openSUSE Security Advisory (SUSE-SU-2026:1203-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:1203-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:20917-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-28494

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-siz...

Linux Distros Unpatched Vulnerability : CVE-2026-28494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow...

CVE-2026-28494 ImageMagick affected by stack corruption through long morphology kernel names or arrays

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-siz...

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2021-28494

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases...

CVE-2023-28494

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31...

CVE-2023-28494

CVE-2023-28494 affects WordPress plugin Contact Form Email (

CVE-2022-28494

The CVE-2022-28494 entry relates to TOTOLink outdoor CPE CP900 (version 6.3c.566_B20171026). A command injection flaw exists in the setUpgradeFW function reachable via the filename parameter, allowing an attacker to execute arbitrary commands through a crafted request. The NVD metrics indicate a ...

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

WordPress Contact Form Email Plugin <= 1.3.31 is vulnerable to Other Vulnerability Type

Software Contact Form Email Type Plugin Vulnerable versions = 1.3.31 Fixed in 1.3.32 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-28494 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1b66482cfee4 Credits István Márton Require...

CVE-2021-28494

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases...

CVE-2021-28494

CVE-2021-28494 affects Arista’s MOS (Metamako Operating System) on 7130-series switches. The issue is an authentication bypass by unprivileged users accessing the Web UI, reported for MOS-0.34.0 and prior releases. Affected software versions should upgrade to MOS-0.35.0 to remediate. The Red Hat ...

Security Advisory 0068

Security Advisory 0068 . CSAF PDF Date: August 20th, 2021 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | August 20th, 2021 | Initial Release The CVE-ID tracking this issue: CVE-2021-28494 CVSSv3.1 Base Score: 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Description This advisory...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +10 more potentially affected by CVE-2020-28494 via total.js (>=1.2.3 <=3.4.13)

total.js NPM version =1.2.3, =1.1.0, =0.1.5, =0.1.0, =4.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28494 Source advisory: OSV:GHSA-4449-HG37-77V8...

CVE-2020-28494

creationtimestamp| type| source ---|---|--- 2021-02-02 15:25:03+00:00| seen| https://t.me/cibsecurity/22937...

CVE-2020-28494

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using childprocess.spawn. The issue occurs because childprocess.spawn is called with the option shell set to true an...

CVE-2020-28494

Summary: CVE-2020-28494 affects the total.js package (before 3.4.7). The vulnerability occurs in the image.pipe and image.stream functions where the type parameter is used to build a command that is executed via child_process.spawn with the option shell: true, and the type value is not properly s...