Lucene search
K

2581 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 6:53 a.m.5 views

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

7.1CVSS5.5AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 1:20 a.m.8 views

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

7.1CVSS5.3AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36943

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.4 views

CVE-2026-39492

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.9 views

CVE-2026-39492

The CVE records an unauthenticated SQL Injection in WordPress WP Maps plugin

9.3CVSS5.7AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.26 views

CVE-2026-39492 WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS0.00363EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 5:14 p.m.93 views

@babel/core: Arbitrary File Read via sourceMappingURL Comment

Impact Using @babel/core to compile maliciously crafted code can allow ab attacker to read any source map from the system that is running Babel, if these conditions are all true: - the attacker controls the input source code - the attacker can read the output source code - the attacker knows the...

3.6CVSS5.3AI score0.00116EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/15 8:16 a.m.13 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 a.m.12 views

CVE-2026-8935

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.36 views

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.10 views

EUVD-2026-36698

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.6 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.7 views

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

5.2AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:0 a.m.19 views

CVE-2026-8935

The CVE concerns the WP MAPS PRO WordPress plugin prior to version 6.1.1. The vulnerability arises from an unauthenticated AJAX action that, when a valid nonce (publicly emitted on frontend pages enqueuing the map script) is supplied, unconditionally creates an administrator account and returns a...

9.8CVSS5.3AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.9 views

EUVD-2026-36699

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:0 a.m.18 views

CVE-2026-8386

WP Go Maps for WordPress is affected up to version 10.0.9. The vulnerability arises because the public single-marker REST endpoint does not filter by approval state, enabling unauthenticated users to fetch marker records that administrators have not approved for public display. Exposed data may i...

5.3CVSS5.4AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.8 views

EUVD-2026-36697

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS5.3AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:0 a.m.17 views

CVE-2026-8385

The CVE-2026-8385 entry concerns the WP Go Maps WordPress plugin, specifically versions prior to 10.0.10. The vulnerability arises from improper enforcement of the marker approval filter on the admin-ajax fallback for the plugin’s datatables route, allowing unauthenticated visitors to access mark...

5.3CVSS5.2AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.36 views

CVE-2026-8385 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49185

Name of the Vulnerable Software and Affected Versions WP MAPS PRO versions prior to 6.1.1 Description The plugin registers an unauthenticated AJAX action that allows the creation of an administrator account. By providing a valid nonce, which is publicly available on any frontend page that enqueue...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References7
Rows per page
Query Builder