13 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2...
CVE-2026-40527
creationtimestamp| type| source ---|---|--- 2026-04-17 21:18:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjptyfkbwr26 2026-04-17 22:42:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpypmpub22q 2026-04-17 23:20:15+00:00| published-proof-of-concept|...
UBUNTU-CVE-2026-40527
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...
CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...
MAL-2025-40527 Malicious code in yingyu-kouyu-erlingeryilingwu (npm)
The package yingyu-kouyu-erlingeryilingwu was found to contain malicious code...
CVE-2021-40527
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application...
CVE-2022-40527
CVE-2022-40527 is described as a Transient Denial of Service caused by a reachable assertion in WLAN when processing PEER ID populated by TQM. Multiple sources (NVD entry and various security catalogs) list a NETWORK attack vector with no required user interaction, and a high availability impact ...
CVE-2022-40527 Reachable Assertion in WLAN Embedded SW
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM...
CVE-2022-40527 Reachable Assertion in WLAN Embedded SW
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM...
CVE-2021-40527
creationtimestamp| type| source ---|---|--- 2021-10-25 14:13:28+00:00| seen| https://t.me/cibsecurity/31109...
CVE-2021-40527
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application...
CVE-2021-40527
CVE-2021-40527 affects the Android AWS SDK (and related app code) in versions up to 1.7.22, including the com.onepeloton.erlich mobile app. The underlying issue is storage of credentials in plaintext within the mobile application, allowing a remote attacker to read AWS S3 developer files stored i...
MS10-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2027452) (Mac OS X)
The remote Mac OS X host is running a version of Microsoft Excel that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel file, these issues could be leveraged to execute arbitrary code subject to the user's privilege...