A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
Max CVSS
4.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2.
Max CVSS
5.8
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74.
Max CVSS
7.6
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
Max CVSS
9.1
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-04-02
Updated
2024-04-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!