Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 12:58 p.m.3 views

CVE-2026-28790

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

7.5CVSS5.8AI score0.0065EPSS
Exploits1References2
OSV
OSV
added 2026/03/05 7:34 p.m.5 views

CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

7.5CVSS5.8AI score0.0065EPSS
Exploits1References5
Circl
Circl
added 2026/03/02 12:27 a.m.3 views

CVE-2026-28790

creationtimestamp| type| source ---|---|--- 2026-03-02 00:27:21+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq 2026-03-05 22:04:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdsilvrhp2o 2026-03-07 16:00:58+00:00|...

7.5CVSS7.2AI score0.0065EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.5 views

CVE-2022-28790

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic...

4CVSS7.1AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:34 p.m.10 views

CVE-2021-28790

The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace...

7.8CVSS8.2AI score0.01678EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 3:18 p.m.17 views

CVE-2023-28790

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...

5.9CVSS5.4AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/27 5:14 a.m.10 views

CVE-2023-28790 WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
CVE
CVE
added 2023/09/27 5:14 a.m.37 views

CVE-2023-28790

CVE-2023-28790 affects the WordPress plugin Simple Staff List (versions

5.9CVSS5AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/08/17 12:0 a.m.14 views

WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Simple Staff List Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28790 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c81a8d7db73 Credits Yuki Haruma Required...

5.9CVSS6AI score0.00316EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2022/05/04 12:39 a.m.5 views

CVE-2022-28790

creationtimestamp| type| source ---|---|--- 2022-05-04 00:39:09+00:00| seen| https://t.me/cibsecurity/41875...

4CVSS4.2AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2022/05/03 7:42 p.m.81 views

CVE-2022-28790

CVE-2022-28790 relates to the Link to Windows Service prior to version 2.3.04.1, where improper authentication can allow an attacker to lock the device. The available documents state the patch fixes this by adding proper caller signature check logic. No exploitation details are provided in the so...

4CVSS4.3AI score0.00199EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/18 3:4 p.m.36 views

CVE-2021-28790

CVE-2021-28790 affects the unofficial SwiftLint extension for Visual Studio Code prior to 1.4.5. A crafted swiftlint.path workspace configuration can trigger arbitrary code execution when the workspace is opened, enabling remote code execution under a local attack vector. The vulnerability arises...

7.8CVSS8AI score0.01678EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/04/29 12:0 a.m.2 views

XSS Vulnerability in WeiPHP of Shenzhen Yuanmeng Cloud Technology Co. Ltd (CNVD-2020-28790)

WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. Shenzhen Yuanmeng Yun Technology Co., Ltd WeiPHP exists XSS vulnerability, attackers can use the vulnerability in the case of not logging in by inserting malicious j...

6.2AI score
Exploits0
Rows per page
Query Builder