kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

ALSA-2026:0443 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: media: rc: fix races with imondisconnect CVE-2025-39993 kernel: sctp: avoid NULL dereference when chunk data buffer is missing...

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: media: rc: fix races with imondisconnect CVE-2025-39993 kernel: sctp: avoid NULL dereference when chunk data buffer is missing...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: rc: fix races with imondisconnect CVE-2025-39993 kernel: sctp: avoid NULL dereference when chunk data buffer is missing CVE-2025-40240 kernel: libceph: fix potential use-after-free...

EUVD-2026-1911

Malicious code in conmiyagi-map npm...

MAL-2026-190 Malicious code in conmiyagi-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2e125bb096a79fe5c600e1826a5926312c29943a9f33edb1f2efbb0e0416203 The package conmiyagi-map was found to contain malicious code. Source: ghsa-malware fc52bddaac2d657d1e598f3b111f1195c1841882824da63324fac949f6f341ab...

Malicious code in conmiyagi-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2e125bb096a79fe5c600e1826a5926312c29943a9f33edb1f2efbb0e0416203 The package conmiyagi-map was found to contain malicious code. Source: ghsa-malware fc52bddaac2d657d1e598f3b111f1195c1841882824da63324fac949f6f341ab...

CVE-2021-0943

In MMUMapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...

CVE-2016-10878

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS...

CVE-2022-33094

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map...

CVE-2020-7644

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

CVE-2020-7949

schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call...

CVE-2023-25704

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

CVE-2023-45060

Cross-Site Request Forgery CSRF vulnerability in Fla-shop.Com Interactive World Map plugin = 3.2.0 versions...

CVE-2025-14057

The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-13519

The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...

CVE-2026-21504

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2...

CVE-2023-31074

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

CVE-2021-41277

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...

CVE-2025-23466

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsiteeditor Site Editor Google Map site-editor-google-map allows Reflected XSS.This issue affects Site Editor Google Map: from n/a through = 1.0.1...