CVE-2026-28976

An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges...

CVE-2026-28976

creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...

CVE-2025-28976 WordPress Email Address Security by WebEmailProtector <= 3.3.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dsrodzin Email Address Security by WebEmailProtector allows Stored XSS. This issue affects Email Address Security by WebEmailProtector: from n/a through 3.3.6...

CVE-2025-28976

CVE-2025-28976 corresponds to a Stored XSS in the WordPress plugin Email Address Security by WebEmailProtector (versions &lt;= 3.3.6). The issue stems from improper input neutralization during web page generation, enabling cross-site scripting when user-supplied input is rendered. Affected softwa...

WordPress Email Address Security by WebEmailProtector plugin <= 3.3.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by chuck in WordPress Plugin Email Address Security by WebEmailProtector versions = 3.3.6...

CVE-2021-28976

creationtimestamp| type| source ---|---|--- 2025-04-12 21:02:17+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lmngl2yknx27...

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...

CVE-2020-28976

creationtimestamp| type| source ---|---|--- 2024-11-14 06:07:24+00:00| seen| MISP/15b0eb04-a9b0-47d6-9d32-cdc72a671fa1...

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2023-28976

creationtimestamp| type| source ---|---|--- 2023-04-18 02:28:58+00:00| seen| https://t.me/cibsecurity/62327...

CVE-2023-28976

This CVE involves an Improper Check for Unusual or Exceptional Conditions in the PFE of Juniper Networks Junos OS on MX Series. A network-based attacker can trigger a DoS by sending traffic that exceeds the DDoS threshold, causing the ingress PFE to crash and restart and potentially sustaining a ...

CVE-2023-28976 Junos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead to an FPC crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If specific traffic is received on MX Series and its rate exceeds...

Juniper Junos OS Vulnerability (JSA70601)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70601 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX Series allows an...

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...

CVE-2021-28976

CVE-2021-28976 affects GetSimpleCMS versions prior to 3.3.16, with a remote code execution vulnerability in admin/upload.php exploitable through PHAR file uploads. The connected sources confirm a phar-based attack chain leading to RCE (e.g., PoCs and exploits in Exploit-DB/PacketStorm) and indica...

WordPress Canto 1.3.0 Server-Side Request Forgery

Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...

Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)

Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...

CVE-2020-28976

The CVE-2020-28976 entry relates to WordPress Canto plugin 1.3.0, which is vulnerable to blind Server-Side Request Forgery. The flaw allows an unauthenticated attacker to cause requests to arbitrary internal/external hosts via the subdomain parameter in endpoints such as includes/lib/detail.php?s...