About the security content of GarageBand for macOS 10.4.8

About the security content of GarageBand for macOS 10.4.8 This document describes the security content of GarageBand for macOS 10.4.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

CVE-2022-27938

CVE-2022-27938 affects stb_image.h version 2.19 (used by libsixel and other products). The issue is a reachable assertion in stbi__create_png_image_raw. Documented impact indicates a local impact with a high availability impact per CVSS 3.1 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) a...

CVE-2020-27938

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to...