5 matches found
BIT-KYVERNO-2022-47633
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...
WordPress Makeaholic Theme <= 1.8.4 is vulnerable to Local File Inclusion
Software Makeaholic Type Theme Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54700 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3530b771c10e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...
CVE-2024-21641
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...
WordPress TotalRating Pro Plugin <= 1.8.4 is vulnerable to Backdoor
Software TotalRating Pro Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63434ea7cd48 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 20...
DEBIAN-CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. This sandbox-escape bug is present in versio...