CVE-2025-32661 WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Interactive US Map allows Stored XSS. This issue affects Interactive US Map: from n/a through 2.7...

CVE-2025-32661 WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through = 2.7...

CVE-2025-32661

CVE-2025-32661 describes a Cross-Site Request Forgery to Stored Cross‑Site Scripting flaw in the WordPress Interactive US Map plugin (Interactive US Map). The vulnerability affects the plugin up to version 2.7 and is linked to a CSRF workflow that enables stored XSS. The CVSS metrics shown indica...

WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Interactive US Map versions = 2.7...

WordPress plugin Interactive US Map 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-1095

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation LPE. The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a l...

The vulnerability of the Interactive Service (iservice) of the OpenVPN GUI software allows a malicious individual to gain unauthorized access to the user’s account.

The vulnerability of the Interactive Service iservice of the OpenVPN GUI software relates to deficiencies in access control when processing the SeImpersonatePrivilege parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the user account...

Citrix WEM User Logon Service is causing logon delay

End Users are reporting high logon times After the Logon breakup from Citrix Monitor page, most of the time is being taken during the Interactive Session Phase When looked at the Logon process from the Desktop side, delay is observed at "Please wait for the Citrix WEM User Logon Service" stage...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code...

CVE-2025-27793

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

Analyze Mobile Threats Faster: ANY.RUN Introduces Android OS to Its Interactive Sandbox

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture by International Business Machines IBM. A security vulnerability exists in IBM AIX versions 7.2 and 7.3, which stems from improper control of the nimsh service SSL/TLS protection mechanism process an...

MAL-2025-2428 Malicious code in twilio-live-interactive-video (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb819962cfddb983c485e717fc3534c75a8456d54560370076ca75474df33cc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-25185

CVE-2025-25185: GPT Academic exposes a back-linking vulnerability in 3.91 and earlier where soft links are not properly handled during tar.gz extraction. An attacker can create a malicious file as a soft link to a target server file, package it in a tar.gz, upload it, and on decompression the sof...

CVE-2025-23615

Missing Authorization vulnerability in gtekelis Interactive Page Hierarchy interactive-page-hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Page Hierarchy: from n/a through = 1.0.1...

CVE-2025-23615 WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in gtekelis Interactive Page Hierarchy interactive-page-hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Page Hierarchy: from n/a through = 1.0.1...

CVE-2025-23615

CVE-2025-23615 concerns the WordPress Interactive Page Hierarchy plugin (versions up to 1.0.1). The issue is a Missing Authorization vulnerability arising from incorrectly configured access control, enabling potential unauthorized access within the Interactive Page Hierarchy feature. All connecte...

WordPress plugin Interactive Page Hierarchy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...