Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cdi vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading...
Kubevirt Containerized Data Importer
6.1
CVSSv3
CVE-2021-36738
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
Apache Pluto
6.1
CVSSv3
CVE-2022-1933
The CDI WordPress plugin prior to 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting
Collect And Deliver Interface For Woocommerce Project Collect And Deliver Interface For Woocommerce
6.5
CVSSv3
CVE-2019-10175
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users t...
Kubevirt Containerized-data-importer 1.4.0
NA
CVE-2000-0136
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Mcmurtrey Whitaker And Associates Cart32
1 EDB exploit
NA
CVE-2000-0906
Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote malicious users to read arbitrary files via a .. (dot dot) attack on the category or format parameters.
Moreover.com Cached Feed.cgi Script 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started