Lucene search
K

6513 matches found

Vulnrichment
Vulnrichment
added 2023/11/08 6:29 p.m.4 views

CVE-2023-47223 WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Map Plugins Basic Interactive World Map plugin = 2.0 versions...

5.9CVSS6.5AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/08 12:0 a.m.3 views

WordPress Plugin Basic Interactive World Map Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

4.8CVSS6AI score0.00397EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: drm/gud: Fix UBSAN warning

A flaw was found in the GUD Generic USB Display driver in the Linux kernel. Uninitialized iosysmap variables on the stack contain garbage values in their isiomem boolean field. When iosysmapclear checks this field, UBSAN flags it as an invalid boolean value, indicating potential undefined behavio...

7.2AI score0.00166EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...

5.5CVSS6.6AI score0.00349EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.2 views

kernel: bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE

A flaw was found in the bpftool distributed by the Linux kernel. A NULL pointer dereference can be triggered when bpftool is used to pin PROG, MAP, LINK without FILE due to a missing validation. This issue can result in a denial of service...

5.5CVSS6.7AI score0.00183EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: bpf, sockmap: Don&#39;t let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...

9.1CVSS6.3AI score0.01219EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 8:59 a.m.5 views

grafana: persistent xss in grafana core plugins

A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...

7.3CVSS7.3AI score0.00779EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.13 views

WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software CBX Map for Google Map & OpenStreetMap Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47240 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 37695d80e832 Credit...

6.5CVSS5.8AI score0.00386EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/03 12:0 a.m.14 views

WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Basic Interactive World Map Type Plugin Vulnerable versions = 2.0 Fixed in 2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 49944254b130 Credits DoYeon Park p6rkdoye0n Require...

4.8CVSS6.6AI score0.00397EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/30 1:3 p.m.5 views

jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

8.8CVSS6.1AI score0.00585EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/30 11:10 a.m.5 views

jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

8.8CVSS6.1AI score0.00585EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.80 views

GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j

The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...

10CVSS8.4AI score0.99999EPSS
Exploits350References4
OSV
OSV
added 2023/10/25 6:17 p.m.5 views

CVE-2023-46558

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice...

9.8CVSS5.8AI score0.0083EPSS
Exploits1References2
NVD
NVD
added 2023/10/25 6:17 p.m.14 views

CVE-2023-46190

Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

CVE-2023-46190

Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...

8.8CVSS7.3AI score0.00271EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...

6.8CVSS8.8AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-30088 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered in the function formMapDelDevice. Recommendations: For version 1.0.0-B20230221.0948.web, as a temporary workaround, consider disabling the...

9.8CVSS7.7AI score0.0083EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

WordPress Plugin Novo-Map : your WP posts on custom google maps Cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Novo-Map : your WP posts o...

8.8CVSS6.6AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/24 10:23 a.m.17 views

CVE-2023-46190 WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...

4.3CVSS7.1AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2023/10/24 10:23 a.m.42 views

CVE-2023-46190

CVE-2023-46190 affects the WordPress plugin Novo-map (Novo-Map) up to version 1.1.2. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that, per sources, can be exploited with unauthenticated privileges to trigger actions on behalf of an authenticated user. Remediation: upgrade to a ...

8.8CVSS6.5AI score0.00271EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder