Lucene search
K

15 matches found

vulnersOsv
vulnersOsv
added 2026/03/12 8:32 p.m.11 views

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-28792 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-28792 Source advisory: OSV:GHSA-8PW3-9M7F-Q734...

9.6CVSS5.8AI score0.00535EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 6:44 p.m.6 views

@tinacms/app (>=0.0.0-00aadfd-20260223215804 <=2.3.26), @tinacms/cli (>=0.0.0-00aadfd-20260223215804 <=2.1.7) +7 more potentially affected by CVE-2026-28792 via @tinacms/schema-tools (>=2.0.0 <=2.6.0)

@tinacms/schema-tools NPM version =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804,...

9.6CVSS5.8AI score0.00535EPSS
Exploits1
Circl
Circl
added 2026/03/12 5:31 p.m.3 views

CVE-2026-28792

creationtimestamp| type| source ---|---|--- 2026-03-12 17:31:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mguwjgg63p2c 2026-03-12 17:32:37+00:00| seen| https://mastodon.social/ap/users/115755483699003887/statuses/116217391584830163 2026-03-12 20:32:09+00:00|...

9.6CVSS5.7AI score0.00535EPSS
Exploits1References4
OSV
OSV
added 2026/03/12 4:48 p.m.5 views

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00535EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.7 views

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

7.8CVSS7.6AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2023/04/07 3:15 p.m.21 views

CVE-2023-28792

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/07 2:0 p.m.13 views

CVE-2023-28792 WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

7.1CVSS5.8AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2023/04/07 2:0 p.m.70 views

CVE-2023-28792

CVE-2023-28792 affects the WordPress plugin Continuous Image Carousel With Lightbox (WordPress plugin)

7.1CVSS6.1AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/03/27 12:0 a.m.13 views

WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Software Continuous Image Carousel With Lightbox Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28792 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 159303f2d180...

7.1CVSS5.6AI score0.00382EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2022/05/04 12:39 a.m.7 views

CVE-2022-28792

creationtimestamp| type| source ---|---|--- 2022-05-04 00:39:00+00:00| seen| https://t.me/cibsecurity/41868...

7.8CVSS7.5AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/03 8:15 p.m.2 views

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

7.8CVSS7.3AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 2022/05/03 8:15 p.m.2 views

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

7.8CVSS7.3AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2022/05/03 7:43 p.m.81 views

CVE-2022-28792

In Gear IconX PC Manager, a DLL hijacking vulnerability exists prior to version 2.1.220405.51 that allows arbitrary code execution when the vulnerable DLL is loaded. Root cause: missing absolute path for the DLL. Impact: local arbitrary-code execution with the vulnerability context stated; CVSS m...

7.8CVSS7.8AI score0.00234EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2021/03/18 7:32 p.m.4 views

CVE-2021-28792

creationtimestamp| type| source ---|---|--- 2021-03-18 19:32:30+00:00| seen| https://t.me/cibsecurity/25130...

7.8CVSS7.5AI score0.01678EPSS
Exploits0References1
CVE
CVE
added 2021/03/18 3:4 p.m.39 views

CVE-2021-28792

The CVE-2021-28792 entry concerns the unofficial Swift Development Environment extension for Visual Studio Code, affected prior to version 2.12.1. A malicious workspace can trigger arbitrary code execution by supplying crafted values in several extension configuration fields (e.g., sourcekit-lsp....

7.8CVSS8AI score0.01678EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder