Lucene search
K

5 matches found

Cvelist
Cvelist
added 2025/11/18 10:10 p.m.12 views

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

8.5CVSS0.00212EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/11 9:28 a.m.10 views

CVE-2025-9621 WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...

4.3CVSS0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.3 views

PT-2025-35044

Name of the Vulnerable Software and Affected Versions: XmasB Quotes versions through 1.6.1 Description: The software contains a reflected cross-site scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update to a version later than 1.6.1...

7.1CVSS5.5AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-17611 · Unknown · Invoiceplane

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A critical vulnerability affects the upload file function of the file "/index.php/upload/upload file/1/1". The manipulation of the file argument leads to unrestricted upload. The attack can be...

6.5CVSS6.6AI score0.00543EPSS
Exploits0References11
OSV
OSV
added 2015/04/07 12:0 a.m.5 views

UBUNTU-CVE-2015-1317

Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists...

7.5CVSS6.2AI score0.02981EPSS
Exploits0References3
Rows per page
Query Builder