A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows Code Injection.This issue affects Breakdance: from n/a through 1.7.0.
Max CVSS
9.9
EPSS Score
0.05%
Published
2024-04-03
Updated
2024-04-05
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.
Max CVSS
9.9
EPSS Score
0.05%
Published
2024-04-03
Updated
2024-04-05
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
Max CVSS
4.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Max CVSS
5.4
EPSS Score
0.06%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Max CVSS
6.8
EPSS Score
0.05%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2.
Max CVSS
5.8
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74.
Max CVSS
7.6
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!