14 matches found
CVE-2026-26056
CVE-2026-26056 affects Yoke ATC in 0.19.0 and earlier. A vulnerability in the ATC controller allows users with create/update permissions to inject a malicious URL via the overrides.yoke.cd/flight annotation, causing the ATC controller to download and execute an arbitrary WASM module without prope...
CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
CVE-2026-26056
creationtimestamp| type| source ---|---|--- 2026-02-12 01:17:24+00:00| published-proof-of-concept| https://github.com/yokecd/yoke/security/advisories/GHSA-wj8p-jj64-h7ff 2026-02-13 07:02:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mepwrhufac23 2026-02-13 12:40:08+00:0...
CVE-2025-26056
creationtimestamp| type| source ---|---|--- 2025-04-01 22:15:44+00:00| seen| https://t.me/cvedetector/21802 2025-04-14 17:54:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11660...
CVE-2025-26056
CVE-2025-26056 affects Infinxt iEdge 100 (version 2.1.32) with a command injection in the Troubleshoot module’s MTR functionality due to improper validation of the mtrIp input. This allows an attacker to execute arbitrary OS commands with the web application’s privileges. If exploited, this could...
CVE-2024-26056
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26056
Adobe Experience Manager (AEM)
XWiki 3.0-milestone-1 < 13.10.10, 14.x < 14.4.5, 14.5.x < 14.8 Incorrect Authorization Vulnerability (GHSA-859x-p6jp-rc2w)
Xwiki is prone to an incorrect authorization vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2023-26056
creationtimestamp| type| source ---|---|--- 2023-03-02 22:34:47+00:00| seen| https://t.me/cibsecurity/59342...
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...
CVE-2023-26056
CVE-2023-26056 affects XWiki Platform. Starting with 3.0-milestone-1, a script can be executed with the privileges of another user if the target user lacks programming rights. The issue is mitigated by patches in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. Connected advisories (GHSA-859X-P6JP-RC2W, os...
CVE-2021-26056
...
CVE-2022-26056
...