5 matches found
CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write
KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...
CVE-2025-9621 WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery
The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...
PT-2025-35044
Name of the Vulnerable Software and Affected Versions: XmasB Quotes versions through 1.6.1 Description: The software contains a reflected cross-site scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update to a version later than 1.6.1...
PT-2024-17611 · Unknown · Invoiceplane
Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A critical vulnerability affects the upload file function of the file "/index.php/upload/upload file/1/1". The manipulation of the file argument leads to unrestricted upload. The attack can be...
UBUNTU-CVE-2015-1317
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists...