CVE-2026-28096

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX WealthCo wealthco allows PHP Local File Inclusion.This issue affects WealthCo: from n/a through = 2.18...

EUVD-2020-28096

Malware in sbrugna...

CVE-2022-28096

Skycaiji v2.4 was discovered to contain a remote code execution RCE vulnerability via /SkycaijiApp/admin/controller/Develop.php...

CVE-2020-28096

FOSCAM FHD X1 1.14.2.4 devices allow attackers with physical UART access to login via the ipc.fos password...

CVE-2025-28096

creationtimestamp| type| source ---|---|--- 2025-03-28 22:28:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9491 2025-03-29 00:26:45+00:00| seen| https://t.me/cvedetector/21472...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2024-28096

creationtimestamp| type| source ---|---|--- 2024-03-07 05:26:57+00:00| seen| https://t.me/ctinow/202068 2024-03-07 05:27:04+00:00| seen| https://t.me/ctinow/202073...

CVE-2024-28096

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28096 Stored Cross-site Scripting in Class functionality in Schoolbox

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28096

CVE-2024-28096 affects Schoolbox: stored cross-site scripting in the Class functionality before version 23.1.3. An authenticated attacker can perform security actions in the context of affected users due to the vulnerability in the Class feature. Mitigation: update to version 23.1.3 or later (rec...

CVE-2024-28096 Stored Cross-site Scripting in Class functionality in Schoolbox

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2023-28096

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2023-28096 OpenSIPS has memory leak in cJSON lib

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2023-28096

OpenSIPS vulnerability CVE-2023-28096 involves a memory leak in the OpenSIPS 2.3 branch and older than 3.1.8 and 3.2.5 caused by parsing requests (notably via the MI - management interface). The leak was detected in parse_mi_request under fuzzing and can lead to memory exhaustion if the MI is exp...

CVE-2023-28096 OpenSIPS has memory leak in cJSON lib

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

Skycaiji Command Injection (CVE-2022-28096)

A command injection vulnerability exists in Skycaiji. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2022-28096

Skycaiji v2.4 contains a remote code execution (RCE) vulnerability reachable via the /SkycaijiApp/admin/controller/Develop.php endpoint. Multiple connected sources (NVD, Red Hat, CP advisories) confirm the RCE via this path; no patch/version fix is specified in the provided documents. PT Security...