GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: kube-arangodb-fips, packer-fips, kaniko, kots, kube-mgmt, tigera-operator, wolfictl, neuvector-fips, chainctl, chainctl-fips, kubescape-server-fips, ctop, docker, manifest-tool, buildkitd-fips, kaniko-fips, helm-operator, helm, docker-cli-buildx-fips, kubescape-serve...

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. id: CVE-2017-18557 info: name: Google Maps by BestWebSoft 1.3.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

WordPress Google Map Professional - Cross-Site Scripting

WordPress Google Map Professional Map In Your Language plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such ...

WP Google Maps < 7.10.43 - Cross-Site Scripting

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO. id: CVE-2019-9912 info: name: WP Google Maps 7.10.43 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via t...

CVE-2026-8934

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

CVE-2026-8934 Cross-Project Information Leakage in Google App Engine UI

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidenc...

CVE-2026-12888 HTML injection in the Canarytoken Google Chat notification

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

CVE-2026-12888

CVE-2026-12888 describes an HTML injection vulnerability in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens. The issue allows interface manipulation by an attacker who can insert limited HTML content, including links, into the webhook payload. Affects Canarytoke...

EUVD-2026-38240

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...