22 matches found
CVE-2026-12077
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-12077 Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-10029
The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...
CVE-2026-48235 Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the values of latitude, longitude, callsign, mph, altitude, and timestamp,...
CVE-2026-3581
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-1096
The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...
PT-2026-8070
The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'google map view' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible...
EUVD-2018-17497
Malware in sbrugna...
CVE-2017-18004
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint...
CVE-2024-25247
SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters...
CRMEB Security Vulnerabilities
Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in CRMEB crmebjava v.1.3.4 and earlier versions. A remote attacker can exploit this vulnerability to obtain sensitive information via the latitude and...
CVE-2023-40921
SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...
PT-2023-4916 · Unknown · Super Store Finder
Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: The issue is related to a lack of protection against SQL query structure exploitation, which can allow a remote attacker to gain access to the administration panel. The store locator component is...
Information disclosure
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community...
CVE-2018-7276
An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...
CVE-2018-7276
An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...
Cross site request forgery (csrf)
An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...
CVE-2018-7276
An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...
Cross site request forgery (csrf)
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details...