CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

PT-2026-27771

Name of the Vulnerable Software and Affected Versions Stackfield Desktop App affected versions not specified Description The Stackfield Desktop App is susceptible to Remote Code Execution RCE due to a path traversal and arbitrary file write condition. This allows an attacker to potentially execut...

CVE-2026-28373

creationtimestamp| type| source ---|---|--- 2026-03-24 14:47:52+00:00| seen| https://bsky.app/profile/rcesecurity.com/post/3mhssy6a3tc2r 2026-03-25 09:43:10+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mhusgbpy6b2e 2026-03-25 15:09:32+00:00| seen|...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2023-28373

creationtimestamp| type| source ---|---|--- 2023-10-03 07:40:59+00:00| seen| https://t.me/cibsecurity/71457...

CVE-2023-28373

CVE-2023-28373 describes a flaw in FlashArray Purity where an array administrator configuring an external key manager can affect data availability, including SafeMode-protected snapshots. The connected documents confirm the impact on availability but do not specify exploit details or a confirmed ...

CVE-2023-28373 FlashArray SafeMode Immutable Vulnerability

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode...

CVE-2022-28373

The CVE-2022-28373 entry concerns Verizon 5G Home LVSKIHP InDoorUnit (IDU) version 3.4.66.162. The vulnerability exists in the crtcreadpartition function of the crtcrpc JSON listener located at /usr/lib/lua/luci/crtc.lua, where user-controlled parameters are not properly sanitized. A remote attac...

CVE-2021-28373

The vulnerability CVE-2021-28373 affects Tiny Tiny RSS (tt-rss) via the auth_internal plugin. The root issue allows an attacker to log in using an OTP code without a valid password, as reported for TT-RSS prior to 2021-03-12. The condition occurred on the git master branch for a short period; pro...

CVE-2020-28373

creationtimestamp| type| source ---|---|--- 2020-11-10 00:55:47+00:00| seen| https://t.me/cibsecurity/16057...

CVE-2020-28373

upnpd on certain NETGEAR devices allows remote LAN attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.10210.0.75, R6400 V1.0.1.621.0.41, R7000P V1.3.2.12610.1.66, XR300 V1.0.3.5010.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST...

CVE-2020-28373

CVE-2020-28373 concerns NETGEAR devices where the upnpd service is vulnerable to a stack-based buffer overflow, enabling remote code execution from the LAN. Affected models include R6400v2 (v1.0.4.102_10.0.75) and R6400 (v1.0.1.62_1.0.41), R7000P (v1.3.2.126_10.1.66), XR300 (v1.0.3.50_10.3.36), R...