YouPHPTube Encoder 2.3 - Remote Command Injection

YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. id: CVE-2019-5127 info: name: YouPHPTube Encoder 2.3 ...

CVE-2026-5127

creationtimestamp| type| source ---|---|--- 2026-05-08 10:54:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mldkwl7pcq2h 2026-05-09 20:00:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgzuosotj2l...

EUVD-2016-5127

Malware in sbrugna...

CVE-2025-5127

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2025-5127

creationtimestamp| type| source ---|---|--- 2025-05-24 15:44:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17490 2025-05-24 15:50:55+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpwir27rwqx2...

CVE-2025-5127 Teledyne FLIR AX8 prod.php cross site scripting

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2025-5127 Teledyne FLIR AX8 prod.php cross site scripting

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2025-5127

The CVE-2025-5127 entry concerns Teledyne FLIR AX8 firmware versions up to 1.46.16. The issue arises from how /prod.php processes the cmd parameter, enabling remote cross-site scripting via input manipulation. Public disclosures exist, and exploitation is possible as described in the sources. A f...

CVE-2023-5127

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...

CVE-2024-5127 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

CVE-2019-5127

creationtimestamp| type| source ---|---|--- 2024-01-29 09:41:37+00:00| seen| https://t.me/ctinow/175122 2024-05-22 06:15:17+00:00| seen| https://t.me/CyberSecurityTechnologies/2661 2024-12-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-22 2024-12-26...

CVE-2023-5127

CVE-2023-5127 affects the WP Font Awesome WordPress plugin (versions ≤ 1.7.9). The vulnerability is a stored XSS via shortcode attributes, specifically the icon attribute, allowing authenticated users with contributor+ privileges to inject scripts into pages executed when viewed. Evidence from mu...

SUSE CVE-2017-5127

Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

Debian: Security Advisory (DSA-5127-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0203)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0202)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0850-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HID Global OMNIKEY 跨站请求伪造漏洞

HID Global OMNIKEY is a hardware device from HID Global, Inc. It is used to read cards. A security vulnerability exists in the HID OMNIKEY 5427 and OMNIKEY 5127 readers, which can be exploited by a remote attacker to upload a configuration file by convincing an authenticated user to visit a...