WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term...

ROOT-APP-PYPI-CVE-2023-25691 CVE-2023-25691 in rootio-apache-airflow-providers-google - Patched by Root

Root has patched CVE-2023-25691 in the rootio-apache-airflow-providers-google package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-25692 CVE-2023-25692 in rootio-apache-airflow-providers-google - Patched by Root

Root has patched CVE-2023-25692 in the rootio-apache-airflow-providers-google package for Root:PyPI. Multiple fixed versions available...

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

WP Google Maps < 7.10.43 - Cross-Site Scripting

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO. id: CVE-2019-9912 info: name: WP Google Maps 7.10.43 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via t...

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

WordPress Google Map Professional - Cross-Site Scripting

WordPress Google Map Professional Map In Your Language plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such ...

Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. id: CVE-2017-18557 info: name: Google Maps by BestWebSoft 1.3.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

These convincing copyright notices are designed to steal Google logins

A new scam is targeting people who publish Chrome extensions. The scam arrives as an official-looking "copyright removal request" claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal. It even looks personalized. After you enter your...

Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling

Available for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever’s calling you is who they appear to be...

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...

CVE-2026-9723

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

CVE-2026-9723

CVE-2026-9723 affects the WordPress plugin Google Plus One Bottom (versions

CVE-2026-9723

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...