Fedora: Security Advisory (FEDORA-2026-c2049f7220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-6ed9c65eaf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2026-28434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the...

CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

CVE-2024-28434

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code...

CVE-2022-28434

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions=edit=2...

MinIO < RELEASE.2023-03-20T20-16-18Z Multiple Vulnerabilities

The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by multiple vulnerabilities: - When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIOSECRETKEY' and 'MINIOROOTPASSWORD', resulti...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risk...

CVE-2023-28434

creationtimestamp| type| source ---|---|--- 2023-03-22 23:35:58+00:00| seen| https://t.me/cibsecurity/60516 2023-03-23 14:52:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4016 2023-03-23 15:55:52+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4018 2023-03-27...

CVE-2023-28434 vulnerabilities

Vulnerabilities for packages: minio...

CVE-2023-28434 vulnerabilities

Vulnerabilities for packages: minio...

UBUNTU-CVE-2023-28434

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

CVE-2023-28434

CVE-2023-28434 (MinIO) affects MinIO’s object storage framework. A security feature bypass allows an attacker with credentials for arn:aws:s3:::* and Console API access to bypass metadata bucket name checking during PostPolicyBucket and place objects into arbitrary buckets. This can impact confid...

CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

console-blame (>=1.0.0 <=1.1.1), grunt-lintblame (>=0.1.0 <=0.3.5) +2 more potentially affected by CVE-2020-28434 via gitblame (>=0.1.0 <=0.1.1)

gitblame NPM version =0.1.0, =1.0.0, =0.1.0, =0.2.5, =0.9.5 - tch-lint-jshint =0.0.1 Source cves: CVE-2020-28434 Source advisory: OSV:GHSA-3486-RVXC-HRRJ...

CVE-2020-28434

creationtimestamp| type| source ---|---|--- 2022-08-02 18:17:43+00:00| seen| https://t.me/cibsecurity/47404...

CVE-2020-28434

CVE-2020-28434 affects all versions of the gitblame package. The root cause is a command injection in gitblame.js where the file parameter is not properly sanitized before using exec, enabling arbitrary code execution. Public documents corroborate that the vulnerability exists across all versions...

CVE-2022-28434

creationtimestamp| type| source ---|---|--- 2022-04-22 00:27:09+00:00| seen| https://t.me/cibsecurity/41268...

CVE-2022-28434

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2...

CVE-2022-28434

CVE-2022-28434 affects Baby Care System v1.0. A SQL injection vulnerability exists in admin.php, exploitable via parameters id=siteoptions, social=edit, sid (example sid=2). Multiple sources corroborate a database-input validation flaw leading to potential unauthorized SQL execution and data expo...