CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

MAL-2025-28865 Malicious code in parallelc (npm)

The package parallelc was found to contain malicious code...

CVE-2020-28865

An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save...

CVE-2025-28865

creationtimestamp| type| source ---|---|--- 2025-03-26 16:25:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8881...

CVE-2025-28865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through = 2.0.1...

CVE-2025-28865

CVE-2025-28865 affects WP Colorful Tag Cloud (WordPress plugin) up to version 2.0.1, with a Reflected XSS due to improper input neutralization during web page generation. CVSSv3.1 base score 7.1 (HIGH). The connected documents confirm the XSS vector but do not provide a confirmed fix version or p...

CVE-2025-28865 WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through = 2.0.1...

CVE-2025-28865 WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through = 2.0.1...

CVE-2023-28865

creationtimestamp| type| source ---|---|--- 2024-08-08 20:35:14+00:00| seen| https://t.me/cvedetector/2814...

CVE-2024-28865

creationtimestamp| type| source ---|---|--- 2024-03-18 23:26:34+00:00| seen| https://t.me/ctinow/211035 2024-03-18 23:26:47+00:00| seen| https://t.me/ctinow/211043...

CVE-2024-28865 django-wiki denial of service via regular expression

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...

CVE-2024-28865

django-wiki prior to 0.10.1 is affected by a Regular Expression Denial of Service (ReDoS) caused by crafted article content that can drive a pathological regex loop and exhaust server CPU. Root cause: vulnerable article-processing logic enabling CPU-intensive regex processing. Impact: potential d...

CVE-2024-28865 django-wiki denial of service via regular expression

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...

CVE-2022-28865

creationtimestamp| type| source ---|---|--- 2023-07-24 18:26:07+00:00| seen| https://t.me/cibsecurity/67150...

CVE-2022-28865

CVE-2022-28865 affects Nokia NetAct 22 via the Site Configuration Tool. A malicious user can rename an uploaded file with a JavaScript payload, which is stored and later executed by a victim’s browser. The common delivery method is placing the payload in a URL parameter exposed to victims, using ...

CVE-2020-28865

creationtimestamp| type| source ---|---|--- 2022-06-17 00:23:56+00:00| seen| https://t.me/cibsecurity/44692...

CVE-2020-28865

CVE-2020-28865 affects PowerJob up to version 3.2.2. A vulnerability in the /appinfo/save handler allows an attacker to change arbitrary user passwords via the id parameter, enabling password modification without authorization. The available connected documents confirm the affected software/compo...