Lista CVE - 2024 / Gennaio
Visualizzazione 1001 - 1100 di 2591 CVE per Gennaio 2024 (Pagina 11 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-6567 | 2024-01-11 | The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user... |
| CVE-2023-6828 | 2024-01-11 | The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all... |
| CVE-2023-6878 | 2024-01-11 | The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and... |
| CVE-2023-6636 | 2024-01-11 | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up... |
| CVE-2023-6556 | 2024-01-11 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to... |
| CVE-2023-6934 | 2024-01-11 | The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input... |
| CVE-2023-6645 | 2024-01-11 | The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64... |
| CVE-2023-6583 | 2024-01-11 | The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes... |
| CVE-2023-6220 | 2024-01-11 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This... |
| CVE-2023-6316 | 2024-01-11 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1.... |
| CVE-2023-7019 | 2024-01-11 | The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template... |
| CVE-2023-6990 | 2024-01-11 | The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and... |
| CVE-2023-7048 | 2024-01-11 | The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation... |
| CVE-2023-6782 | 2024-01-11 | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due... |
| CVE-2023-6737 | 2024-01-11 | The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization... |
| CVE-2023-6638 | 2024-01-11 | The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to,... |
| CVE-2023-6561 | 2024-01-11 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due... |
| CVE-2023-6751 | 2024-01-11 | The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7.... |
| CVE-2023-6598 | 2024-01-11 | The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up... |
| CVE-2023-4246 | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler... |
| CVE-2023-5691 | 2024-01-11 | The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it... |
| CVE-2023-4247 | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect... |
| CVE-2023-6875 | 2024-01-11 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data... |
| CVE-2023-5504 | 2024-01-11 | The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in... |
| CVE-2023-6504 | 2024-01-11 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability... |
| CVE-2023-7070 | 2024-01-11 | The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and... |
| CVE-2023-7071 | 2024-01-11 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up... |
| CVE-2023-4960 | 2024-01-11 | The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping... |
| CVE-2023-6582 | 2024-01-11 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for... |
| CVE-2022-4958 | 2024-01-11 | qkmc-rk redbbs Post cross site scripting |
| CVE-2023-20573 | 2024-01-11 | Debug Exception Delivery in Secure Nested Paging |
| CVE-2023-6244 | 2024-01-11 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This... |
| CVE-2023-6242 | 2024-01-11 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for... |
| CVE-2023-6938 | 2024-01-11 | The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and... |
| CVE-2023-6554 | 2024-01-11 | Missing authorisation in TCExam |
| CVE-2023-5118 | 2024-01-11 | Stored cross-site scripting vulnerability in Kofax Capture software |
| CVE-2024-0429 | 2024-01-11 | Buffer overflow vulnerability on Hex Workshop |
| CVE-2024-0411 | 2024-01-11 | DeShang DSMall HTTP GET Request install.php access control |
| CVE-2024-0412 | 2024-01-11 | DeShang DSShop HTTP GET Request install.php access control |
| CVE-2024-0413 | 2024-01-11 | DeShang DSKMS install.php access control |
| CVE-2024-0414 | 2024-01-11 | DeShang DSCMS install.php access control |
| CVE-2024-0415 | 2024-01-11 | DeShang DSMall Image URL TaobaoExport.php access control |
| CVE-2024-0416 | 2024-01-11 | DeShang DSMall MemberAuth.php path traversal |
| CVE-2024-22199 | 2024-01-11 | Django Template Engine Vulnerable to XSS |
| CVE-2024-22197 | 2024-01-11 | Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) |
| CVE-2024-0417 | 2024-01-11 | DeShang DSShop MemberAuth.php path traversal |
| CVE-2024-0418 | 2024-01-11 | iSharer and upRedSun File Sharing Wizard GET Request denial of service |
| CVE-2024-0419 | 2024-01-11 | Jasper httpdx HTTP POST Request denial of service |
| CVE-2024-0422 | 2024-01-11 | CodeAstro POS and Inventory Management System New Item Creation Page new_item cross site scripting |
| CVE-2024-22196 | 2024-01-11 | Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) |
| CVE-2024-0423 | 2024-01-11 | CodeAstro Online Food Ordering System dishes.php cross site scripting |
| CVE-2024-0424 | 2024-01-11 | CodeAstro Simple Banking System Create a User Page createuser.php cross site scripting |
| CVE-2024-22198 | 2024-01-11 | Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) |
| CVE-2024-0425 | 2024-01-11 | ForU CMS password recovery |
| CVE-2022-4959 | 2024-01-11 | qkmc-rk redbbs Nickname cross site scripting |
| CVE-2023-7226 | 2024-01-11 | meetyoucrop big-whale Admin Module all.api improper ownership management |
| CVE-2024-0426 | 2024-01-11 | ForU CMS cms_template.php sql injection |
| CVE-2024-20675 | 2024-01-11 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2024-21337 | 2024-01-11 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2024-0443 | 2024-01-11 | Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline. |
| CVE-2024-21982 | 2024-01-11 | CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9 |
| CVE-2022-48619 | 2024-01-12 | An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event... |
| CVE-2023-37117 | 2024-01-12 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. |
| CVE-2024-22493 | 2024-01-12 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2024-23179 | 2024-01-12 | An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks. |
| CVE-2016-20021 | 2024-01-12 | In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used,... |
| CVE-2022-48620 | 2024-01-12 | uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. |
| CVE-2023-30014 | 2024-01-12 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php. |
| CVE-2023-30015 | 2024-01-12 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. |
| CVE-2023-30016 | 2024-01-12 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. |
| CVE-2023-40362 | 2024-01-12 | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when... |
| CVE-2023-48166 | 2024-01-12 | A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the... |
| CVE-2023-48909 | 2024-01-12 | An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. |
| CVE-2023-50919 | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000... |
| CVE-2023-50920 | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and... |
| CVE-2023-51790 | 2024-01-12 | Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. |
| CVE-2023-51806 | 2024-01-12 | File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. |
| CVE-2023-51949 | 2024-01-12 | Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller |
| CVE-2023-51978 | 2024-01-12 | In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. |
| CVE-2023-52026 | 2024-01-12 | TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface |
| CVE-2023-52339 | 2024-01-12 | In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows. |
| CVE-2024-22492 | 2024-01-12 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2024-22494 | 2024-01-12 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2024-23171 | 2024-01-12 | An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language... |
| CVE-2024-23172 | 2024-01-12 | An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. |
| CVE-2024-23173 | 2024-01-12 | An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and... |
| CVE-2024-23174 | 2024-01-12 | An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,... |
| CVE-2024-23177 | 2024-01-12 | An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. |
| CVE-2024-23178 | 2024-01-12 | An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. |
| CVE-2024-23301 | 2024-01-12 | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. |
| CVE-2023-36842 | 2024-01-12 | Junos OS: jdhcpd will hang on receiving a specific DHCP packet |
| CVE-2024-21585 | 2024-01-12 | Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash |
| CVE-2024-21587 | 2024-01-12 | Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled |
| CVE-2024-21589 | 2024-01-12 | Paragon Active Assurance Control Center: Information disclosure vulnerability |
| CVE-2024-21591 | 2024-01-12 | Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution |
| CVE-2024-21594 | 2024-01-12 | Junos OS: SRX 5000 Series: Repeated execution of a specific CLI command causes a flowd crash |
| CVE-2024-21595 | 2024-01-12 | Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang |
| CVE-2024-21596 | 2024-01-12 | Junos OS and Junos OS Evolved: A specific BGP UPDATE message will cause a crash in the backup Routing Engine in NSR-enabled devices |
| CVE-2024-21597 | 2024-01-12 | Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters |
| CVE-2024-21599 | 2024-01-12 | Junos OS: MX Series: MPC3E memory leak with PTP configuration |