CVE-2026-28448

OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin must be installed and enabled in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can...

CVE-2026-28448

creationtimestamp| type| source ---|---|--- 2026-02-17 21:37:55+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-33rq-m5x2-fvgf...

EUVD-2021-0772

Malware in sbrugna...

CVE-2023-28448 affecting package cloud-hypervisor 22.0-1

CVE-2023-28448 affecting package cloud-hypervisor 22.0-1. A patched version of the package is available...

CBL Mariner 2.0 Security Update: cloud-hypervisor (CVE-2023-28448)

The version of cloud-hypervisor installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28448 advisory. - Versionize is a framework for version tolerant serializion/deserialization of Rust data structures...

CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2. A patched version of the package is available...

CVE-2023-28448

creationtimestamp| type| source ---|---|--- 2023-03-24 23:42:58+00:00| seen| https://t.me/cibsecurity/60677...

CVE-2023-28448

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448

CVE-2023-28448 affects the Versionize crate used with vmm_sys_utils::FamStructWrapper. The root cause is missing bound checks in Versionize::deserialize, enabling potential out-of-bounds memory accesses. The issue starts with version 0.1.1 and was fixed in 0.1.10 by adding a check that compares l...

CVE-2022-28448

creationtimestamp| type| source ---|---|--- 2022-04-27 00:37:30+00:00| seen| https://t.me/cibsecurity/41464...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross-Site Scripting (XSS): an attacker with a customer role can inject JavaScript through the First name or Last name fields in Customer Info. The root cause is reflected input without HTML encoding. Several sources (CVE-2022-28448 listings) describe this vuln...

KLA12152 ACE vulnerability in Microsoft Developer Tools

A remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-28448 Related products Microsoft-Visual-Studio CVE list CVE-2021-28448 high KB list Solution Install necessary updat...

CVE-2021-28448

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability...

CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability

...

CVE-2021-28448

CVE-2021-28448 affects the Visual Studio Code Kubernetes Tools extension. The vulnerability enables remote code execution when a user opens crafted content, as reported by multiple sources (e.g., Kaspersky advisories, NVD/MSRC data). The primary affected component is the Kubernetes Tools extensio...

@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28448 via multi-ini (>=0.4.1 <=2.1.0)

multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28448 Source advisory: OSV:GHSA-G78F-549W-C354...

GHSA-67MQ-H2R9-RH2M Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

KLA12146 RCE vulnerability in Microsoft Developer tools

A remote code execution vulnerability was found in Microsoft Developer tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-28448 Related products Microsoft-Visual-Studio CVE list CVE-2021-28448 critical KB list Solution Install necessary...