95 matches found
CVE-2026-13015
The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...
CVE-2026-13015
The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...
EUVD-2026-40896
The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
CVE-2025-69209
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
EUVD-2025-206313
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...
EUVD-2022-25053
Malicious code in bioql PyPI...
EUVD-2025-11570
Malicious code in bioql PyPI...
Google Android elevation of privilege vulnerability (CNVD-2026-00031)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by intent redirection in multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the system...
CVE-2022-1772
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...
CVE-2025-39442
Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through = 1.4.7...
CVE-2025-39442
Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through = 1.4.7...
CVE-2025-39442 WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7...
CVE-2025-39442
CVE-2025-39442 affects the WordPress plugin Review Wave – Google Places Reviews (Review Wave – Google Places Reviews) up to version 1.4.7. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS, with CVSS v3.1 base score 7.1 (High). Public references in the provide...
WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by johska Patchstack Alliance in WordPress Plugin Review Wave – Google Places Reviews versions = 1.4.7...
WordPress plugin Review Wave – Google Places Reviews 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL. WordPress plugin is an application...
PT-2025-17009 · Unknown · Review Wave – Google Places Reviews
Name of the Vulnerable Software and Affected Versions: Review Wave – Google Places Reviews versions 1.4.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the...
Built In Honors Rapid7 with “2025 Best Places To Work” Award
3 Rapid7 Offices Included in Built In’s “Best Places to Work” Lists Built In has announced that Rapid7 is being honored in the 2025 Best Places To Work Awards. Specifically, Rapid7 earned recognition for three office locations: Austin, Boston, and Arlington Washington DC. The annual awards progra...