WordPress Google Map Professional - Cross-Site Scripting

WordPress Google Map Professional Map In Your Language plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such ...

GeoServer - XML External Entity Injection

GeoServer 2.26.0 to 2.26.2 and 2.25.6 contains an XML External Entity XXE injection caused by insufficient sanitization of XML input in /geoserver/wms GetMap operation, letting attackers disclose files or cause DoS, exploit requires crafted XML input. id: CVE-2025-58360 info: name: GeoServer - XM...

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion

A directory traversal vulnerability in the iNetLanka Multiple Map commultimap component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1953 info: name: Joomla! Component iNetLanka Multiple Map 1.0 - Local Fil...

CVE-2026-53160

A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...

CVE-2026-53005

A flaw was found in the Linux kernel's afunix component, specifically within its SOCKMAP feature. This vulnerability stems from the kernel's improper handling of Socket Control Message SCM attributes when data is passed to the SOCKMAP layer. This can lead to a use-after-free condition, which may...

CVE-2026-52955

A flaw was found in the libceph component of the Linux kernel. A remote attacker could send a specially crafted CEPHMSGOSDMAP message where two internal fields, alg and b-alg, contain differing bucket algorithm values. This discrepancy can lead to an out-of-bounds memory access during processing ...

CVE-2026-52954

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted CEPHMSGOSDMAP message containing a corrupted CRUSH map. If this map includes two crushchooseargmaps with identical indices, it triggers an assertion failure, leading to a kernel bug and a...

CVE-2026-53076

A flaw was found in the Linux kernel. This vulnerability, located in the BPF Berkeley Packet Filter subsystem, involves an out-of-bounds read when data is copied between specific types of BPF maps. The system incorrectly handles data sizes that are not aligned to a specific memory boundary, causi...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 packages and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

CVE-2026-53160

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...

EUVD-2026-39251

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...

CVE-2026-53160

In CVE-2026-53160, the Linux kernel misc: fastrpc subsystem had a use-after-free race in fastrpc_map_create. Specifically, fastrpc_map_lookup returned a raw pointer after releasing fl-&gt;lock, and the caller then invoked fastrpc_map_get (kref_get_unless_zero) on that unprotected pointer. A concu...

CVE-2026-53154

CVE-2026-53154 concerns the Linux kernel mm/hugetlb subsystem. The fix restores the per-VMA hugetlb reservation on error during hugetlb folio copy paths (specifically after alloc_hugetlb_folio() and before folio_put()), preventing leaked reservations that could cause a subsequent fault to encount...

CVE-2026-53096

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter component, specifically within the devmapredirectmulti function. This vulnerability arises from an incorrect iteration method in an RCU Read-Copy-Update protected context, where hlistforeachentrysafe is used without proper RCU...

EUVD-2026-38903

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix iter deadlock bpfiterunixseqshow may deadlock when locksockfast takes the fast path and the iter prog attempts to update a sockmap. Which ends up spinning at sockmapupdateelem's bhlocksock: WARNING:...

EUVD-2026-38901

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...