Lucene search
K

29 matches found

NVD
NVD
added 2026/03/05 10:16 p.m.8 views

CVE-2026-28448

OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin must be installed and enabled in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can...

9.4CVSS0.00444EPSS
Exploits1References3
Circl
Circl
added 2026/02/17 9:37 p.m.4 views

CVE-2026-28448

creationtimestamp| type| source ---|---|--- 2026-02-17 21:37:55+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-33rq-m5x2-fvgf...

9.4CVSS5.8AI score0.00444EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0772

Malware in sbrugna...

8.1CVSS8.5AI score0.01517EPSS
Exploits1References4
CBLMariner
CBLMariner
added 2023/04/20 7:14 p.m.13 views

CVE-2023-28448 affecting package cloud-hypervisor 22.0-1

CVE-2023-28448 affecting package cloud-hypervisor 22.0-1. A patched version of the package is available...

7.5CVSS7.5AI score0.00556EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.14 views

CBL Mariner 2.0 Security Update: cloud-hypervisor (CVE-2023-28448)

The version of cloud-hypervisor installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28448 advisory. - Versionize is a framework for version tolerant serializion/deserialization of Rust data structures...

7.5CVSS7.5AI score0.00556EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2023/04/16 2:55 a.m.14 views

CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2. A patched version of the package is available...

7.5CVSS7.6AI score0.00556EPSS
Exploits0
Circl
Circl
added 2023/03/24 11:42 p.m.9 views

CVE-2023-28448

creationtimestamp| type| source ---|---|--- 2023-03-24 23:42:58+00:00| seen| https://t.me/cibsecurity/60677...

7.5CVSS7.3AI score0.00556EPSS
Exploits0References1
NVD
NVD
added 2023/03/24 8:15 p.m.21 views

CVE-2023-28448

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

7.5CVSS6.2AI score0.00556EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/24 7:34 p.m.8 views

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

5.7CVSS7.6AI score0.00556EPSS
Exploits0References3
CVE
CVE
added 2023/03/24 7:34 p.m.52 views

CVE-2023-28448

CVE-2023-28448 affects the Versionize crate used with vmm_sys_utils::FamStructWrapper. The root cause is missing bound checks in Versionize::deserialize, enabling potential out-of-bounds memory accesses. The issue starts with version 0.1.1 and was fixed in 0.1.10 by adding a check that compares l...

7.5CVSS6.3AI score0.00556EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2022/04/27 12:37 a.m.7 views

CVE-2022-28448

creationtimestamp| type| source ---|---|--- 2022-04-27 00:37:30+00:00| seen| https://t.me/cibsecurity/41464...

5.4CVSS5.5AI score0.00466EPSS
Exploits1References1
CVE
CVE
added 2022/04/26 7:58 p.m.77 views

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross-Site Scripting (XSS): an attacker with a customer role can inject JavaScript through the First name or Last name fields in Customer Info. The root cause is reflected input without HTML encoding. Several sources (CVE-2022-28448 listings) describe this vuln...

5.4CVSS5.4AI score0.00466EPSS
Exploits1References1Affected Software1
Kaspersky
Kaspersky
added 2021/04/15 12:0 a.m.18 views

KLA12152 ACE vulnerability in Microsoft Developer Tools

A remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-28448 Related products Microsoft-Visual-Studio CVE list CVE-2021-28448 high KB list Solution Install necessary updat...

7.8CVSS8.2AI score0.0228EPSS
Exploits0References3
NVD
NVD
added 2021/04/13 8:15 p.m.16 views

CVE-2021-28448

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability...

7.8CVSS0.0228EPSS
Exploits0References1
CVE
CVE
added 2021/04/13 7:33 p.m.83 views

CVE-2021-28448

CVE-2021-28448 affects the Visual Studio Code Kubernetes Tools extension. The vulnerability enables remote code execution when a user opens crafted content, as reported by multiple sources (e.g., Kaspersky advisories, NVD/MSRC data). The primary affected component is the Kubernetes Tools extensio...

7.8CVSS7.8AI score0.0228EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/13 7:33 p.m.31 views

CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability

...

7.8CVSS7.8AI score0.0228EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/04/13 3:23 p.m.7 views

@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28448 via multi-ini (>=0.4.1 <=2.1.0)

multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28448 Source advisory: OSV:GHSA-G78F-549W-C354...

9.8CVSS7.2AI score0.01425EPSS
Exploits1
OSV
OSV
added 2021/04/13 3:23 p.m.18 views

GHSA-67MQ-H2R9-RH2M Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

5.6CVSS8.7AI score0.01517EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/04/13 3:23 p.m.92 views

Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

8.1CVSS8.7AI score0.01517EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/13 12:0 a.m.23 views

Security Update for Microsoft Visual Studio Code Kubernetes Tools Extension (April 2021)

The Microsoft Visual Studio Code Kubernetes Tools Extension is prior to version 1.3.0. It is, therefore, affected by a remote code execution vulnerability. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the syste...

7.8CVSS8.5AI score0.0228EPSS
Exploits0References4
Rows per page
Query Builder