CVE-2026-27991

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Avventure avventure allows PHP Local File Inclusion.This issue affects Avventure: from n/a through = 1.1.12...

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2024-27991

creationtimestamp| type| source ---|---|--- 2024-04-13 00:57:10+00:00| seen| https://t.me/arpsyndicate/4616...

CVE-2024-27991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3...

CVE-2024-27991 WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3...

WordPress SupportCandy Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software SupportCandy Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27991 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64d8fa37173c Credits Mochamad Sofyan Required privilege...

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now

Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security...

Vulnerabilities fixed in Zyxel Firewalls and Access Points

Zyxel has fixed vulnerabilities in the firmware of several USG, APT, VPN and ZyWall systems. A malicious party can exploit the vulnerabilities exploit them for attacks that can result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...

CVE-2023-27991

creationtimestamp| type| source ---|---|--- 2023-04-24 22:19:53+00:00| seen| https://t.me/cibsecurity/62757...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-27991

Zyxel vulnerability CVE-2023-27991 is a post-authentication command injection in the CLI of Zyxel firewall devices (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, ZyWALL/USG) that could let an authenticated attacker execute OS commands remotely. Affected firmware ranges include ATP 4.32–5.35, ...

CVE-2022-27991

creationtimestamp| type| source ---|---|--- 2022-04-08 12:38:18+00:00| seen| https://t.me/cibsecurity/40361...

CVE-2022-27991

CVE-2022-27991 affects the Online Banking System in PHP v1. The connected documents confirm multiple SQL injection vulnerabilities in the /staff_login.php endpoint, exploitable through the Staff ID and Staff Password parameters. The root cause is improper handling/validation of input used in SQL ...

CVE-2020-27991

creationtimestamp| type| source ---|---|--- 2020-11-16 20:38:01+00:00| seen| https://t.me/cibsecurity/16385...

CVE-2020-27991

Nagios XI before 5.7.5 is vulnerable to a cross-site scripting (XSS) issue in the Account Information email field. The CNVD entry confirms a Nagios XI XSS vulnerability prior to version 5.7.5; no extra technical details (root cause, affected components, exploit specifics) are provided in the conn...