Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 12:59 p.m.6 views

CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References2
Circl
Circl
added 2026/03/01 11:59 p.m.3 views

CVE-2026-28789

creationtimestamp| type| source ---|---|--- 2026-03-01 23:59:25+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9 2026-03-07 16:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgi74zq7d325...

7.5CVSS7.2AI score0.00394EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.11 views

CVE-2023-28789

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.9 views

CVE-2022-28789

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

6.2CVSS6.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:34 p.m.6 views

CVE-2021-28789

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace...

7.8CVSS8.2AI score0.01714EPSS
Exploits0References1
Circl
Circl
added 2023/04/07 6:28 p.m.7 views

CVE-2023-28789

creationtimestamp| type| source ---|---|--- 2023-04-07 18:28:52+00:00| seen| https://t.me/cibsecurity/61684...

7.1CVSS7.1AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2023/04/07 3:15 p.m.12 views

CVE-2023-28789

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2023/04/07 2:12 p.m.49 views

CVE-2023-28789

CVE-2023-28789 affects the WordPress plugin Contact Forms by Cimatti (

7.1CVSS6.1AI score0.00382EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/07 2:12 p.m.18 views

CVE-2023-28789 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/03/27 12:0 a.m.11 views

WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28789 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 1fd073a7aa0a Credits thien...

7.1CVSS5.6AI score0.00382EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2022/05/04 12:38 a.m.8 views

CVE-2022-28789

creationtimestamp| type| source ---|---|--- 2022-05-04 00:38:59+00:00| seen| https://t.me/cibsecurity/41867...

6.2CVSS5.5AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2022/05/03 7:42 p.m.80 views

CVE-2022-28789

Voice Note (Samsung) vulnerabilities exist in versions before 21.3.51.11 due to unprotected activities that let an attacker record audio without user interaction. Root cause is missing permission restrictions for vulnerable activities. Impact is local: an attacker on the device could capture voic...

6.2CVSS5.5AI score0.00201EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/03/18 4:15 p.m.16 views

CVE-2021-28789

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace...

7.8CVSS8.1AI score
Exploits0References2
CVE
CVE
added 2021/03/18 3:5 p.m.103 views

CVE-2021-28789

CVE-2021-28789 affects the unofficial apple/swift-format extension for Visual Studio Code prior to 1.1.2. A crafted apple-swift-format.path workspace configuration can trigger remote code execution when the workspace is opened, enabling an attacker to run arbitrary code. Multiple sources confirm ...

7.8CVSS8AI score0.01714EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder