2581 matches found
EUVD-2026-38063
The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...
CVE-2017-20271
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...
EUVD-2017-18998
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...
CVE-2017-20271
Joomla StreetGuessr Game 1.1.8 is affected by an SQL injection via the catid parameter in index.php when using option=com_streetguess&view=maps. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and exfiltrate data such as database version and names. Reported CVS...
CVE-2017-20271 Joomla StreetGuessr Game 1.1.8 SQL Injection via catid
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fixed a race condition between concurrent operations involving splitting PUD entries and refaulting PUD leaf entries. The splitting of a PUD entry in walkpudrange can cause a race with a concurrent thread that refaul...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fixed a use-after-free race condition for maps It is possible that before fastrpcfreemap is called, another thread may call fastrpcmaplookup and obtain a reference to a map that is about to be deleted. The function...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers. The kms paths maintain a persistent map that is active for reading and comparing the cursor buffer. These maps can conflict with each other in simple scenarios where: a buffer “a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sockmap: Added a condresched function in sockhashfree. Several reports of syzbot soft lockups involve sockhashfree. If a map with a large number of buckets is destroyed, we need to yield the CPU when necessary...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIGSCHEDCORE landed during 5.14 cycle, 2-core 2-thread-per-core interAptiv CPS-driven started emitting the following messages: 0.025698 CPU1 revision is:...
Astra Linux – Vulnerability in abseil
There exists a heap buffer overflow vulnerability in Abseil-cpp. The constructor methods reserve and rehash, which are used to manage the size of the container’s backing store, do not impose an upper limit on the size of these methods’ arguments. As a result, a caller could pass a very large size...
Astra Linux – Vulnerability in Firefox, Thunderbird
After a Garbage Collector compaction, weak maps might have been accessed before they were properly traced. This led to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element during updates, before locking the target hash table bucket. Immediately afterwards, the maps attempt to lock the bucke...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fixed a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS are selected, cpumaxbitswarn generates a runtime warning similar to the following, while we display /proc/cpuinfo. This...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mtd: maps: pxa2xx-flash: fixed a memory leak in the probe function. Added “free ‘info’” upon remapping errors to avoid memory leaks. : Reworded the commit log...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fixed a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS are selected, cpumaxbitswarn generates a runtime warning similar to the following, while we display /proc/cpuinfo. This...
WordPress WP Go Maps plugin <= 10.1.01 - Unauthenticated Arbitrary Record Creation vulnerability
Unauthenticated Arbitrary Record Creation vulnerability discovered by Thanh Điềm in WordPress Plugin WP Go Maps versions = 10.1.01...
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by l3m3s in WordPress Plugin MapPress Maps for WordPress versions = 2.97.3...
PT-2026-50952
Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...
CVE-2026-10029
The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...