CVE-2026-27899

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

CVE-2026-27899

creationtimestamp| type| source ---|---|--- 2026-02-26 04:53:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfqfn3nav62k 2026-02-26 06:22:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqkmizhno2s 2026-02-27 04:40:18+00:00| seen|...

CVE-2026-27899

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2024-27899

creationtimestamp| type| source ---|---|--- 2025-08-27 16:20:07+00:00| seen| Telegram/EdcxuK1x8NhcELwuzGy6t5A2eNDzToCFz14xFTi4N7fArwY...

CVE-2020-27899

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges...

CVE-2024-27899

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...

CVE-2024-27899

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...

CVE-2024-27899

CVE-2024-27899 affects SAP NetWeaver AS Java, specifically the User Admin Application’s Self-Registration and profile modification function, which does not enforce proper security for the content of newly defined security answers. Root cause is a misconfiguration/weak security controls in user ma...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

CVE-2023-27899

A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in...

CVE-2023-27899

creationtimestamp| type| source ---|---|--- 2023-03-11 00:27:27+00:00| seen| https://t.me/cibsecurity/59850 2025-02-28 19:27:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5965 2025-03-02 11:45:39+00:00| seen| Telegram/KGT8gUaSIIoiIPNE4U8Ou3mFk7N1ekXTEXf7ZAnV76e0hK9g...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-27899 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.37)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-27899 Source advisory: OSV:GHSA-HF9H-VV4M-2F33...

CVE-2023-27899 vulnerabilities

Vulnerabilities for packages: jenkins...

Jenkins < 2.375.4 (LTS), < 2.394 Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2023-27899

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read an...

CVE-2023-27899

CVE-2023-27899 affects Jenkins and Jenkins LTS prior to fixed builds. The flaw arises when uploading a plugin (or file parameter) where a temporary file is created in the system temporary directory with default permissions, potentially allowing an attacker with access to the Jenkins controller fi...

CVE-2021-27899

The Proofpoint Insider Threat Management Agents formerly ObserveIT Agent for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are...

CVE-2021-27899

The Proofpoint Insider Threat Management Agents formerly ObserveIT Agent for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are...

CVE-2021-27899

CVE-2021-27899 affects Proofpoint Insider Threat Management Agents for macOS and Linux, where improper validation of the ITM Server certificate enables a remote attacker to perform a man‑in‑the‑middle attack and intercept/alter communications. All versions prior to 7.11.1 are affected; agents for...