6512 matches found
MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings
Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks PoC - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add...
MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings
Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...
kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment
A memory corruption flaw was found in setcon2fbmap in drivers/video/fbdev/core/fbcon.c in the Framebuffer Console in the Linux kernel. This flaw allows a local attacker to crash the system, leading to a denial of service...
CVE-2023-6697
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2023-6697 WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)
Software CBX Map for Google Map & OpenStreetMap Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22297 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6cbb40aedd6b Credits Ngô Thiên An...
CVE-2023-52104
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...
The vulnerability of the OSMMapPMRGeneric function (pmr_os.c) in the Android operating system allows a hacker to increase their privileges.
The vulnerability of the OSMMapPMRGeneric function pmros.c in the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
PT-2024-11600 · Obsidian · Obsidian Mind Map
Name of the Vulnerable Software and Affected Versions: Obsidian Mind Map version 1.1.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document. Recommendations: For Obsidian Mind Map version 1.1.0, update to a version that contain...
CVE-2022-36677
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
CVE-2022-36677
CVE-2022-36677 : Obsidian Mind Map v1.1.0 is described as allowing arbitrary code execution via a crafted payload injected into an uploaded document. Multiple connected sources confirm this impact; the exact root cause is not detailed in the provided excerpts. CVSS v3.1 vectors suggest network at...
CVE-2023-6524
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
WordPress Ideal Interactive Map Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Ideal Interactive Map Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52189 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a837bcedc198 Credits Ngô Thiên An ancorn from VNPT-VCI...
CVE-2023-33120
Memory corruption in Audio when memory map command is executed consecutively in ADSP...
Memory corruption
Memory corruption in Audio when memory map command is executed consecutively in ADSP...
CVE-2023-43514 Use After Free in DSP Services
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP...
CVE-2023-43514 Use After Free in DSP Services
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP...
CVE-2023-33120
CVE-2023-33120 affects Qualcomm ADSP Audio: memory corruption occurs when a memory map command is executed consecutively. This is described across multiple sources (NVD/Red Hat/RH advisories) as a memory corruption in Audio due to repeated memory-mapping commands. The CVSS-based description in th...
PT-2024-12421 · Adsp · Adsp
Name of the Vulnerable Software and Affected Versions: ADSP affected versions not specified Description: The issue is related to memory corruption in the Audio component of ADSP when a memory map command is executed consecutively. Recommendations: At the moment, there is no information about a...
CVE-2023-3171
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...