14 matches found
CVE-2026-28789
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...
CVE-2026-28789
creationtimestamp| type| source ---|---|--- 2026-03-01 23:59:25+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9 2026-03-07 16:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgi74zq7d325...
CVE-2023-28789
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...
CVE-2022-28789
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...
CVE-2021-28789
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace...
CVE-2023-28789
creationtimestamp| type| source ---|---|--- 2023-04-07 18:28:52+00:00| seen| https://t.me/cibsecurity/61684...
CVE-2023-28789
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...
CVE-2023-28789
CVE-2023-28789 affects the WordPress plugin Contact Forms by Cimatti (
CVE-2023-28789 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...
WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28789 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 1fd073a7aa0a Credits thien...
CVE-2022-28789
creationtimestamp| type| source ---|---|--- 2022-05-04 00:38:59+00:00| seen| https://t.me/cibsecurity/41867...
CVE-2022-28789
Voice Note (Samsung) vulnerabilities exist in versions before 21.3.51.11 due to unprotected activities that let an attacker record audio without user interaction. Root cause is missing permission restrictions for vulnerable activities. Impact is local: an attacker on the device could capture voic...
CVE-2021-28789
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace...
CVE-2021-28789
CVE-2021-28789 affects the unofficial apple/swift-format extension for Visual Studio Code prior to 1.1.2. A crafted apple-swift-format.path workspace configuration can trigger remote code execution when the workspace is opened, enabling an attacker to run arbitrary code. Multiple sources confirm ...