Exploit for External Control of File Name or Path in Zimaspace Zimaos

zimaos-cve-2026-28286...

CVE-2026-28286

creationtimestamp| type| source ---|---|--- 2026-03-02 17:19:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3r7vqrqq26 2026-03-02 17:54:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg3t4yydrw2o 2026-03-05 16:00:15+00:00| seen|...

CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

MiracleLinux 7 : firefox-91.8.0-1.0.1.el7.AXS7 (AXSA:2022-3144:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3144:08 advisory. Mozilla: Use-after-free in NSSToken objects CVE-2022-1097 Mozilla: Out of bounds write due to unexpected WebAuthN Extensions CVE-2022-28281 Mozilla:...

MiracleLinux 8 : firefox-91.8.0-1.el8.ML.1 (AXSA:2022-3145:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3145:09 advisory. Mozilla: Use-after-free in NSSToken objects CVE-2022-1097 Mozilla: Out of bounds write due to unexpected WebAuthN Extensions CVE-2022-28281 Mozilla:...

CVE-2024-28286

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServerhandleFileCloseRequest.c function of src/mms/isomms/server/mmsfileservice.c. The vulnerability manifests as SEGV and causes the application to crash...

CVE-2024-28286

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServerhandleFileCloseRequest.c function of src/mms/isomms/server/mmsfileservice.c. The vulnerability manifests as SEGV and causes the application to crash...

CVE-2024-28286

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServerhandleFileCloseRequest.c function of src/mms/isomms/server/mmsfileservice.c. The vulnerability manifests as SEGV and causes the application to crash...

CVE-2024-28286

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServerhandleFileCloseRequest.c function of src/mms/isomms/server/mmsfileservice.c. The vulnerability manifests as SEGV and causes the application to crash...

CVE-2024-28286

Summary: CVE-2024-28286 affects mz-automation’s libiec61850 v1.4.0. A NULL pointer dereference is triggered in mmsServer_handleFileCloseRequest.c (src/mms/iso_mms/server/mms_file_service.c), leading to a SEGV and application crash. Multiple sources (NVD, Red Hat, OSV, CVE listings, CNNVD, CVE enr...

CVE-2024-28286

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServerhandleFileCloseRequest.c function of src/mms/isomms/server/mmsfileservice.c. The vulnerability manifests as SEGV and causes the application to crash...

Rocky Linux 8 : thunderbird (RLSA-2022:1301)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1301 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free an...

Rocky Linux 8 : firefox (RLSA-2022:1287)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1287 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free an...

CVE-2023-28286

creationtimestamp| type| source ---|---|--- 2023-04-27 22:26:51+00:00| seen| https://t.me/cibsecurity/63007...

CVE-2023-28286 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

CVE-2022-28286

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

CVE-2022-28286

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

CVE-2022-28286

The CVE-2022-28286 issue is a layout-related vulnerability where iframe contents could render outside their border, potentially enabling spoofing or user confusion. Affected products and versions identified in connected documents include Thunderbird < 91.8, Firefox < 99, and Firefox ESR

Mozilla Firefox ESR Security Advisory (MFSA2022-14) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox Security Advisory (MFSA2022-13) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2022-13. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...