CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...

EUVD-2024-28462

Malicious code in bioql PyPI...

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

CVE-2023-28462

creationtimestamp| type| source ---|---|--- 2023-03-31 00:21:39+00:00| seen| https://t.me/cibsecurity/61203 2025-02-18 21:11:32+00:00| seen| Telegram/pKfjSAyyTdwmZfChAnq36ApmbNun7kQI1v0mjijJffa5Rie6...

CVE-2023-28462

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 Enterprise, 5.20.0 and newer Enterprise, and 5.2020.1 and newer Community, when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed...

CVE-2023-28462

The CVE describes a JNDI rebind vulnerability in Payara Server: when running Java 1.8u181 or earlier, the default ORB listener can be exploited by performing a JNDI directory scan to load malicious code on the server. Affected products include Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newe...

@arnau/gatsby-transformer-toml (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-28462 via ion-parser (=0.5.2)

ion-parser NPM version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on ion-parser and may be impacted: - @arnau/gatsby-transformer-toml =1.0.0, =1.0.2 Source cves: CVE-2020-28462 Source advisory: OSV:GHSA-7VRV-5M2H-RJW9...

CVE-2020-28462

creationtimestamp| type| source ---|---|--- 2022-07-25 18:33:26+00:00| seen| https://t.me/cibsecurity/46922...

CVE-2020-28462 Prototype Pollution

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-28462

ion-parser is affected by prototype pollution when an application uses parse to read a crafted INI file. The issue affects all versions of ion-parser and can pollute the application’s Object.prototype, enabling further exploitation depending on context. Public writeups and security feeds (e.g., S...

CVE-2022-28462

creationtimestamp| type| source ---|---|--- 2022-05-05 16:54:52+00:00| seen| https://t.me/cibsecurity/41979...

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

CVE-2022-28462

CVE-2022-28462 affects novel-plus 3.6.0 with an Arbitrary file reading vulnerability caused by lack of restrictions on file parameters. NVD CVSSv3.1 base score 7.5 (HIGH) with network access and no privileges required; confidentiality impact HIGH. PT-Security notes no available fix as of their en...

@arnau/gatsby-transformer-toml (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-28462 via ion-parser (=0.5.2)

ion-parser NPM version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on ion-parser and may be impacted: - @arnau/gatsby-transformer-toml =1.0.0, =1.0.2 Source cves: CVE-2020-28462 Source advisory: SNYK:JS-IONPARSER-1048971...