Lista CVE - 2024 / Febbraio
Visualizzazione 2601 - 2700 di 2784 CVE per Febbraio 2024 (Pagina 27 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-24705 | 2024-02-28 | WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24702 | 2024-02-28 | WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6917 | 2024-02-28 | Pcp: unsafe use of directories allows pcp to root privilege escalation |
| CVE-2024-25128 | 2024-02-28 | Flask-AppBuilder incorrect authentication when using auth type OpenID |
| CVE-2024-27083 | 2024-02-28 | Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) |
| CVE-2024-25065 | 2024-02-28 | Apache OFBiz: Path traversal allowing authentication bypass. |
| CVE-2024-23946 | 2024-02-28 | Apache OFBiz: Path traversal or file inclusion |
| CVE-2024-27284 | 2024-02-28 | cassandra-rs non-idiomatic use of iterators leads to use after free |
| CVE-2024-20321 | 2024-02-28 | A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an... |
| CVE-2024-20267 | 2024-02-28 | A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the... |
| CVE-2024-20344 | 2024-02-28 | A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause... |
| CVE-2024-24701 | 2024-02-28 | WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-20291 | 2024-02-28 | A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote... |
| CVE-2024-20294 | 2024-02-28 | A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service... |
| CVE-2024-23519 | 2024-02-28 | WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-21749 | 2024-02-28 | WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52226 | 2024-02-28 | WordPress Advanced Flamingo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-0560 | 2024-02-28 | Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions |
| CVE-2023-52223 | 2024-02-28 | WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51681 | 2024-02-28 | WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51683 | 2024-02-28 | WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1847 | 2024-02-28 | Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024 |
| CVE-2024-27103 | 2024-02-28 | Querybook Stored Cross-Site Scripting allows Privilege Elevation |
| CVE-2024-27948 | 2024-02-28 | WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51533 | 2024-02-28 | WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51692 | 2024-02-28 | WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control |
| CVE-2024-27285 | 2024-02-28 | YARD's default template vulnerable to Cross-site Scripting in generated frames.html |
| CVE-2024-1970 | 2024-02-28 | SourceCodester Online Learning System V2 index.php cross site scripting |
| CVE-2024-1971 | 2024-02-28 | Surya2Developer Online Shopping System POST Parameter login.php sql injection |
| CVE-2024-1972 | 2024-02-28 | SourceCodester Online Job Portal EditProfile.php cross site scripting |
| CVE-2023-25922 | 2024-02-28 | IBM Security Guardium Key Lifecycle Manager file upload |
| CVE-2023-25925 | 2024-02-28 | IBM Security Guardium Key Lifecycle Manager command injection |
| CVE-2023-5617 | 2024-02-28 | Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information |
| CVE-2024-21798 | 2024-02-28 | ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and... |
| CVE-2024-23910 | 2024-02-28 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations... |
| CVE-2024-25579 | 2024-02-28 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the... |
| CVE-2024-26146 | 2024-02-28 | Possible Denial of Service Vulnerability in Rack Header Parsing |
| CVE-2024-25126 | 2024-02-28 | Rack ReDos in content type parsing (2nd degree polynomial) |
| CVE-2024-26141 | 2024-02-28 | Possible DoS Vulnerability with Range Header in Rack |
| CVE-2023-51800 | 2024-02-29 | Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone,... |
| CVE-2023-51802 | 2024-02-29 | Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter... |
| CVE-2024-24028 | 2024-02-29 | Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. |
| CVE-2024-24110 | 2024-02-29 | SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. |
| CVE-2024-24520 | 2024-02-29 | An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. |
| CVE-2024-24525 | 2024-02-29 | An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. |
| CVE-2024-25167 | 2024-02-29 | Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a... |
| CVE-2024-25180 | 2024-02-29 | An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the... |
| CVE-2024-25239 | 2024-02-29 | SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. |
| CVE-2024-25811 | 2024-02-29 | An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. |
| CVE-2024-27655 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and... |
| CVE-2024-27656 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and... |
| CVE-2024-27657 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and... |
| CVE-2024-27658 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-27659 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-27660 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-27661 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-27662 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2023-51801 | 2024-02-29 | SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and... |
| CVE-2024-22871 | 2024-02-29 | An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function. |
| CVE-2024-24246 | 2024-02-29 | Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. |
| CVE-2024-25291 | 2024-02-29 | Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. |
| CVE-2024-25292 | 2024-02-29 | Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. |
| CVE-2024-26548 | 2024-02-29 | An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component. |
| CVE-2023-38372 | 2024-02-29 | IBM Watson IoT Platform information disclosure |
| CVE-2024-1938 | 2024-02-29 | Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-1939 | 2024-02-29 | Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-25926 | 2024-02-29 | IBM Security Guardium Key Lifecycle Manager XML external entity injection |
| CVE-2023-25921 | 2024-02-29 | IBM Security Guardium Key Lifecycle Manager file upload |
| CVE-2023-27545 | 2024-02-29 | IBM Watson CloudPak for Data Data Stores information disclosure |
| CVE-2023-38367 | 2024-02-29 | IBM Cloud Pak for Automation authentication bypass |
| CVE-2024-0689 | 2024-02-29 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization... |
| CVE-2021-39090 | 2024-02-29 | IBM Cloud Pak for Security information disclosure |
| CVE-2024-1468 | 2024-02-29 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all... |
| CVE-2024-1341 | 2024-02-29 | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing... |
| CVE-2023-51696 | 2024-02-29 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51528 | 2024-02-29 | WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51529 | 2024-02-29 | WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51530 | 2024-02-29 | WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51531 | 2024-02-29 | WordPress Thrive Automator Plugin <= 1.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1435 | 2024-02-29 | WordPress Tainacan Plugin <= 0.20.6 is vulnerable to Sensitive Data Exposure |
| CVE-2023-1841 | 2024-02-29 | Honeywell MPA2 Web Application XSS vulnerability |
| CVE-2024-1434 | 2024-02-29 | WordPress Media Alt Renamer Plugin 0.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1437 | 2024-02-29 | WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21752 | 2024-02-29 | WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6090 | 2024-02-29 | WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload |
| CVE-2023-47874 | 2024-02-29 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control |
| CVE-2024-1977 | 2024-02-29 | The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This... |
| CVE-2024-1976 | 2024-02-29 | The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via... |
| CVE-2023-50905 | 2024-02-29 | WordPress WP Activity Log Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23501 | 2024-02-29 | WordPress Ebook Store Plugin <= 5.788 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52475 | 2024-02-29 | Input: powermate - fix use-after-free in powermate_config_complete |
| CVE-2023-52476 | 2024-02-29 | perf/x86/lbr: Filter vsyscall addresses |
| CVE-2023-52477 | 2024-02-29 | usb: hub: Guard against accesses to uninitialized BOS descriptors |
| CVE-2023-52478 | 2024-02-29 | HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect |
| CVE-2023-52479 | 2024-02-29 | ksmbd: fix uaf in smb20_oplock_break_ack |
| CVE-2023-52480 | 2024-02-29 | ksmbd: fix race condition between session lookup and expire |
| CVE-2023-52481 | 2024-02-29 | arm64: errata: Add Cortex-A520 speculative unprivileged load workaround |
| CVE-2023-52482 | 2024-02-29 | x86/srso: Add SRSO mitigation for Hygon processors |
| CVE-2023-52483 | 2024-02-29 | mctp: perform route lookups under a RCU read-side lock |
| CVE-2023-52484 | 2024-02-29 | iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range |