Lucene search
K

808 matches found

CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the hardcoding of a Google Maps API key in the settings.inc.php file. This...

6.9CVSS5.9AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42524

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

8.2CVSS5.9AI score0.00169EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42523

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42522

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/12 10:22 a.m.10 views

WordPress WP Google Maps Integration plugin <= 1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin WP Google Maps Integration versions = 1.2...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/12 9:16 a.m.14 views

CVE-2026-7464

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/05/12 7:48 a.m.17 views

CVE-2026-7464

The CVE concerns the WordPress plugin WP Google Maps Integration (versions up to 1.2). It is vulnerable to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. The issue could allow unauthenticated attackers to cause the execution of ar...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.9 views

CVE-2026-7464

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-39970

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00211EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

WordPress plugin WP Google Maps Integration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 4:32 p.m.8 views

Missing Authentication for Critical Function

Overview gmaps-mcp is a MCP server for Google Maps — places search, directions, geocoding. Works with Claude Desktop, Cursor, Claude Code. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the HTTP authentication process. An attacker can make...

8.3CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 4:32 p.m.8 views

gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense

Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...

5.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/16 6:31 a.m.5 views

EUVD-2026-23180

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 6:16 a.m.6 views

CVE-2026-3581

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

5.3CVSS0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 5:29 a.m.4 views

CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/16 12:44 a.m.8 views

WordPress Basic Google Maps Placemarks plugin <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability

Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Basic Google Maps Placemarks versions = 1.10.7...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WordPress plugin Basic Google Maps Placemarks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.7 views

PT-2026-33263

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 7:15 p.m.4 views

EUVD-2026-20483

CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.11 views

CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting

Summary The Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of on\w+ event handlers. However, the srcdoc attribute is not an event handler and passes all filters. An attacker with admin settings access can inject an...

5.5CVSS6AI score0.00235EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder