CVE-2026-27100

creationtimestamp| type| source ---|---|--- 2026-02-20 12:04:16+00:00| seen| https://threatintel.cc/2026/02/20/critical-jenkins-vulnerability-exposes-build.html 2026-02-20 13:04:09+00:00| seen| https://infosec.exchange/users/edwardk/statuses/116103095838521772 2026-02-21 18:47:03+00:00| seen|...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926) +659 more potentially affected by CVE-2026-27100 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.541.1)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =55.v51410e712e0c, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =1.281.v331e3f5a05a9, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =1.0.6 and more Sou...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1915 more potentially affected by CVE-2026-27100 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.541.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2026-27100 Source advisory: OSV:GHSA-WFHP-QGM8-5P5C...

CVE-2026-27100

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...

Jenkins LTS < 2.541.2 / Jenkins weekly < 2.551 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.541.2 or Jenkins weekly prior to 2.551. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through...

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2025-27100

lakeFS is affected by an authenticated denial-of-service vulnerability (CVE-2025-27100) where an authenticated user can crash the server by exhausting memory. This affects 1.49.1 and earlier; a fix is available in 1.50.0. Remediation: upgrade to 1.50.0 or later. If upgrading is not possible, appl...

CVE-2025-27100 An authenticated user can crash lakeFS by exhausting server memory

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense_Plus

CVE-2023-27100 - pfSense Anti-brute force protection bypass...

CVE-2024-27100 Denial of service via Staff Actions in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...

CVE-2024-27100

CVE-2024-27100 affects Discourse. The vulnerability lies in the endpoints for suspending users, silencing users, and exporting CSV files which do not enforce limits on parameter sizes, enabling potential excessive resource consumption that could render an instance inoperable. Impact is described ...

pfsenseCE v2.6.0 - Anti-brute force protection bypass Exploit

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

pfsenseCE 2.6.0 Protection Bypass

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

pfsenseCE v2.6.0 - Anti-brute force protection bypass

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense_Plus

CVE-2023-27100 - pfSense Anti-brute force protection bypass...

CVE-2023-27100

creationtimestamp| type| source ---|---|--- 2023-03-23 01:36:10+00:00| seen| https://t.me/cibsecurity/60539 2025-02-25 21:28:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5395...

CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests...

CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests...

CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests...

CVE-2023-27100

The CVE affects Netgate pfSense Plus v22.05.1 and pfSense CE v2.6.0, where the SSHGuard anti-brute force protection can be bypassed via crafted web requests due to an improper restriction of excessive authentication attempts. Public details in connected documents confirm the affected versions and...