6457 matches found
CVE-2025-12369
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
WordPress Extensions for Leaflet Map plugin <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.7...
CVE-2025-12369
The CVE-2025-12369 entry concerns WordPress plugin Extensions for Leaflet Map (
CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
PT-2025-44948
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
WordPress plugin Extensions for Leaflet Map 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Extensions for Leaflet Map suffers from a cross-site scripting vulnerability...
xorg: xmayland: Value overflow in XkbSetCompatMap()
A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...
Moderate: Red Hat Security Advisory: xorg-x11-server-Xwayland security update
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
xorg: xmayland: Value overflow in XkbSetCompatMap()
A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...
ALSA-2025:19489 Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Moderate: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland:...
ALSA-2025:19435 Moderate: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal CVE-2025-62230 xorg: xmayland: Value overflow in XkbSetCompatMap...
ALSA-2025:19432 Moderate: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal CVE-2025-62230 xorg: xmayland: Value overflow in XkbSetCompatMap...
SUSE-SU-2025:3909-1 Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 Fixed use-after-free in Xkb client resource removal CVE-2025-62230, bsc1251959 Fixed value overflow in Xkb extension XkbSetCompatMap CVE-2025-62231,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue where foreground garbage collection might be triggered during f2fsmapblocks in lfs mode. The issue occurs when the “mode=lfs” mount option is used; this can cause a system panic. ------------ Cut here...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in getnewsegment ------------ cut here --- WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 newcurseg+0x5e8/0x6dc PC: newcurseg+0x5e8/0x6dc Call trace: newcurseg+0x5e8/0x6dc f2fsallocatedatablock+0xa54/0xe...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapoavx2: fix initial map fill If the first field does not cover the entire start map, then we must zero out the remaining bits; otherwise, those bits will be leaked into the next matching map round. The initial...
Unbounded allocation when parsing GNU sparse map in archive/tar
...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2025:3872-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3872-1 advisory. - Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 - Fixed...