Lucene search
K

22 matches found

NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.30 views

CVE-2026-12077 Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 6:16 a.m.14 views

CVE-2026-10029

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS0.0031EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.39 views

CVE-2026-48235 Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the values of latitude, longitude, callsign, mph, altitude, and timestamp,...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 6:16 a.m.6 views

CVE-2026-3581

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

5.3CVSS0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.4 views

CVE-2026-1096

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.15 views

PT-2026-8070

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'google map view' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-17497

Malware in sbrugna...

5.3CVSS5.5AI score0.01328EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 a.m.6 views

CVE-2017-18004

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint...

5.4CVSS5.9AI score0.00636EPSS
Exploits1References1
OSV
OSV
added 2024/02/26 11:15 p.m.3 views

CVE-2024-25247

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters...

9.8CVSS6AI score
Exploits0References1
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.6 views

CRMEB Security Vulnerabilities

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in CRMEB crmebjava v.1.3.4 and earlier versions. A remote attacker can exploit this vulnerability to obtain sensitive information via the latitude and...

7.5CVSS6.5AI score0.00786EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/12/14 12:15 a.m.4 views

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

9.8CVSS5.9AI score0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.8 views

PT-2023-4916 · Unknown · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: The issue is related to a lack of protection against SQL query structure exploitation, which can allow a remote attacker to gain access to the administration panel. The store locator component is...

9.8CVSS9.7AI score0.00784EPSS
Exploits2References8
Prion
Prion
added 2019/09/15 4:15 p.m.18 views

Information disclosure

Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community...

5CVSS5.3AI score0.01093EPSS
Exploits0References1Affected Software11
OSV
OSV
added 2018/02/21 1:29 a.m.3 views

CVE-2018-7276

An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...

7.5CVSS5.8AI score0.01427EPSS
Exploits1References1
NVD
NVD
added 2018/02/21 1:29 a.m.14 views

CVE-2018-7276

An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...

7.5CVSS7.5AI score0.01427EPSS
Exploits1References1
Prion
Prion
added 2018/02/21 1:29 a.m.14 views

Cross site request forgery (csrf)

An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...

5CVSS7.4AI score0.01427EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/02/21 1:0 a.m.18 views

CVE-2018-7276

An issue was discovered on Lutron Quantum BACnet Integration 2.0 firmware 3.2.243 devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device...

7.4AI score0.01427EPSS
Exploits1References1
Prion
Prion
added 2018/01/16 11:29 p.m.10 views

Cross site request forgery (csrf)

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details...

5CVSS5.2AI score0.01328EPSS
Exploits1References1
Rows per page
Query Builder