MAL-2025-4352 Malicious code in gatsby-plugin-source-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf49f8eebef7efd6ec079a3a0196b2b1eaeaf516da7db094412f8d5080f61f0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-45846

Cross-Site Request Forgery CSRF vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin 5.6.9 versions...

CVE-2022-45850

Cross-Site Request Forgery CSRF vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9...

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

CVE-2022-32406

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service DoS via a crafted MAP file...

CVE-2022-39359

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...

CVE-2021-30455

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

CVE-2021-24467

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the...

CVE-2021-24643

The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2021-37673

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

CVE-2021-37749

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...

CVE-2021-30456

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in getorinsert upon a panic of a user-provided f function...

CVE-2021-30457

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in removeset upon a panic in a Drop impl...

CVE-2021-29940

An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free in through and throughand upon a panic of the map function...

CVE-2021-24468

The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues...

CVE-2021-24502

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfilteredhtml capability is disallowed...

CVE-2021-24383

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24130

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+...

CVE-2020-14073

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access...