CVE-2025-1028

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

EUVD-2026-1028

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2025-13712

creationtimestamp| type| source ---|---|--- 2025-12-01 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1028/...

Fedora: Security Advisory (FEDORA-2025-a2a56326b3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-3140334065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-49614a7cdf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-893d125ddd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-1028

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Fedora 41 : sfnt2woff-zopfli (2025-a2a56326b3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a2a56326b3 advisory. Security fix for CVE-2010-1028 and other security-relevant bugs; see https://github.com/bramstein/sfnt2woff-zopfli/pull/20/commits. Tenable has extracted the...

Fedora 41 : woff (2025-49614a7cdf)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-49614a7cdf advisory. Security fix for CVE-2010-1028 and other security-relevant bugs; see https://github.com/bramstein/sfnt2woff-zopfli/pull/20/commits. Tenable has extracted the...

CVE-2025-1028

creationtimestamp| type| source ---|---|--- 2025-02-05 03:23:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113949134865705230 2025-02-05 04:15:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhfpk5xebn2t 2025-02-05 04:48:30+00:00| seen|...

CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

CVE-2025-1028

CVE-2025-1028 concerns the WordPress Contact Manager plugin (versions ≤ 8.6.4). Root cause: missing file type validation in the contact form upload feature enables unauthenticated arbitrary file uploads. Impact: on affected sites, arbitrary files can be uploaded to the server; in certain configur...

CVE-2024-1028

creationtimestamp| type| source ---|---|--- 2024-01-30 06:21:22+00:00| seen| https://t.me/ctinow/175700 2024-02-21 14:41:55+00:00| seen| https://t.me/ctinow/189637...

CVE-2024-1028

CVE-2024-1028 affects SourceCodester Facebook News Feed Like 1.0. The vulnerability lies in the Post Handler’s Description argument, where input such as HACKED triggers cross-site scripting. Exploitation is reported to be remotely possible and the exploit has been disclosed publicly (VDB-252301)....

CVE-2023-1028

creationtimestamp| type| source ---|---|--- 2023-02-28 16:29:14+00:00| seen| https://t.me/cibsecurity/59090...

CVE-2023-1028

CVE-2023-1028: WP Meta SEO plugin for WordPress (versions

CVE-2017-1028

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

SUSE CVE-2010-1028

Integer overflow in the decompression functionality in the Web Open Fonts Format WOFF decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vdff modul...