CVE-2026-27894

creationtimestamp| type| source ---|---|--- 2026-03-18 21:00:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mheezkcu762c 2026-03-23 21:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhqygqnnnr2y...

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

Linux Distros Unpatched Vulnerability : CVE-2026-27894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3) +4 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=2.11.0 <=2.11.3)

org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...

org.apache.pulsar:pulsar-broker (=3.2.0), org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0) +3 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (=3.2.0)

org.apache.pulsar:pulsar-functions-worker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-functions-worker and may be impacted: - org.apache.pulsar:pulsar-broker =3.2.0 -...

com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +6 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=3.0.0 <=3.0.2)

org.apache.pulsar:pulsar-functions-worker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...

org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)

org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...

CVE-2024-27894

creationtimestamp| type| source ---|---|--- 2024-03-12 20:26:32+00:00| seen| https://t.me/ctinow/206103 2024-03-12 20:26:38+00:00| seen| https://t.me/ctinow/206109 2024-03-12 21:46:25+00:00| seen| https://t.me/ctinow/206191 2024-04-09 18:47:57+00:00| seen| https://t.me/arpsyndicate/4396...

CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...

CVE-2024-27894

The CVE describes a vulnerability in Apache Pulsar where the Functions Worker can create functions whose implementation is fetched from a URL (file, http, https). An authenticated attacker could read any file the worker process can access (including environment secrets) and use the worker as a pr...

SAP BusinessObjects Business Intelligence Platform Multiple Vulnerabilities (3287120)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a multiple vulnerabilities: - SSRF, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools CVE-2023-27271 - SSRF, n attack...

CVE-2023-27894

creationtimestamp| type| source ---|---|--- 2023-03-14 12:54:03+00:00| seen| https://t.me/cibsecurity/59947 2025-02-27 18:27:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5742...

CVE-2023-27894 Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...

CVE-2023-27894

CVE-2023-27894 affects SAP BusinessObjects BI Platform (Web Services) versions 420 and 430. The issue allows injecting arbitrary values into CMS parameters to perform internal-network lookups, enabling information disclosure and potential follow-on attacks (internal scanning, remote file inclusio...

CVE-2023-27894 Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...

CVE-2022-27894 The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability.

The Foundry Blobster service was found to have a cross-site scripting XSS vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0...

CVE-2022-27894

CVE-2022-27894 affects the Foundry Blobster service. A cross-site scripting (XSS) vulnerability could allow an attacker with access to Foundry to launch attacks against other users. The issue is addressed in Blobster version 3.228.0. Practical impact and exploitation details are limited in the pr...

CVE-2020-27894

creationtimestamp| type| source ---|---|--- 2020-12-08 22:31:22+00:00| seen| https://t.me/cibsecurity/17273...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...