From DHS/US-CERT's National Vulnerability Database
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the ...
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
The import-users-from-csv-with-meta plugin before 188.8.131.52 for WordPress has directory traversal.
The import-users-from-csv-with-meta plugin before 184.108.40.206 for WordPress has XSS via imported data.
The import-users-from-csv-with-meta plugin before 220.127.116.11 for WordPress has XSS.