Astra Linux - уязвимость в ceph

A flaw was discovered in Red Hat Ceph Storage 4, within the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for documentation purposes, which again exposes them to...

CVE-2026-27839 wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

CVE-2026-27839

creationtimestamp| type| source ---|---|--- 2026-02-26 14:40:50+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-g8gc-6c4h-jg86 2026-02-27 05:40:18+00:00| seen| https://gist.github.com/alon710/5824d9b6db63c17fd0a504d93c2d1716...

CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

CVE-2024-27839

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...

CVE-2022-27839

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials...

CVE-2025-27839

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...

CVE-2025-27839

creationtimestamp| type| source ---|---|--- 2025-03-08 02:39:01+00:00| seen| https://t.me/cvedetector/19870 2025-03-08 04:29:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljtosihekz2k 2025-03-08 04:36:11+00:00| seen| Telegram/NGbQsQ01k7wL470QSPZUWccEJ64xVUTXAwvdTm10Bjgeert...

CVE-2025-27839

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...

CVE-2025-27839

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...

CVE-2025-27839

The CVE affects Tangem SDK for Android (before 5.18.3) in AttestationTask.kt, where offline wallet genuineness check logic can cause verification results to be disregarded on the first card scan. The issue is limited to the first scan flow and exploitation may not have been possible; upgrading to...

CVE-2025-27839

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...

CVE-2025-27839

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...

SUSE CVE-2020-27839

A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser's localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...

About the security content of iOS 17.5 and iPadOS 17.5

About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

CVE-2022-27839

creationtimestamp| type| source ---|---|--- 2022-04-12 00:31:00+00:00| seen| https://t.me/cibsecurity/40567...

CVE-2022-27839

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials...

CVE-2022-27839

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials...

CVE-2022-27839

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided connected documents. Please monitor for updates from official sources.

openSUSE 15 Security Update : ceph (openSUSE-SU-2021:1834-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1834-1 advisory. - A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from...