CVE-2026-28890

creationtimestamp| type| source ---|---|--- 2026-03-25 02:09:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhtz3ielhy23 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260325...

CVE-2025-28890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through = 3.1.3...

CVE-2025-28890 WordPress Lightview Plus plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through = 3.1.3...

CVE-2025-28890 WordPress Lightview Plus plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through = 3.1.3...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core

Summary BM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665).

Summary IBM Integration Bus is vulnerable to a remote attack due to Apache Jena CVE-2021-39239, CVE-2022-28890, CVE-2023-22665. Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of...

net.sansa-stack:sansa-examples-spark_2.12 (=0.8.0-RC3), net.sansa-stack:sansa-inference-spark_2.12 (=0.8.0-RC3) +4 more potentially affected by CVE-2022-28890 via org.apache.jena:jena (=4.4.0)

org.apache.jena:jena MAVEN version =4.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.jena:jena and may be impacted: - net.sansa-stack:sansa-examples-spark2.12 =0.8.0-RC3 - net.sansa-stack:sansa-inference-spark2.12 =0.8.0-RC3 -...

CVE-2022-28890

creationtimestamp| type| source ---|---|--- 2022-05-05 12:36:11+00:00| seen| https://t.me/cibsecurity/41966...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

UBUNTU-CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

CVE-2022-28890

CVE-2022-28890 : Apache Jena’s RDF/XML parser is vulnerable to an XXE-like issue where an attacker can cause an external DTD to be retrieved. The vulnerability affects Apache Jena versions 4.4.0 and earlier; parity notes indicate that Apache Jena 4.2.x and 4.3.x do not allow external entities, im...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

J2eeFAST SQL Injection (CVE-2021-28890)

An SQL injection vulnerability exists in J2eeFAST. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2021-28890

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...

CVE-2021-28890

Summary: CVE-2021-28890 affects J2eeFAST 2.2.1 and enables remote SQL injection due to improper handling of user-supplied inputs where ${} is used to join statements. Vulnerable component: fast/sys/user/list (compId), fast/sys/role/list (deptId), fast/sys/role/authUser/list (roleId). Root cause: ...