Lucene search
K

95 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-13015

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:43 a.m.16 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40896

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/21 8:0 p.m.2 views

CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.8AI score0.00149EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/21 8:0 p.m.18 views

CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS0.00149EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 8:0 p.m.3 views

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.6AI score0.00149EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/01/21 8:0 p.m.6 views

EUVD-2025-206313

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.8AI score0.00149EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/17 8:38 p.m.4 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...

8.5CVSS6AI score0.00233EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25053

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.0071EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-11570

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00139EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Google Android elevation of privilege vulnerability (CNVD-2026-00031)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by intent redirection in multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the system...

7.8CVSS7.4AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:17 p.m.9 views

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

4.8CVSS6.5AI score0.0071EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:6 p.m.10 views

CVE-2025-39442

Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through = 1.4.7...

7.1CVSS7.2AI score0.00139EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.26 views

CVE-2025-39442

Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through = 1.4.7...

7.1CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:16 p.m.10 views

CVE-2025-39442 WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7...

7.1CVSS6.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:16 p.m.53 views

CVE-2025-39442

CVE-2025-39442 affects the WordPress plugin Review Wave – Google Places Reviews (Review Wave – Google Places Reviews) up to version 1.4.7. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS, with CVSS v3.1 base score 7.1 (High). Public references in the provide...

7.1CVSS7.2AI score0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/17 9:36 a.m.8 views

WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by johska Patchstack Alliance in WordPress Plugin Review Wave – Google Places Reviews versions = 1.4.7...

7.1CVSS8.2AI score0.00139EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.5 views

WordPress plugin Review Wave – Google Places Reviews 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL. WordPress plugin is an application...

7.1CVSS7AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17009 · Unknown · Review Wave – Google Places Reviews

Name of the Vulnerable Software and Affected Versions: Review Wave – Google Places Reviews versions 1.4.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the...

7.1CVSS7.3AI score0.00139EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2025/01/09 5:55 p.m.5 views

Built In Honors Rapid7 with “2025 Best Places To Work” Award

3 Rapid7 Offices Included in Built In’s “Best Places to Work” Lists Built In has announced that Rapid7 is being honored in the 2025 Best Places To Work Awards. Specifically, Rapid7 earned recognition for three office locations: Austin, Boston, and Arlington Washington DC. The annual awards progra...

7.3AI score
Exploits0
Rows per page
Query Builder