CVE-2026-27952

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

CVE-2026-27952 Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

CVE-2020-27952

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution...

CVE-2024-27952

creationtimestamp| type| source ---|---|--- 2024-03-13 18:22:01+00:00| seen| https://t.me/ctinow/206997 2024-03-13 18:27:48+00:00| seen| https://t.me/ctinow/207013...

CVE-2024-27952

CVE-2024-27952 is a reflected XSS in the WordPress plugin Advanced Sermons (WP Codeus) up to version 3.2, caused by improper input neutralization during web page generation. Exploitation requires user interaction; impact is limited to client-side script execution in the context of the affected si...

CVE-2024-27952 WordPress Advanced Sermons plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2...

WordPress Advanced Sermons Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.2 Fixed in 3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27952 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2bcdc917d74 Credits Le Ngoc Anh Required privilege...

CVE-2023-27952

creationtimestamp| type| source ---|---|--- 2023-05-09 00:43:01+00:00| seen| https://t.me/cibsecurity/63490...

CVE-2023-27952

CVE-2023-27952 describes a race condition that was addressed by improved locking. The issue allowed an app to bypass Gatekeeper checks and is fixed in macOS Ventura 13.3. Affected product/version is macOS Ventura prior to 13.3; the mitigation is to update to Ventura 13.3 or later. The available c...

CVE-2022-27952

creationtimestamp| type| source ---|---|--- 2022-04-12 20:17:23+00:00| seen| https://t.me/cibsecurity/40638...

CVE-2022-27952

CVE-2022-27952 corresponds to an arbitrary file upload vulnerability in PayloadCMS v0.15.0. The affected component is PayloadCMS’ file upload module, where crafted SVG files can lead to arbitrary code execution. The provided connected documents confirm the vulnerability and impact but do not supp...

CVE-2021-27952

creationtimestamp| type| source ---|---|--- 2021-08-03 18:27:56+00:00| seen| https://t.me/cibsecurity/26743...

CVE-2021-27952

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...

CVE-2021-27952

CVE-2021-27952 affects Ecobee3 Lite with firmware 4.5.81.200, where hardcoded default root credentials grant access to the password-protected bootloader environment via the serial console. Public references from NVD list a CVSS v3.1 base score of 9.8 (CRITICAL) with network access and no privileg...

CVE-2020-27952

CVE-2020-27952 is a macOS font processing flaw in the FontParser that allows an out-of-bounds write, addressed by improved input validation. Affected updates include macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, and macOS Big Sur 11.0.1. The issue may ena...

macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007 Mojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by multiple vulnerabilities, including the following: - Processi...