CVE-2025-28862

creationtimestamp| type| source ---|---|--- 2026-04-01 21:29:00+00:00| seen| Telegram/6y4OW2G1A8XZhZLMGjxYxeNXlyTAQDqUEjYEIveMn1hLA...

CVE-2026-28862

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260325 2026-03-26 03:00:12+00:00| seen| https://support.apple.com/en-us/126795 2026-03-26 03:00:13+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2023-28862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password che...

CVE-2025-28862

Cross-Site Request Forgery CSRF vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through = 1.0...

CVE-2025-28862

Cross-Site Request Forgery CSRF vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through = 1.0...

CVE-2025-28862 WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through = 1.0...

CVE-2025-28862 WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through = 1.0...

CVE-2024-28862

creationtimestamp| type| source ---|---|--- 2024-03-16 01:21:39+00:00| seen| https://t.me/ctinow/209267 2024-03-16 01:26:27+00:00| seen| https://t.me/ctinow/209268...

CVE-2024-28862 ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

CVE-2024-28862

The CVE-2024-28862 entry concerns the Ruby One Time Password library (ROTP). Affected versions had overly permissive default file permissions (0666) on Ruby .rb files, enabling potential local access/impact due to insecure permissions. The advisory advises upgrading to version 6.3.0; if patching ...

CVE-2024-28862 ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

[SECURITY] [DLA 3496-1] lemonldap-ng security update

Debian LTS Advisory DLA-3496-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 14, 2023 https://wiki.debian.org/LTS Package : lemonldap-ng Version : 2.0.2+ds-7+deb10u9 CVE ID : CVE-2023-28862 Issues were discovered in Lemonldap::NG, an OpenID-Connect, CAS and...

Debian dla-3496 : lemonldap-ng - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3496 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3496-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-28862

creationtimestamp| type| source ---|---|--- 2023-03-31 20:22:27+00:00| seen| https://t.me/cibsecurity/61258...

CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

CVE-2023-28862

LemonLDAP::NG prior to 2.16.1 contains a vulnerability where weak session ID generation in the AuthBasic handler and flawed password-check failure handling can allow bypassing two-factor authentication. Additionally, plugins that deny session creation after the store step do not deny an AuthBasic...

CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

CVE-2022-28862

creationtimestamp| type| source ---|---|--- 2022-05-25 16:38:22+00:00| seen| https://t.me/cibsecurity/43333...

CVE-2022-28862

Affected product : Archibus Web Central. Vulnerability : SQL Injection in dwr/call/plaincall/workflow.runWorkflowRule.dwr prior to 26.2, allowing arbitrary SQL to modify query syntax and perform unauthorized operations against the remote database. Root cause : lack of validation of externally ent...

CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...