Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
Vulnerability in wordpress plugin Event Expresso Free v126.96.36.199.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.