CVE-2026-28098

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...

CVE-2026-28098

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...

CVE-2026-28098

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...

Linux Distros Unpatched Vulnerability : CVE-2023-28098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS...

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-28098, CVE-2024-29834 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-28098 DESCRIPTION: Apache Pulsar could allow a remote authenticated attacker to bypa...

com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +5 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.0.0 <=3.0.2)

org.apache.pulsar:pulsar-broker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...

org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.2) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2)

org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...

org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0), org.apache.pulsar:pulsar-broker-auth-sasl (=3.2.0) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (=3.2.0)

org.apache.pulsar:pulsar-broker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - org.apache.pulsar:pulsar-broker-auth-athenz =3.2.0 - org.apache.pulsar:pulsar-broker-auth-sasl...

CVE-2024-28098

creationtimestamp| type| source ---|---|--- 2024-03-12 20:26:33+00:00| seen| https://t.me/ctinow/206104 2024-03-12 20:26:39+00:00| seen| https://t.me/ctinow/206110 2024-03-12 21:46:24+00:00| seen| https://t.me/ctinow/206190 2024-04-09 19:53:01+00:00| seen| https://t.me/arpsyndicate/4408 2025-02-1...

CVE-2024-28098

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...

CVE-2024-28098

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...

CVE-2024-28098

CVE-2024-28098 affects Apache Pulsar; authenticated users with produce or consume permissions can modify topic-level policies (retention, TTL, offloading). Affected versions include 2.7.1–2.10.5, 2.11.0–2.11.3, 3.0.0–3.0.2, 3.1.0–3.1.2, and 3.2.0. Patched upgrades are required: 2.10.6 or newer fo...

CVE-2023-28098

CVE-2023-28098 affects OpenSIPS before versions 3.1.7 and 3.2.4. A specially crafted Authorization header triggers a bug in parse_param_name() (invoked during parse_msg) that can lead to a crash or erratic behavior, with the fault traced to q_memchr() via parse_param_name(). The issue may impact ...

CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2023-28098)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from the United States Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which can be exploited by remote authenticated attackers to conduct stored...

MariaDB Use-After-Free Vulnerability (MDEV-28098) - Linux

MariaDB is prone to a use-after-free vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

CVE-2021-28098

Forescout CounterACT