WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Modal Popup Box versions = 1.6.1...

WordPress Educare plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Educare versions = 1.6.1...

CVE-2025-14552

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Robots.txt rewrite versions = 1.6.1...

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

CVE-2025-64433

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

AZL-69805 CVE-2025-64437 affecting package kubevirt for versions less than 1.5.3-2

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

Kubevirt 路径遍历漏洞

Kubevirt is a virtual machine manager in the KubeVirt open source. A path traversal vulnerability exists in KubeVirt versions prior to 1.5.3 and prior to 1.6.1, which stems from mishandling of symbolic links and a file ownership change issue, and could lead to reading arbitrary files in the...

PT-2025-44048

Name of the Vulnerable Software and Affected Versions InventoryGui versions 1.6.1-SNAPSHOT and earlier Description A flaw exists in InventoryGui that could allow item duplication when the experimental Bundle item feature is enabled on the server. This issue affects any plugin utilizing the...

CVE-2025-9621 WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...

EUVD-2025-8389

Malicious code in bioql PyPI...

PT-2025-35044

Name of the Vulnerable Software and Affected Versions: XmasB Quotes versions through 1.6.1 Description: The software contains a reflected cross-site scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update to a version later than 1.6.1...

Linux Distros Unpatched Vulnerability : CVE-2022-30321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and...

Linux Distros Unpatched Vulnerability : CVE-2022-26945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fix...

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

PT-2024-17611 · Unknown · Invoiceplane

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A critical vulnerability affects the upload file function of the file "/index.php/upload/upload file/1/1". The manipulation of the file argument leads to unrestricted upload. The attack can be...

PT-2024-35253 · Unknown · Dmc Airin Blog

Name of the Vulnerable Software and Affected Versions: DMC Airin Blog versions 1.6.1 and earlier Description: The issue is related to the deserialization of untrusted data, which allows object injection in DMC Airin Blog. Recommendations: For versions 1.6.1 and earlier, update to a version later...

PT-2024-28152 · Unknown · Ukrsolution Barcode Scanner With Inventory & Order Manager

Name of the Vulnerable Software and Affected Versions: UkrSolution Barcode Scanner with Inventory & Order Manager versions 1.6.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows f...