CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

CVE-2026-40828

creationtimestamp| type| source ---|---|--- 2026-05-27 08:11:19+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645525736344350 2026-05-27 08:12:09+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645529147227087...

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

CVE-2024-40828

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges...

CVE-2022-40828

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherenotin function. Note: Multiple third parties have disputed this as not a valid vulnerability...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Plugin Framework for Java (PF4J)

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Plugin Framework for Java PF4J. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40828 DESCRIPTION: Plugin Framework for Java PF4J coul...

CVE-2024-40828

creationtimestamp| type| source ---|---|--- 2024-07-30 02:20:53+00:00| seen| https://t.me/cvedetector/1948...

CVE-2024-40828

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges...

CVE-2024-40828

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges...

CVE-2024-40828

CVE-2024-40828 is a macOS privilege-escalation issue reported by multiple feeds. The common description across Red Hat, Nessus, OpenVAS, and NVD states that a malicious app may gain root privileges. The fixes are publicly documented for macOS Sonoma 14.6, macOS Monterey 12.7.6, and macOS Ventura ...

CVE-2024-40828

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges...

CVE-2023-40828

creationtimestamp| type| source ---|---|--- 2023-08-29 02:20:14+00:00| seen| https://t.me/cibsecurity/69336...

care.better.pf4j:pf4j-kotlin-symbol-processing (>=1.0.0-RC1 <=2.3.21-1.0.4), cn.sliew:carp-dist (>=0.0.1 <=0.0.34) +832 more potentially affected by CVE-2023-40828 via org.pf4j:pf4j (>=2.0.0 <=3.9.0)

org.pf4j:pf4j MAVEN version =2.0.0, =1.0.0-RC1, =0.0.1, =0.0.42, =0.0.63, =0.0.64, =0.0.66, =0.0.63, =0.0.49, =0.0.61, =0.0.61, =0.0.13, =0.0.1, =0.0.33, =0.0.33, =0.0.33, =0.0.34 and more Source cves: CVE-2023-40828 Source advisory: OSV:GHSA-CJ8W-V588-P8WX...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

CVE-2023-40828

PF4J (Plugin Framework for Java) v3.9.0 and earlier is affected by CVE-2023-40828 due to improper input validation in the expandIfZip function of extract, enabling a remote attacker to obtain sensitive information and execute arbitrary code. Exploitation involves crafting an archive with dot-dot ...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

CVE-2022-40828

creationtimestamp| type| source ---|---|--- 2022-10-07 14:17:20+00:00| seen| https://t.me/cibsecurity/50959...

CVE-2022-40828

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherenotin function. Note: Multiple third parties have disputed this as not a valid vulnerability...