Lucene search
K

120 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36837

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

5.3CVSS5.6AI score0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 3:27 a.m.20 views

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress contains an issue where the maxi_remove_custom_image_size AJAX action inadequately validates file ownership, allowing authenticated users with Author-level access or higher to delete arbitrary files in wp-content/uploads (including files from others/adm...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/04/14 11:37 a.m.7 views

WordPress Album and Image Gallery plus Lightbox plugin <= 2.1.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.8...

5.8AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 1:45 a.m.30 views

CVE-2026-5831 Agions taskflow-ai terminal_execute handlers.ts os command injection

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

6.5CVSS0.0111EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/09 1:45 a.m.2 views

CVE-2026-5831

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

6.5CVSS6.2AI score0.0111EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.8 views

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-28793

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS6AI score0.00203EPSS
Exploits1References1
CVE
CVE
added 2026/03/22 1:38 p.m.9 views

CVE-2019-25591

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow in the registration code input field that can crash the application via an excessively long string. The vulnerability allows local attackers to cause a denial of service by pasting a malicious registration code consisting of 300 re...

6.9CVSS6.2AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.7 views

Nsasoft Dnss Domain Name Search Software 缓冲区错误漏洞

Nsasoft Dnss Domain Name Search Software is a domain name search and analysis tool developed by the American company Nsasoft. Version 2.1.8 of Nsasoft Dnss Domain Name Search Software contains a buffer overflow vulnerability. This vulnerability stems from an issue with the registration code input...

6.9CVSS6.1AI score0.00179EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 6:44 p.m.7 views

Files or Directories Accessible to External Parties

Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the dev server configuration when...

6.9CVSS5.8AI score0.01025EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 5:16 p.m.5 views

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS0.00535EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 4:57 p.m.4 views

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 4:48 p.m.6 views

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00535EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 4:48 p.m.12 views

CVE-2026-28792

Technical details (affected components, root cause, exploit data, or remediation specifics) are not provided in the connected documents. Monitor for updates.

9.6CVSS5.9AI score0.00535EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 4:48 p.m.26 views

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS0.00535EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-25014

Name of the Vulnerable Software and Affected Versions TinaCMS versions prior to 2.1.8 Description TinaCMS is a headless content management system. Before version 2.1.8, the TinaCMS CLI development server configures Vite with server.fs.strict: false, disabling Vite’s built-in filesystem access...

6.2CVSS6AI score0.01025EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25013

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS5.9AI score0.00203EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/02/02 8:30 a.m.7 views

WordPress Enter Addons plugin <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Events Card Widget vulnerability discovered by lowol in WordPress Plugin Enter Addons versions = 2.1.8...

6.4CVSS5.3AI score0.00304EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder