CVE-2026-28442

creationtimestamp| type| source ---|---|--- 2026-03-05 22:09:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdsrxp3e62z 2026-03-07 14:00:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghygni6bt2t 2026-03-12 14:00:14+00:00| seen|...

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

EUVD-2022-0557

Malicious code in bioql PyPI...

EUVD-2021-28442

Malicious code in bioql PyPI...

CVE-2024-28442

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component...

CVE-2024-28442

CVE-2024-28442 affects Yealink VP59 (v.91.15.0.118). A Directory Traversal in the terms of use function of the company portal component can expose sensitive information to a physically proximate attacker. Impact and specifics: exposure of information via the portal; no exploit details or fixed ve...

CVE-2023-28442 Geoserver for GeoNode sensitive information leak

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...

CVE-2023-28442

CVE-2023-28442 affects GeoNode (3 and 4) where anonymous users can retrieve sensitive configuration information from the Geoserver REST endpoint /geoserver/rest/about/status. Versions before 2.20.7 (also 2.19.6/2.18.7) are exposed due to Geoserver configuration for GeoNode leaving REST endpoints ...

Prototype Pollution in js-data

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

Prototype Pollution

js-data is vulnerable to pollution prototype. The vulnerability exists due to an incomplete fix of CVE-2020-28442. A remote attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes via the deepFillIn and the set functions resulting in prototype...

CVE-2021-23574

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

Design/Logic Flaw

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...

@blerpapp/js-data-cloud-datastore (>=1.0.0-rc.2 <=1.0.0-rc.3), @citygro/vdata (>=5.0.0 <=8.10.0) +90 more potentially affected by CVE-2020-28442 +1 more via js-data (>=0.4.2 <=4.0.0-beta.4)

js-data NPM version =0.4.2, =1.0.0-rc.2, =5.0.0, =0.3.27, =0.3.0, =1.0.2, =1.0.0, =0.1.0, =0.1.2, =2.1.30, =1.2.15-alpha, =0.2.5, =1.0.0, =1.3.1 - api-fusion =0.1.2 and more Source cves: CVE-2020-28442, CVE-2021-23574 Source advisory: SNYK:JS-JSDATA-1584361...

VulnCheck KEV: CVE-2021-28442

Windows TCP/IP Information Disclosure Vulnerability...

CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability

...

CVE-2021-28442

Technical details about CVE-2021-28442 are not provided in the supplied documents. No specifics on affected products, root cause, or fixes are present. Monitor for updates.

KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...

CVE-2020-28442

CVE-2020-28442 (js-data) : Multiple connected sources confirm Prototype Pollution in js-data via the deepFillIn function and, in some advisories, the set function. Affected are all versions prior to the fix, with an incomplete remediation described; the OSV/GHSA entries specify vulnerability acro...

CVE-2020-28442 Prototype Pollution

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...