Malicious code in hiro-experience-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4354fbcce18783cfcf619d78e5e9ef34cdd70bfd398b9c88117979700ea2cc3d The package hiro-experience-map was found to contain malicious code...

EUVD-2025-38717

Malicious code in hiro-experience-map npm...

MAL-2025-49576 Malicious code in hiro-experience-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4354fbcce18783cfcf619d78e5e9ef34cdd70bfd398b9c88117979700ea2cc3d The package hiro-experience-map was found to contain malicious code...

WordPress Travelers' Map plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Travelers' Map versions = 2.3.2...

Access Control Bypass

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Access Control Bypass due to insufficient Content Security Policy enforcement in the Network.loadNetworkResource method of the DevTools protocol network handler. An attacker can exfiltrat...

CVE-2025-12890 Bluetooth: peripheral: Invalid handling of malformed connection request

Improper handling of malformed Connection Request with the interval set to be 1 which supposed to be illegal and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it...

CVE-2025-12890 Bluetooth: peripheral: Invalid handling of malformed connection request

Improper handling of malformed Connection Request with the interval set to be 1 which supposed to be illegal and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it...

CVE-2025-48078

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

[SECURITY] Fedora 42 Update: GeographicLib-2.5.2-1.fc42

GeographicLib is a small set of C++ classes for performing conversions between geographic, UTM, UPS, MGRS, geocentric, and local Cartesian coordinates, for gravity e.g., EGM2008, geoid height and geomagnetic field e.g., WMM2010 calculations, and for solving geodesic problems. The emphasis is on...

Amazon Linux 2023 : runc (ALAS2023-2025-1263)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1263 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-072 (ALASNITRO-ENCLAVES-2025-072)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-072 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2025-48078

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

CVE-2025-48078

CVE-2025-48078 is a CSRF-to-Stored XSS vulnerability in the Slick Google Map WordPress plugin (slick-google-map) affecting versions up to 0.3. The issue is triggered via cross-site requests, enabling stored XSS. The CVSS 3.1 base score is 8.8 (HIGH). The provided documents do not specify a remedi...

CVE-2025-48078 WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

CVE-2025-48078 WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

EUVD-2025-38023

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

RLSA-2025:19435 Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal CVE-2025-62230 xorg: xmayland: Value overflow in XkbSetCompatMap...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990562)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990562 advisory. In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp-cpconn would produce null...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990444)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990444 advisory. In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page...