71 matches found
Joomla! Component Jstore - 'Controller' Local File Inclusion
A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...
MINI-5286-8PCP-XG84
Bulletin has no description...
OPENSUSE-SU-2026:20460-1 Security update for chromium
This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.177 boo1261249 CVE-2026-5273: Use after free in CSS CVE-2026-5272: Heap buffer overflow in GPU CVE-2026-5274: Integer overflow in Codecs CVE-2026-5275: Heap buffer overflow in ANGLE CVE-2026-5276:...
CVE-2026-5286
An use after free flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493900619...
CVE-2026-5286
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-5286
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-5286
The provided documents describe CVE-2026-5286 as a memory-use-after-free in Chrome’s Dawn component, exploitable via crafted HTML pages to achieve remote code execution. Affected software: Google Chrome (Dawn component) with vulnerable Dawn paths in Chromium prior to version 146.0.7680.178. Root ...
CVE-2026-5286
creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0385/ 2026-04-01 06:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116327922216539438 2026-04-01 06:00:29+00:00| seen|...
EUVD-2006-7137
Malware in sbrugna...
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additionalsettings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additionalsettings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5286
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2020-5286
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5...
CVE-2010-5286
Directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...
CVE-2024-5286 WP Affiliate Platform < 6.5.1 - Reflected XSS via Banner Editing
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5286 WP Affiliate Platform < 6.5.1 - Reflected XSS via Banner Editing
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5286
creationtimestamp| type| source ---|---|--- 2023-09-30 00:38:00+00:00| seen| https://t.me/cibsecurity/71334...
CVE-2023-5286
The CVE-2023-5286 entry affects SourceCodester Expense Tracker App v1, specifically the Category Handler’s add_category.php where manipulating the category_name parameter causes cross-site scripting (XSS). Descriptions across multiple sources confirm remote exploitation potential and public discl...
CVE-2013-5286
Rejected reason: This candidate is unused by its CNA...
SUSE CVE-2015-5286
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...