13 matches found
CVE-2026-28790
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...
CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...
CVE-2026-28790
creationtimestamp| type| source ---|---|--- 2026-03-02 00:27:21+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq 2026-03-05 22:04:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdsilvrhp2o 2026-03-07 16:00:58+00:00|...
CVE-2022-28790
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic...
CVE-2021-28790
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace...
CVE-2023-28790
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...
CVE-2023-28790 WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...
CVE-2023-28790
CVE-2023-28790 affects the WordPress plugin Simple Staff List (versions
WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Simple Staff List Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28790 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c81a8d7db73 Credits Yuki Haruma Required...
CVE-2022-28790
creationtimestamp| type| source ---|---|--- 2022-05-04 00:39:09+00:00| seen| https://t.me/cibsecurity/41875...
CVE-2022-28790
CVE-2022-28790 relates to the Link to Windows Service prior to version 2.3.04.1, where improper authentication can allow an attacker to lock the device. The available documents state the patch fixes this by adding proper caller signature check logic. No exploitation details are provided in the so...
CVE-2021-28790
CVE-2021-28790 affects the unofficial SwiftLint extension for Visual Studio Code prior to 1.4.5. A crafted swiftlint.path workspace configuration can trigger arbitrary code execution when the workspace is opened, enabling remote code execution under a local attack vector. The vulnerability arises...
XSS Vulnerability in WeiPHP of Shenzhen Yuanmeng Cloud Technology Co. Ltd (CNVD-2020-28790)
WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. Shenzhen Yuanmeng Yun Technology Co., Ltd WeiPHP exists XSS vulnerability, attackers can use the vulnerability in the case of not logging in by inserting malicious j...