CVE-2026-28848

creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

org.open-metadata:openmetadata-dist (>=0.12.1 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28848 via org.open-metadata:openmetadata-service (>=0.12.1 <=1.2.3)

org.open-metadata:openmetadata-service MAVEN version =0.12.1, =0.12.1, =1.12.0, =1.10.0, =1.13.0-snapshot - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2024-28848 Source advisory: OSV:GHSA-5XV3-FM7G-865R...

VulnCheck KEV: CVE-2024-28848

The OpenMetadata CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext which allows the expression to reach and interact with Java classes such as java.lang.Runtime and leading to Remote Code Execution. The...

CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

CVE-2024-28848

CVE-2024-28848 is a SpEL injection vulnerability in OpenMetadata's GET /api/v1/policies/validation/condition/. The CompiledRule.validateExpression flow evaluates user-supplied SpEL against Java types (e.g., Runtime), enabling remote code execution. The issue is exploitable by authenticated non-ad...

CVE-2024-28848

creationtimestamp| type| source ---|---|--- 2024-03-15 06:11:38+00:00| published-proof-of-concept| https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r 2024-03-15 21:22:19+00:00| seen| https://t.me/ctinow/209163 2024-03-15 21:26:32+00:00| seen|...

CVE-2020-28848

ChurchCRM 4.2.0 contains a CSV injection vulnerability enabling remote code execution via crafted CSV files. The issue stems from improperly neutralized formula elements in CSV input, allowing an attacker to run arbitrary code on affected systems. CVSS v3.1 assesses base score 8.8 (High) with Net...

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

CVE-2023-28848

creationtimestamp| type| source ---|---|--- 2023-04-04 16:30:56+00:00| seen| https://t.me/cibsecurity/61397...

CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error

useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...

CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error

useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...

CVE-2022-28848

creationtimestamp| type| source ---|---|--- 2022-06-16 00:19:34+00:00| seen| https://t.me/cibsecurity/44562...

Adobe Bridge Multiple Vulnerabilities (APSB22-25) - Mac OS X

The host is missing an important security update according to Adobe June update. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-28848

Adobe Bridge 12.x (12.0.1 and earlier) is affected by an out-of-bounds write vulnerability (CVE-2022-28848) that could allow arbitrary code execution in the context of the current user when a victim opens a malicious file. Exploitation requires user interaction. Remediation: apply the security up...

Adobe Bridge 12.x < 12.0.2 Multiple Vulnerabilities (APSB22-25)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb22-25 advisory. - Adobe Bridge version 12.0.1 and earlier versions is affected by a Use-After-Free vulnerability that coul...

CVE-2021-28848

Mintty before 3.4.5 allows remote servers to cause a denial of service Windows GUI hang by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon...

CVE-2021-28848

Mintty

Unfixed XSS vulnerability at jokes.123india.com

Security researcher Mutant, has submitted on 14/09/2007 a cross-site-scripting XSS vulnerability affecting jokes.123india.com, which at the time of submission ranked 28848 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2007. It is...