EUVD-2026-23180

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

CVE-2026-3581

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

PT-2026-33263

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

WordPress plugin Basic Google Maps Placemarks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CLEANSTART-2026-OM95908 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0

Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GU55430 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-9h8m-3fm2-qjrq, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.9.4-r0, 1.9.4-r1, 1.9.4-r2, 1.9.4-r3

Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-68921

SteelSeries Nahimic 3 1.10.7 allows Directory traversal...

CVE-2025-68921

SteelSeries Nahimic 3 1.10.7 allows Directory traversal...

GravCMS security vulnerabilities

GravCMS is a content management system developed by the Grav company. Version 1.10.7 of GravCMS has a security vulnerability. This vulnerability stems from unvalidated YAML configurations that can be written into the system, potentially allowing PHP code to be executed through the scheduler...

CVE-2025-68921

The CVE-2025-68921 entry concerns SteelSeries Nahimic 3 1.10.7. A local directory traversal flaw in Nahimic enables a low-privilege user to escalate to NT AUTHORITY\SYSTEM. Multiple connected sources confirm a local privilege escalation vector, with documented exploit writeups (e.g., GitHub explo...

CVE-2025-68921

SteelSeries Nahimic 3 1.10.7 allows Directory traversal...

[SECURITY] Fedora 41 Update: opentofu-1.10.7-1.fc41

OpenTofu lets you declaratively manage your cloud infrastructure...

CVE-2025-36730

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...

PT-2025-41975

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...

Windsurf 安全漏洞

Windsurf is an AI programming software from Windsurf. A security vulnerability exists in Windsurf version 1.10.7, which stems from the possibility of creating filenames appended to user prompts when using the SWE-1 model in Write mode, causing Windsurf to execute its commands...

PT-2025-34174 · Ubiquiti · Unifi Connect Display Cast

Name of the Vulnerable Software and Affected Versions: UniFi Connect Display Cast versions prior to 1.10.7 UniFi Connect Display Cast Pro versions prior to 1.0.94 UniFi Connect Display Cast Lite versions prior to 1.1.8 Description: An improper access control issue could allow a malicious actor...

CVE-2021-41145

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH...

MaxKB 安全漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A security vulnerability exists in MaxKB 1.10.7 and earlier versions, which stems from a CSV injection in the component Knowledge Base Module...