Lucene search
K

349 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/08 12:37 a.m.8 views

EUVD-2026-42157

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS6AI score0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/07/07 11:16 p.m.7 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56283

Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...

6.5CVSS6.1AI score0.00278EPSS
Exploits0References12
OSV
OSV
added 2026/06/24 6:46 p.m.6 views

DRUPAL-CONTRIB-2026-062

Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules. One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability. This vulnerability is mitigated by the...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in gst-plugins-bad1.0

GStreamer DVB Subtitles Out-of-Bounds: Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary dependi...

7.8CVSS7.4AI score0.00729EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52175

Name of the Vulnerable Software and Affected Versions Drupal Geolocation Field versions 0.0.0 through 3.15.0 Description An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs...

6.1AI score0.00165EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.5 views

CVE-2026-56218

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.31 views

CVE-2026-56218 Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 3:24 p.m.3 views

CVE-2026-56218 Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS6AI score0.00205EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50620

Name of the Vulnerable Software and Affected Versions Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress versions prior to 1.3.13.2 Description Sensitive information exposure occurs via the get events function. This allows unauthenticated attackers to extra...

5.3CVSS5.9AI score0.0031EPSS
Exploits0References14
NVD
NVD
added 2026/06/15 8:16 a.m.18 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.38 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.15 views

EUVD-2026-36698

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.7 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:0 a.m.25 views

CVE-2026-8386

WP Go Maps for WordPress is affected up to version 10.0.9. The vulnerability arises because the public single-marker REST endpoint does not filter by approval state, enabling unauthenticated users to fetch marker records that administrators have not approved for public display. Exposed data may i...

5.3CVSS5.4AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49184

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.4AI score0.00225EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/08 12:43 p.m.15 views

USN-8399-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

8.6CVSS7.6AI score0.0015EPSS
Exploits0
OSV
OSV
added 2026/06/08 12:43 p.m.9 views

USN-8399-1 pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

8.6CVSS7.6AI score0.0015EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder