Lista CVE - 2024 / Gennaio
Visualizzazione 2501 - 2591 di 2591 CVE per Gennaio 2024 (Pagina 26 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-47072 | 2024-01-31 | SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.. |
| CVE-2023-31505 | 2024-01-31 | An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file. |
| CVE-2024-22569 | 2024-01-31 | Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. |
| CVE-2024-23170 | 2024-01-31 | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient... |
| CVE-2024-23775 | 2024-01-31 | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). |
| CVE-2024-1069 | 2024-01-31 | The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This... |
| CVE-2023-2439 | 2024-01-31 | The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping... |
| CVE-2024-0914 | 2024-01-31 | Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin) |
| CVE-2024-22236 | 2024-01-31 | In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary... |
| CVE-2024-1012 | 2024-01-31 | Wanhu ezOFFICE wf_printnum.jsp sql injection |
| CVE-2024-0836 | 2024-01-31 | The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit()... |
| CVE-2023-44312 | 2024-01-31 | Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server |
| CVE-2023-44313 | 2024-01-31 | Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API |
| CVE-2023-50356 | 2024-01-31 | Improper Certificate Validation in AREAL Topkapi Vision (Server) |
| CVE-2023-50357 | 2024-01-31 | Cross site scripting vulnerability in AREAL SAS Webserv1 ASP Web Site |
| CVE-2024-1098 | 2024-01-31 | Rebuild proxy-download QiniuCloud.getStorageFile information disclosure |
| CVE-2024-1099 | 2024-01-31 | Rebuild read-raw getFileOfData cross site scripting |
| CVE-2024-22305 | 2024-01-31 | WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2024-23507 | 2024-01-31 | WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to SQL Injection |
| CVE-2024-22290 | 2024-01-31 | WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22287 | 2024-01-31 | WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1085 | 2024-01-31 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2024-1086 | 2024-01-31 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2024-22304 | 2024-01-31 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22291 | 2024-01-31 | WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22285 | 2024-01-31 | WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-7043 | 2024-01-31 | Unquoted path privilege vulnerability in ESET products for Windows |
| CVE-2024-22143 | 2024-01-31 | WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-0589 | 2024-01-31 | Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject... |
| CVE-2024-1112 | 2024-01-31 | Buffer Overflow Vulnerability in Resource Hacker |
| CVE-2024-22140 | 2024-01-31 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22136 | 2024-01-31 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5992 | 2024-01-31 | Opensc: side-channel leaks while stripping encryption pkcs#1 padding |
| CVE-2023-6246 | 2024-01-31 | Glibc: heap-based buffer overflow in __vsyslog_internal() |
| CVE-2023-6779 | 2024-01-31 | Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() |
| CVE-2023-6780 | 2024-01-31 | Glibc: integer overflow in __vsyslog_internal() |
| CVE-2024-1103 | 2024-01-31 | CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting |
| CVE-2024-0219 | 2024-01-31 | Privilege Elevation via Telerik JustDecompile Installer |
| CVE-2024-0832 | 2024-01-31 | Privilege Elevation via Telerik Reporting Installer |
| CVE-2024-0833 | 2024-01-31 | Privilege Elevation via Telerik Test Studio |
| CVE-2024-23508 | 2024-01-31 | WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23505 | 2024-01-31 | WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23502 | 2024-01-31 | WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47116 | 2024-01-31 | Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections |
| CVE-2024-24566 | 2024-01-31 | Lobe Chat unauthorized access to plugins |
| CVE-2024-24579 | 2024-01-31 | Tar path traversal in stereoscope when processing OCI tar archives |
| CVE-2024-22310 | 2024-01-31 | WordPress Formzu WP Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22307 | 2024-01-31 | WordPress WP-Lister Lite for eBay Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22306 | 2024-01-31 | WordPress Mang Board WP Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22302 | 2024-01-31 | WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50165 | 2024-01-31 | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. |
| CVE-2023-50166 | 2024-01-31 | Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. |
| CVE-2024-22297 | 2024-01-31 | WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22295 | 2024-01-31 | WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22293 | 2024-01-31 | WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22292 | 2024-01-31 | WordPress WP To Do Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5390 | 2024-01-31 | An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from... |
| CVE-2024-22289 | 2024-01-31 | WordPress Post views Stats Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21888 | 2024-01-31 | A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. |
| CVE-2024-21893 | 2024-01-31 | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to... |
| CVE-2024-22286 | 2024-01-31 | WordPress BA Plus Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22282 | 2024-01-31 | WordPress SimpleMap Store Locator Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22163 | 2024-01-31 | WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22162 | 2024-01-31 | WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23637 | 2024-01-31 | OctoPrint Unverified Password Change via Access Control Settings |
| CVE-2024-22161 | 2024-01-31 | WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22160 | 2024-01-31 | WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22159 | 2024-01-31 | WordPress WOLF Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22158 | 2024-01-31 | WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21917 | 2024-01-31 | Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability |
| CVE-2024-22150 | 2024-01-31 | WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22153 | 2024-01-31 | WordPress Stock Locations for WooCommerce Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22146 | 2024-01-31 | WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21916 | 2024-01-31 | Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller |
| CVE-2024-1111 | 2024-01-31 | SourceCodester QR Code Login System add-user.php cross site scripting |
| CVE-2023-28807 | 2024-01-31 | Bypass of ZIA domain fronting detection module through evasion technique |
| CVE-2024-1113 | 2024-01-31 | openBI Unity.php uploadUnity unrestricted upload |
| CVE-2024-1114 | 2024-01-31 | openBI Screen.php dlfile access control |
| CVE-2024-1115 | 2024-01-31 | openBI Setting.php dlfile os command injection |
| CVE-2024-1116 | 2024-01-31 | openBI Upload.php index unrestricted upload |
| CVE-2024-1117 | 2024-01-31 | openBI Screen.php index code injection |
| CVE-2024-21626 | 2024-01-31 | runc container breakout through process.cwd trickery and leaked fds |
| CVE-2024-23650 | 2024-01-31 | BuildKit possible panic when incorrect parameters sent from frontend |
| CVE-2024-23651 | 2024-01-31 | BuildKit possible race condition with accessing subpaths from cache mounts |
| CVE-2024-23652 | 2024-01-31 | BuildKit possible host system access from mount stub cleaner |
| CVE-2024-23653 | 2024-01-31 | BuildKit interactive containers API does not validate entitlements check |
| CVE-2024-24747 | 2024-01-31 | MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation |
| CVE-2024-24571 | 2024-01-31 | facileManager Systemic Cross-Site Scripting (XSS) |
| CVE-2024-24572 | 2024-01-31 | facileManager Authenticated Variable Manipulation leading to SQL Injection |
| CVE-2024-24573 | 2024-01-31 | facileManager Privilege Escalation via Mass Assignment |
| CVE-2023-51835 | 2024-02-01 | An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck. |
| CVE-2024-22936 | 2024-02-01 | Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or... |
| CVE-2024-22939 | 2024-02-01 | Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. |
| CVE-2024-23052 | 2024-02-01 | An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. |
| CVE-2023-47256 | 2024-02-01 | ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings |
| CVE-2023-47257 | 2024-02-01 | ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. |
| CVE-2023-51939 | 2024-02-01 | An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. |
| CVE-2024-22859 | 2024-02-01 | Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability... |
| CVE-2024-22927 | 2024-02-01 | Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
| CVE-2024-23031 | 2024-02-01 | Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |