Lucene search
K

2581 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.7 views

CVE-2026-13335

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.42 views

CVE-2026-13335 CodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post Meta

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0021EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/27 1:27 a.m.7 views

EUVD-2026-39929

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References8
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56011

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.22 views

CVE-2026-56011

CVE-2026-56011 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin mapPress Maps for WordPress, affected versions are ≤ 2.97.3. The vulnerability is documented across multiple sources (NVD, CVE databases, and PatchStack) with consistent impact: XSS that c...

7.1CVSS5.8AI score0.00244EPSS
In wildExploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.30 views

CVE-2026-56011 WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39687

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS5.8AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 7:36 p.m.8 views

EUVD-2026-38385

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.5 views

CVE-2026-52954

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted CEPHMSGOSDMAP message containing a corrupted CRUSH map. If this map includes two crushchooseargmaps with identical indices, it triggers an assertion failure, leading to a kernel bug and a...

7.5CVSS5.9AI score0.0053EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix OOB in pcpuinitvalue An out-of-bounds read occurs when copying element from a BPFMAPTYPECGROUPSTORAGE map to another pcpu map with the same valuesize...

7.1CVSS6AI score0.00116EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38951

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls progarraymappokerun per entry which can be expensive, and without yielding this c...

5.7AI score0.00156EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arguments While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier encountered the following...

5.5CVSS6.2AI score0.0016EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.7 views

jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48511

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51395

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The ExpandoObjectFormatter.Deserialize function populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. Because...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References7
NVD
NVD
added 2026/06/19 7:16 p.m.12 views

CVE-2026-12238

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 6:32 p.m.20 views

CVE-2026-12238

The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...

5.3CVSS6AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:32 p.m.20 views

CVE-2026-12238 WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 6:32 p.m.8 views

EUVD-2026-38063

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS6AI score0.00205EPSS
Exploits0References2
Rows per page
Query Builder