Lucene search
K

21 matches found

Circl
Circl
added 2026/03/05 4:1 p.m.5 views

CVE-2026-28128

creationtimestamp| type| source ---|---|--- 2026-03-05 16:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgd67n7con2s...

8.1CVSS5.9AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.5 views

CVE-2021-28128

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...

8.1CVSS6.9AI score0.0128EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/27 12:7 a.m.13 views

CVE-2025-28128

An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request...

7CVSS6.8AI score0.00355EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/25 12:0 a.m.8 views

CVE-2025-28128

An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request...

6.8AI score0.00355EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/03/18 9:30 a.m.10 views

com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +68 more potentially affected by CVE-2024-28128 via org.fitnesse:fitnesse (>=20050731 <=20211030)

org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =BETA-V1.00, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-28128 Source advisory: OSV:GHSA-MJQ8-GG9X-87GR...

6.1CVSS7.6AI score0.0057EPSS
Exploits0
Circl
Circl
added 2024/03/18 9:21 a.m.8 views

CVE-2024-28128

creationtimestamp| type| source ---|---|--- 2024-03-18 09:21:52+00:00| seen| https://t.me/ctinow/210295 2024-03-18 09:26:16+00:00| seen| https://t.me/ctinow/210301 2025-03-20 19:18:20+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8259...

6.1CVSS8.1AI score0.0057EPSS
Exploits0References3
OSV
OSV
added 2024/03/18 8:15 a.m.3 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.3AI score
Exploits0References4
NVD
NVD
added 2024/03/18 8:15 a.m.15 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.7AI score0.0057EPSS
Exploits0References4
CVE
CVE
added 2024/03/18 7:31 a.m.52 views

CVE-2024-28128

CVE-2024-28128 affects FitNesse prior to the 20220319 release. The vulnerability is a cross-site scripting (XSS) flaw that may allow a remote, unauthenticated attacker to run arbitrary scripts in the web browser of a user loading a crafted link, as described in multiple sources. The issue is asso...

6.1CVSS6.9AI score0.0057EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/18 5:8 a.m.5 views

Multiple vulnerabilities in FitNesse

Overview FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting CWE-79 - CVE-2024-23604, CVE-2024-28128 Improper restriction of XML external entity references CWE-611 -CVE-2024-28039 OS command injection CWE-78 - CVE-2024-28125 CVE-2024-23604, CVE-2024-28039,...

9.8CVSS6.9AI score0.00992EPSS
Exploits0References11
Metasploit
Metasploit
added 2023/05/16 7:53 p.m.300 views

Ivanti Avalanche FileStoreConfig File Upload

Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM. Module Options m...

7.2CVSS7AI score0.84697EPSS
Exploits3
Circl
Circl
added 2023/05/10 2:13 a.m.41 views

CVE-2023-28128

creationtimestamp| type| source ---|---|--- 2023-05-10 02:13:59+00:00| seen| https://t.me/cibsecurity/63713 2023-05-16 14:35:29+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ivantiavalanchefilestoreconfigupload.rb 2025-02-06 03:13:45+00:00|...

7.2CVSS7.1AI score0.84697EPSS
Exploits3References2
NVD
NVD
added 2023/05/09 10:15 p.m.56 views

CVE-2023-28128

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...

7.2CVSS7.1AI score0.84697EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2023/05/09 12:0 a.m.6 views

CVE-2023-28128

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...

7.1AI score0.84697EPSS
Exploits3References2
CVE
CVE
added 2023/05/09 12:0 a.m.62 views

CVE-2023-28128

Ivanti Avalanche vulnerability CVE-2023-28128 affects Avalanche versions 6.3.x and below, where unrestricted upload of dangerous file types enables remote code execution. The issue stems from inadequate validation of file upload paths (MS-DOS style short names in the config path), allowing an adm...

7.2CVSS7AI score0.84697EPSS
Exploits3References3Affected Software1
Circl
Circl
added 2022/03/31 12:18 p.m.5 views

CVE-2022-28128

creationtimestamp| type| source ---|---|--- 2022-03-31 12:18:22+00:00| seen| https://t.me/cibsecurity/39900 2022-03-31 22:26:04+00:00| seen| https://t.me/ShizoPrivacy/216...

7.8CVSS7.5AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2022/03/31 7:21 a.m.91 views

CVE-2022-28128

CVE-2022-28128 affects AttacheCase (HiBARA) up to version 3.6.1.0. The vulnerability arises from untrusted DLL search path handling, enabling a local attacker to load a Trojan horse DLL and gain privileges or execute arbitrary code. Exploitation is described as a local issue with potential for ar...

7.8CVSS8AI score0.00362EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 12:0 a.m.48 views

JVN#10140834: AttacheCase may insecurely load Dynamic Link Libraries

AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege to run the software. Solution...

7.8CVSS7.6AI score0.00362EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/10/06 5:48 p.m.8 views

@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +9 more potentially affected by CVE-2021-28128 via strapi (>=2.0.2 <=3.3.4)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2021-28128 Source advisory: OSV:GHSA-37HX-4MCQ-WC3H...

8.1CVSS7.2AI score0.0128EPSS
Exploits1
Circl
Circl
added 2021/05/07 5:47 p.m.7 views

CVE-2021-28128

creationtimestamp| type| source ---|---|--- 2021-05-07 17:47:24+00:00| published-proof-of-concept| Telegram/4zb6JUU4YAhTzD-QT0NTZ3JpYz60IsmyTMoni0cq8sY2uAU...

8.1CVSS7.9AI score0.0128EPSS
Exploits1
Rows per page
Query Builder