Lucene search
K

11 matches found

NVD
NVD
added 2026/06/15 8:16 a.m.13 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.34 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:0 a.m.17 views

CVE-2026-8386

WP Go Maps for WordPress is affected up to version 10.0.9. The vulnerability arises because the public single-marker REST endpoint does not filter by approval state, enabling unauthenticated users to fetch marker records that administrators have not approved for public display. Exposed data may i...

5.3CVSS5.4AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.8 views

CVE-2026-8385 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.2AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.8 views

EUVD-2026-36697

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS5.3AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.36 views

CVE-2026-8385 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:18 a.m.21 views

CVE-2026-29207

CVE-2026-29207 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06) and can enable an improper neutralization of template engine elements, with Low-Privilege server-side SSTI that can lead to RCE in the Content component. The recommended remediation is to upgrade to OFBiz 24.09.06 or later....

6.5CVSS5.7AI score0.00541EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/23 2:23 p.m.8 views

USN-6098-1 Jhead vulnerabilities

It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. CVE-2019-19035 It was discovered that Jhead did not properly...

7.8CVSS6.7AI score0.01435EPSS
Exploits7References9
RedHat Linux
RedHat Linux
added 2017/05/09 5:13 p.m.4 views

jasper: insufficient SIZ marker segment data sanity checks

The jpcpinextrpcl function in jpct2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via a crafted file...

5.5CVSS7.4AI score0.01932EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/05/09 5:13 p.m.4 views

jasper: insufficient SIZ marker segment data sanity checks

The jasseq2dcreate function in jasseq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via a crafted file...

5.5CVSS7.4AI score0.01975EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/05/09 5:13 p.m.6 views

jasper: insufficient SIZ marker segment data sanity checks

The calcstepsizes function in jpcdec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via a crafted file...

5.5CVSS7.4AI score0.01949EPSS
Exploits0References4
Rows per page
Query Builder