15 matches found
@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-28792 via @tinacms/cli (>=0.60.28 <=1.12.6)
@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-28792 Source advisory: OSV:GHSA-8PW3-9M7F-Q734...
@tinacms/app (>=0.0.0-00aadfd-20260223215804 <=2.3.26), @tinacms/cli (>=0.0.0-00aadfd-20260223215804 <=2.1.7) +7 more potentially affected by CVE-2026-28792 via @tinacms/schema-tools (>=2.0.0 <=2.6.0)
@tinacms/schema-tools NPM version =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804,...
CVE-2026-28792
creationtimestamp| type| source ---|---|--- 2026-03-12 17:31:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mguwjgg63p2c 2026-03-12 17:32:37+00:00| seen| https://mastodon.social/ap/users/115755483699003887/statuses/116217391584830163 2026-03-12 20:32:09+00:00|...
CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...
CVE-2022-28792
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...
CVE-2023-28792
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-28792 WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-28792
CVE-2023-28792 affects the WordPress plugin Continuous Image Carousel With Lightbox (WordPress plugin)
WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
Software Continuous Image Carousel With Lightbox Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28792 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 159303f2d180...
CVE-2022-28792
creationtimestamp| type| source ---|---|--- 2022-05-04 00:39:00+00:00| seen| https://t.me/cibsecurity/41868...
CVE-2022-28792
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...
CVE-2022-28792
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...
CVE-2022-28792
In Gear IconX PC Manager, a DLL hijacking vulnerability exists prior to version 2.1.220405.51 that allows arbitrary code execution when the vulnerable DLL is loaded. Root cause: missing absolute path for the DLL. Impact: local arbitrary-code execution with the vulnerability context stated; CVSS m...
CVE-2021-28792
creationtimestamp| type| source ---|---|--- 2021-03-18 19:32:30+00:00| seen| https://t.me/cibsecurity/25130...
CVE-2021-28792
The CVE-2021-28792 entry concerns the unofficial Swift Development Environment extension for Visual Studio Code, affected prior to version 2.12.1. A malicious workspace can trigger arbitrary code execution by supplying crafted values in several extension configuration fields (e.g., sourcekit-lsp....