CVE-2025-9123

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

OESA-2025-2285 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handli...

PT-2025-44104

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s fastrpc implementation that could lead to a map leak. A failure within the copy to user function could result in an early return without properly...

CVE-2025-9123

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-9123

CVE-2025-9123 affects the CBX Map for Google Map & OpenStreetMap WordPress plugin. The stored XSS vulnerability exists in the popup heading and location address parameters in all versions up to and including 1.1.12, caused by insufficient input sanitization and output escaping. Authenticated user...

CVE-2025-9123 CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin CBX Map for Google Map & OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-37141

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2022-45436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows...

CVE-2025-54917

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2025-54913

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally...

CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability

...

CVE-2025-54917

CVE-2025-54917 is a network-exploitable issue in Windows MapUrlToZone that enables circumvention of a security mechanism. The CVSS v3.1 base score is 4.3 (NETWORK, LOW attack complexity, NONE privileges, UI required) with a LOW confidentiality impact. The Connected documents indicate this CVE map...

CVE-2025-54107

CVE-2025-54107 involves the Windows MapUrlToZone component with improper resolution of path equivalence, enabling circumvention of a security feature over a network. The entry lists CVSS 3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (base 4.3, MEDIUM) and notes a network-exposed vector with no privileg...

CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability

...

CVE-2025-54913

CVE-2025-54913 affects Windows UI XAML Maps MapControlSettings. It is a race condition caused by concurrent execution using a shared resource with improper synchronization, allowing an authorized attacker to locally elevate privileges. Reported CVSS base score ~7.8 (HIGH) with LOCAL attack vector...

CLSA-2025-1757427057 grafana: Fix of CVE-2022-23552

CVE-2022-23552: sanitize SVG inputs in GeoMap by adding a dompurify preprocessor step, preventing stored XSS where malicious SVG could execute arbitrary JavaScript...

XAPI UTF-8 string handling

ISSUE DESCRIPTION There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the...

Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally...

KLA87444 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...