Lucene search
K

6512 matches found

WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.17 views

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks PoC - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add...

4.9CVSS5.5AI score0.00491EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2024/01/31 12:0 a.m.144 views

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

4.9CVSS5.8AI score0.00491EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2024/01/25 9:43 a.m.3 views

kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment

A memory corruption flaw was found in setcon2fbmap in drivers/video/fbdev/core/fbcon.c in the Framebuffer Console in the Linux kernel. This flaw allows a local attacker to crash the system, leading to a denial of service...

5.5CVSS6.7AI score0.0018EPSS
Exploits0References5
OSV
OSV
added 2024/01/24 2:15 p.m.4 views

CVE-2023-6697

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.0104EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/24 1:52 p.m.25 views

CVE-2023-6697 WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.1AI score0.0104EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/01/17 12:0 a.m.14 views

WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software CBX Map for Google Map & OpenStreetMap Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22297 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6cbb40aedd6b Credits Ngô Thiên An...

6.5CVSS6.6AI score0.0031EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/16 10:15 a.m.3 views

CVE-2023-52104

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS5.8AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/01/06 12:0 a.m.3 views

The vulnerability of the OSMMapPMRGeneric function (pmr_os.c) in the Android operating system allows a hacker to increase their privileges.

The vulnerability of the OSMMapPMRGeneric function pmros.c in the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

10CVSS7.8AI score0.00414EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/05 12:0 a.m.5 views

PT-2024-11600 · Obsidian · Obsidian Mind Map

Name of the Vulnerable Software and Affected Versions: Obsidian Mind Map version 1.1.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document. Recommendations: For Obsidian Mind Map version 1.1.0, update to a version that contain...

6.1CVSS7.4AI score0.00504EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/01/05 12:0 a.m.20 views

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

7.8AI score0.00504EPSS
Exploits1References2
CVE
CVE
added 2024/01/05 12:0 a.m.37 views

CVE-2022-36677

CVE-2022-36677 : Obsidian Mind Map v1.1.0 is described as allowing arbitrary code execution via a crafted payload injected into an uploaded document. Multiple connected sources confirm this impact; the exact root cause is not detailed in the provided excerpts. CVSS v3.1 vectors suggest network at...

6.1CVSS7.7AI score0.00504EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/01/03 6:15 a.m.5 views

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

5.4CVSS6AI score0.00547EPSS
Exploits2References3
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.9 views

WordPress Ideal Interactive Map Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Ideal Interactive Map Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52189 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a837bcedc198 Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.5AI score0.00328EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/02 6:15 a.m.17 views

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP...

7.8CVSS7.9AI score0.0011EPSS
Exploits0References1
Prion
Prion
added 2024/01/02 6:15 a.m.30 views

Memory corruption

Memory corruption in Audio when memory map command is executed consecutively in ADSP...

4.3CVSS7.5AI score0.0011EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/02 5:38 a.m.15 views

CVE-2023-43514 Use After Free in DSP Services

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP...

8.4CVSS7.2AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/02 5:38 a.m.21 views

CVE-2023-43514 Use After Free in DSP Services

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP...

8.4CVSS8.8AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2024/01/02 5:38 a.m.132 views

CVE-2023-33120

CVE-2023-33120 affects Qualcomm ADSP Audio: memory corruption occurs when a memory map command is executed consecutively. This is described across multiple sources (NVD/Red Hat/RH advisories) as a memory corruption in Audio due to repeated memory-mapping commands. The CVSS-based description in th...

7.8CVSS7.9AI score0.0011EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.4 views

PT-2024-12421 · Adsp · Adsp

Name of the Vulnerable Software and Affected Versions: ADSP affected versions not specified Description: The issue is related to memory corruption in the Audio component of ADSP when a memory map command is executed consecutively. Recommendations: At the moment, there is no information about a...

7.8CVSS6.8AI score0.0011EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/12/27 4:15 p.m.3 views

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...

7.5CVSS5.8AI score0.00851EPSS
Exploits0References7
Rows per page
Query Builder