VDB
CGA-hpw8-2779-r2pw
CGA-hpw8-2779-r2pw
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wolfi | opensearch-3-reporting | 0, 0, 0 |
| Wolfi | opensearch-3-notifications | 0, 0, 0 |
| Chainguard | wildfly-openjdk-21-compat | 0, 0, 0 |
| Chainguard | opensearch-2-analysis-icu | 0, 0, 0 |
| Wolfi | logstash-8-compat | 0, 0, 0 |
| Chainguard | opensearch-2-ingest-attachment | 0, 0, 0 |
| Chainguard | opensearch-2-repository-azure | 0, 0, 0 |
| Wolfi | opensearch-2-discovery-azure-classic | 0, 0, 0 |
| Wolfi | opensearch-3-analysis-ukrainian | 0, 0, 0 |
| Chainguard | wildfly | 0, 0, 0 |
| Chainguard | opensearch-3-neural-search | 0, 0, 0 |
| Wolfi | opensearch-2-sql | 0, 0, 0 |
| Chainguard | opensearch-3-security | 0, 0, 0 |
| Wolfi | opensearch-2-mapper-murmur3 | 0, 0, 0 |
| Chainguard | opensearch-2-mapper-size | 0, 0, 0 |
| Wolfi | kafka_exporter-strimzi-compat | 0, 0, 0 |
| Wolfi | thingsboard-tb-node | 0, 0, 0 |
| Wolfi | prometheus-jmx-exporter-strimzi-compat | 0, 0, 0 |
| Chainguard | opensearch-2-anomaly-detection | 0, 0, 0 |
| Wolfi | opensearch-2-k-nn | 0, 0, 0 |
…and 229 more
Exploit Intelligence
- CVE-2025-27817 (github-poc)
- Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。 (github-poc)
- CVE-2025-27817 (github-poc)
- 01.基于vless的科学上网.html (github-poc)
- KafkaRecordSupplier.java (github-poc)
- druid-612f0710.json (github-poc)
- async-iot.ts (github-poc)
- Nuclei Template: CVE-2025-27817 (nuclei-template)
Timeline
- Jan 29, 2026 CVE Published
- Apr 9, 2026 CVE Updated