CVE-2026-28470

creationtimestamp| type| source ---|---|--- 2026-03-06 11:01:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgf5xialel2f 2026-03-06 18:36:12+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-critical-vulnerabilities-openclaws-nextcloud-talk-plugin-patch...

CVE-2026-28470

OpenClaw is affected in versions prior to 2026.2.2. The issue is an exec approvals allowlist bypass that lets an attacker run arbitrary commands by injecting command substitution syntax (unescaped $() or backticks) inside double-quoted strings, bypassing the allowlist protection. The vulnerabilit...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28470 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28470 Source advisory: OSV:GHSA-3HCM-GGVF-RCH5...

CVE-2022-28470

marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor...

CVE-2023-28470

creationtimestamp| type| source ---|---|--- 2025-02-24 15:27:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5140...

CVE-2023-28470

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...

CVE-2023-28470

CVE-2023-28470 affects Couchbase Server 5.x–7.x prior to 7.1.4. The nsstats endpoint can be accessed without authentication, representing an authentication bypass in the statistics endpoint. Supported details from multiple sources confirm affected versions and the fix: upgrade to 7.1.4 or later t...

CVE-2022-28470

CVE-2022-28470 is linked to the PyPI package marcador, where versions 0.1 through 0.13 are reported to contain a code-execution backdoor. The connected records corroborate this across multiple sources (NVD entry, Red Hat advisory, GitHub advisory, and OSV/CVE mirrors). The documents do not disclo...

CVE-2021-28470

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

CVE-2021-28470

CVE-2021-28470 affects the Visual Studio Code GitHub Pull Requests and Issues Extension. The vulnerability is a remote code execution flaw in the extension component, with exploitation requiring user interaction and local access, as indicated by CVSS 3.1 (LOCAL, UI: REQUIRED, C/H/I/A HIGH). Affec...

@scullyio/init (>=1.0.0-beta.4 <=1.1.0), @scullyio/scully-plugin-base-href-rewrite (=0.0.1) +3 more potentially affected by CVE-2020-28470 via @scullyio/scully (>=0.0.72 <=1.0.11)

@scullyio/scully NPM version =0.0.72, =1.0.0-beta.4, =1.0.0, =0.0.1, =1.0.0-beta.4 Source cves: CVE-2020-28470 Source advisory: OSV:GHSA-R96P-V3CR-GFV8...

CVE-2020-28470

creationtimestamp| type| source ---|---|--- 2021-01-14 16:49:33+00:00| seen| https://t.me/cibsecurity/22150...

CVE-2020-28470

This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...

CVE-2020-28470

The CVE-2020-28470 entry affects @scullyio/scully (pre-1.0.9). The issue arises because the transfer state is serialized with JSON.stringify() and written into the HTML page, enabling potential Cross-Site Scripting (XSS) when untrusted data is rendered. The primary impacted component is Scully’s ...

@scullyio/init (>=1.0.0-beta.4 <=1.1.0), @scullyio/scully-plugin-google-analytics (>=1.0.0 <=1.0.0-beta.0) potentially affected by CVE-2020-28470 via @scullyio/scully (>=1.0.0-beta.0 <=1.0.11)

@scullyio/scully NPM version =1.0.0-beta.0, =1.0.0-beta.4, =1.0.0, =1.0.0-beta.0 Source cves: CVE-2020-28470 Source advisory: SNYK:JS-SCULLYIOSCULLY-1055829...

Bento4 Buffer Overflow Vulnerability (CNVD-2019-28470)

Bento4 is an open source C++ library for reading and writing MP4 files. A buffer overflow vulnerability exists in the AP4RtpAtom class of the Core/Ap4RtpAtom.cpp file in Bento4 version 1.5.1.0, which can be exploited by an attacker to cause a buffer overflow or heap overflow...