CVE-2026-24828

creationtimestamp| type| source ---|---|--- 2026-01-27 10:27:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdfkdbosyw2m...

USN-7603-1: Composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

Ubuntu: Security Advisory (USN-7603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24828

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

CVE-2025-24828

creationtimestamp| type| source ---|---|--- 2025-01-31 13:15:52+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lh23fsinoh2w 2025-01-31 15:22:28+00:00| seen| https://t.me/cvedetector/16934 2025-02-01 17:28:08+00:00| seen|...

CVE-2025-24828

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 39378...

CVE-2025-24828

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 39378...

CVE-2025-24828

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 39378...

CVE-2025-24828

CVE-2025-24828: Local privilege escalation due to DLL hijacking in Acronis Cyber Protect Cloud Agent (Windows) prior to build 39378. Affects the agent binary/component; root cause is DLL hijacking. Impact is high on confidentiality and integrity with local attack vector and no user interaction re...

CVE-2024-24828

An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...

CVE-2024-24828

creationtimestamp| type| source ---|---|--- 2024-02-10 00:21:30+00:00| seen| https://t.me/ctinow/182360 2024-02-11 13:28:55+00:00| seen| https://t.me/arpsyndicate/3387 2024-02-15 06:26:32+00:00| seen| https://t.me/ctinow/185253 2024-03-03 09:16:26+00:00| seen| https://t.me/ctinow/198612...

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828

CVE-2024-24828 describes a local privilege escalation in the Node.js tool pkg. The vulnerability arises because native-code packages built by pkg are written to a hardcoded, shared directory (/tmp/pkg/) on UNIX-like systems with non-unique, predictable names. An attacker with access to the same l...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

007putra-my-bot (=1.1.1), 8mb (>=1.0.1 <=1.1.4) +753 more potentially affected by CVE-2024-24828 via pkg (>=0.0.1-1 <=5.8.1)

pkg NPM version =0.0.1-1, =1.0.1, =0.2.0, =1.0.0, =1.0.0, =2.5.16, =2.7.7, =2.7.7, =1.0.1, =3.32.1, =1.0.20-beta, =10.38.1--canary.2299.2e83683.0, =0.8.0-rc.1, =0.2.0, =1.0.0, =1.0.2 and more Source cves: CVE-2024-24828 Source advisory: OSV:GHSA-22R3-9W55-CJ54...

CVE-2023-24828

creationtimestamp| type| source ---|---|--- 2023-02-08 02:23:37+00:00| seen| https://t.me/cibsecurity/57735...

CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

CVE-2023-24828

CVE-2023-24828 affects Onedev (self-hosted Git Server with CI/CD and Kanban). The vulnerability arises from using a cryptographically weak PRNG to generate access tokens and password reset keys in versions prior to 7.9.12, which could allow normal users (or all users if self-registration is enabl...