Lista CVE - 2024 / Marzo
Visualizzazione 1101 - 1200 di 3299 CVE per Marzo 2024 (Pagina 12 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-28680 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. |
| CVE-2024-28681 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. |
| CVE-2024-28682 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. |
| CVE-2024-28683 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. |
| CVE-2024-28684 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php |
| CVE-2023-41505 | 2024-03-13 | An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-24105 | 2024-03-13 | SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php. |
| CVE-2024-26529 | 2024-03-13 | An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c. |
| CVE-2024-28430 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php. |
| CVE-2024-28668 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php |
| CVE-2024-28671 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. |
| CVE-2024-28676 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. |
| CVE-2023-4839 | 2024-03-13 | The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping.... |
| CVE-2024-1582 | 2024-03-13 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32... |
| CVE-2024-2412 | 2024-03-13 | Heimavista Rpage and Epage - Broken Access Control |
| CVE-2015-10130 | 2024-03-13 | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-2413 | 2024-03-13 | Intumit SmartRobot - Use of Hard-coded Cryptographic Key |
| CVE-2024-2400 | 2024-03-13 | Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-27440 | 2024-03-13 | The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle... |
| CVE-2015-10123 | 2024-03-13 | Wago: Buffer Copy without Checking Size of Input in wbm of multiple products |
| CVE-2018-25090 | 2024-03-13 | Wago: Improper Neutralization of Input During Web Page Generation in multiple devices |
| CVE-2023-28517 | 2024-03-13 | IBM Sterling Partner Engagement Manager cross-site scripting |
| CVE-2023-38723 | 2024-03-13 | Maximo Asset Management cross-site scripting |
| CVE-2023-43043 | 2024-03-13 | IBM Maximo Application Suite information disclosure |
| CVE-2023-32335 | 2024-03-13 | IBM Maximo Application Suite information disclosure |
| CVE-2024-2123 | 2024-03-13 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all... |
| CVE-2024-1979 | 2024-03-13 | Quarkus: information leak in annotation |
| CVE-2024-2414 | 2024-03-13 | Unprotected Primary Channel vulnerability in Movistar 4G router |
| CVE-2024-2416 | 2024-03-13 | Cross-Site Request Forgery vulnerability in Movistar 4G router |
| CVE-2024-2415 | 2024-03-13 | Command injection vulnerability in Movistar 4G router |
| CVE-2024-1507 | 2024-03-13 | The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and... |
| CVE-2024-1508 | 2024-03-13 | The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and... |
| CVE-2023-52608 | 2024-03-13 | firmware: arm_scmi: Check mailbox/SMT channel for consistency |
| CVE-2024-26629 | 2024-03-13 | nfsd: fix RELEASE_LOCKOWNER |
| CVE-2024-2247 | 2024-03-13 | JFrog Artifactory Cross-Site Scripting |
| CVE-2024-25153 | 2024-03-13 | Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114 |
| CVE-2024-25154 | 2024-03-13 | Path Traversal in FileCatalyst Direct 3.8.8 and Earlier |
| CVE-2024-25155 | 2024-03-13 | Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier |
| CVE-2024-1071 | 2024-03-13 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3... |
| CVE-2024-2126 | 2024-03-13 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient... |
| CVE-2024-1843 | 2024-03-13 | The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and... |
| CVE-2024-1176 | 2024-03-13 | The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in... |
| CVE-2024-1536 | 2024-03-13 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in... |
| CVE-2024-1690 | 2024-03-13 | The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check... |
| CVE-2024-1158 | 2024-03-13 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data... |
| CVE-2024-1234 | 2024-03-13 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization... |
| CVE-2024-0385 | 2024-03-13 | The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4.... |
| CVE-2024-0839 | 2024-03-13 | The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key.... |
| CVE-2024-1370 | 2024-03-13 | The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions... |
| CVE-2024-1358 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated... |
| CVE-2024-0897 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due... |
| CVE-2024-0326 | 2024-03-13 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to... |
| CVE-2024-0871 | 2024-03-13 | The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to... |
| CVE-2024-2106 | 2024-03-13 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated... |
| CVE-2024-1935 | 2024-03-13 | The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parent_url’ parameter in... |
| CVE-2024-1383 | 2024-03-13 | The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input... |
| CVE-2024-1642 | 2024-03-13 | The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due... |
| CVE-2024-1392 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12... |
| CVE-2024-1585 | 2024-03-13 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient... |
| CVE-2024-1862 | 2024-03-13 | The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice'... |
| CVE-2024-1535 | 2024-03-13 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s)... |
| CVE-2024-1127 | 2024-03-13 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all... |
| CVE-2024-1484 | 2024-03-13 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98... |
| CVE-2024-1296 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient... |
| CVE-2024-0449 | 2024-03-13 | The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to... |
| CVE-2024-2020 | 2024-03-13 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient... |
| CVE-2024-1640 | 2024-03-13 | The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to... |
| CVE-2024-1422 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to... |
| CVE-2024-0976 | 2024-03-13 | The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to,... |
| CVE-2024-1763 | 2024-03-13 | The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint... |
| CVE-2024-1409 | 2024-03-13 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role]... |
| CVE-2024-0828 | 2024-03-13 | The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on... |
| CVE-2024-1293 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to... |
| CVE-2024-0591 | 2024-03-13 | The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to,... |
| CVE-2023-6954 | 2024-03-13 | The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization... |
| CVE-2024-0592 | 2024-03-13 | The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce... |
| CVE-2023-6880 | 2024-03-13 | The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom... |
| CVE-2024-0614 | 2024-03-13 | The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output... |
| CVE-2024-1452 | 2024-03-13 | The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with... |
| CVE-2024-2172 | 2024-03-13 | The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function... |
| CVE-2024-1462 | 2024-03-13 | The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated... |
| CVE-2024-1083 | 2024-03-13 | The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated... |
| CVE-2024-1479 | 2024-03-13 | The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for... |
| CVE-2024-1414 | 2024-03-13 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to... |
| CVE-2024-1680 | 2024-03-13 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all... |
| CVE-2024-1321 | 2024-03-13 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin... |
| CVE-2023-6969 | 2024-03-13 | The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation... |
| CVE-2024-1691 | 2024-03-13 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG... |
| CVE-2024-1380 | 2024-03-13 | The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up... |
| CVE-2023-6785 | 2024-03-13 | The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible... |
| CVE-2024-1203 | 2024-03-13 | The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in... |
| CVE-2024-1537 | 2024-03-13 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in... |
| CVE-2024-2293 | 2024-03-13 | The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization... |
| CVE-2024-1237 | 2024-03-13 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient... |
| CVE-2024-1772 | 2024-03-13 | The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4... |
| CVE-2024-0447 | 2024-03-13 | The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all... |
| CVE-2024-1854 | 2024-03-13 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and... |
| CVE-2024-1363 | 2024-03-13 | The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including,... |
| CVE-2024-1985 | 2024-03-13 | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization... |
| CVE-2024-2006 | 2024-03-13 | The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and... |