6513 matches found
CVE-2023-3171
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...
CVE-2023-3171
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...
Exploit for Authorization Bypass Through User-Controlled Key in Zabbix
CVE-2019-17382 - Zabbix Authentication Bypass A critical vuln...
CVE-2023-5056 Skupper-operator: privelege escalation via config map
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...
JavaScript Source Map Detected
Developers often combine and minify their application JavaScript sources to help the server delivering it more efficiently to the client browsers. Sometimes, web applications JavaScript code may also be transpiled from another language like CoffeeScript of TypeScript. A source map is a file that...
PT-2023-8763 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0-rc3-00699-g90679706d486-dirty 494 Description: The vulnerability is related to a race condition between btf put and map free in the Linux kernel. This issue can lead to a slab-use-after-free error,...
Directory Traversal
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Directory Traversal in the retrieveSourceMap function. Note: This issue is not a vulnerability because no real attack scenario can happen in the context of the package, where the developer...
mapofthepast.com Improper Access Control vulnerability OBB-3804558
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
NESP2 SQL Injection Vulnerability
NESP2 is a web map open source by Reiner Lemoine Institut. NESP2 suffers from a SQL injection vulnerability that stems from a SQL injection problem in app/database.py...
10Web Map Builder for Google Maps < 1.0.74 - Cross-Site Request Forgery to Notice Dismissal
Description The 10Web Map Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.73. This is due to missing or incorrect nonce validation on the gmwdbpinstallnoticestatus function. This makes it possible for unauthenticated attackers to...
WP GPX Map < 1.7.06 - Missing Authorization
Description The WP GPX Map plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpgpxmapsdismissnotice function in versions up to, and including, 1.7.05. This makes it possible for authenticated attackers, with subscriber-level access an...
Multi-column Tag Map < 17.0.27 - Cross-Site Request Forgery
Description The Multi-column Tag Map plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the scmcTagMappluginoptions function in versions up to, and including, 17.0.26. This makes it possible for unauthenticated attackers to update the plugin's setting...
Leaflet Map < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above...
CVE-2023-47767
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fla-shop.Com Interactive World Map plugin = 3.2.0 versions...
CVE-2023-47767
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fla-shop.Com Interactive World Map plugin = 3.2.0 versions...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fla-shop.Com Interactive World Map plugin = 3.2.0 versions...
CVE-2023-47767
CVE-2023-47767 affects the WordPress plugin Fla-shop.Com Interactive World Map (versions = 3.4.4 to resolve the vulnerability; if immediate upgrade is not possible, apply any vendor-reported mitigation. This CVE is publicly listed with severity around medium-to-high depending on scoring source, a...
CVE-2023-47767 WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fla-shop.Com Interactive World Map plugin = 3.2.0 versions...
CVE-2023-5128
The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
PT-2023-30596 · WordPress · Fla-Shop.Com Interactive World Map
Name of the Vulnerable Software and Affected Versions: Fla-shop.Com Interactive World Map plugin versions prior to 3.2.0 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For versions prior to...