Lista CVE - 2024 / Marzo
Visualizzazione 2401 - 2500 di 3300 CVE per Marzo 2024 (Pagina 25 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-22699 | 2024-03-25 | WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2022-38057 | 2024-03-25 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability |
| CVE-2023-25039 | 2024-03-25 | WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2024-2865 | 2024-03-25 | SQLi in Mergen Soft Quality Management System |
| CVE-2024-25002 | 2024-03-25 | Command Injection in the diagnostics interface of the Bosch Network... |
| CVE-2024-28183 | 2024-03-25 | Anti Rollback bypass with physical access and TOCTOU attack |
| CVE-2023-45824 | 2024-03-25 | OroPlatform's pinned entity creation form shows pages of other users |
| CVE-2023-48296 | 2024-03-25 | OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID |
| CVE-2024-27299 | 2024-03-25 | phpMyFAQ SQL Injection at "Save News" |
| CVE-2024-27300 | 2024-03-25 | phpMyFAQ Stored XSS at user email |
| CVE-2024-28105 | 2024-03-25 | phpMyFAQ's File Upload Bypass at Category Image Leads to RCE |
| CVE-2024-28106 | 2024-03-25 | phpMyFAQ Stored XSS at FAQ News Content |
| CVE-2024-28107 | 2024-03-25 | phpMyFAQ SQL injections at insertentry & saveentry |
| CVE-2024-28108 | 2024-03-25 | phpMyFAQ Stored HTML Injection at contentLink |
| CVE-2024-28850 | 2024-03-25 | WP Crontrol possible RCE when combined with a pre-condition |
| CVE-2024-28243 | 2024-03-25 | KaTeX's maxExpand bypassed by \edef |
| CVE-2024-28244 | 2024-03-25 | KaTeX's maxExpand bypassed by Unicode sub/superscripts |
| CVE-2024-28245 | 2024-03-25 | KaTeX's \includegraphics does not escape filename |
| CVE-2024-28246 | 2024-03-25 | KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols |
| CVE-2024-29025 | 2024-03-25 | Netty HttpPostRequestDecoder can OOM |
| CVE-2024-2425 | 2024-03-25 | Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527 |
| CVE-2024-2426 | 2024-03-25 | Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527 |
| CVE-2024-29041 | 2024-03-25 | Express.js Open Redirect in malformed URLs |
| CVE-2024-2427 | 2024-03-25 | Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527 |
| CVE-2024-29179 | 2024-03-25 | phpMyFAQ Stored Cross-site Scripting at File Attachments |
| CVE-2024-21914 | 2024-03-25 | Rockwell Automation - FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections |
| CVE-2024-1973 | 2024-03-25 | Elevation of privileges vulnerability |
| CVE-2024-2873 | 2024-03-25 | User authentication bypass in wolfSSH server |
| CVE-2024-0901 | 2024-03-25 | SEGV and out of bounds memory read from malicious packet |
| CVE-2017-20190 | 2024-03-26 | Some Microsoft technologies as used in Windows 8 through 11... |
| CVE-2023-50702 | 2024-03-26 | Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but... |
| CVE-2023-50894 | 2024-03-26 | In Janitza GridVis through 9.0.66, use of hard-coded credentials in... |
| CVE-2023-51146 | 2024-03-26 | Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version... |
| CVE-2023-51147 | 2024-03-26 | Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware... |
| CVE-2023-51148 | 2024-03-26 | An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor... |
| CVE-2024-23722 | 2024-03-26 | In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference... |
| CVE-2024-25420 | 2024-03-26 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows... |
| CVE-2024-25421 | 2024-03-26 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows... |
| CVE-2024-26577 | 2024-03-26 | VSeeFace through 1.13.38.c2 allows attackers to cause a denial of... |
| CVE-2024-27521 | 2024-03-26 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote... |
| CVE-2024-28093 | 2024-03-26 | The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is... |
| CVE-2024-28442 | 2024-03-26 | Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically... |
| CVE-2024-28545 | 2024-03-26 | Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the... |
| CVE-2024-28551 | 2024-03-26 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the... |
| CVE-2024-29401 | 2024-03-26 | xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows... |
| CVE-2024-29684 | 2024-03-26 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2023-50895 | 2024-03-26 | In Janitza GridVis through 9.0.66, exposed dangerous methods in the... |
| CVE-2024-29644 | 2024-03-26 | Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows... |
| CVE-2024-2732 | 2024-03-26 | The Themify Shortcodes plugin for WordPress is vulnerable to Stored... |
| CVE-2024-29189 | 2024-03-26 | ansys-geometry-core OS Command Injection vulnerability |
| CVE-2024-29195 | 2024-03-26 | Azure C SDK Integer Wraparound Vulnerability |
| CVE-2024-29196 | 2024-03-26 | phpMyFAQ Path Traversal in Attachments |
| CVE-2024-0866 | 2024-03-26 | The Check & Log Email plugin for WordPress is vulnerable... |
| CVE-2024-29199 | 2024-03-26 | Unauthenticated views may expose information to anonymous users |
| CVE-2024-2170 | 2024-03-26 | The VK All in One Expansion Unit plugin for WordPress... |
| CVE-2023-7232 | 2024-03-26 | Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure |
| CVE-2024-1745 | 2024-03-26 | Testimonial Slider < 2.3.7 - Author+ Settings Update |
| CVE-2024-2303 | 2024-03-26 | The Easy Textillate plugin for WordPress is vulnerable to Stored... |
| CVE-2024-2888 | 2024-03-26 | WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2889 | 2024-03-26 | WordPress WP-Lister Lite for Amazon plugin <= 2.6.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-6175 | 2024-03-26 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark |
| CVE-2023-51416 | 2024-03-26 | WordPress EnvíaloSimple plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-49839 | 2024-03-26 | Reflected Cross-Site Scripting vulnerability in multiple WordPress components by KlbTheme |
| CVE-2023-49838 | 2024-03-26 | Cross-Site Request Forgery (CSRF) vulnerability in multiple themes by KlbTheme |
| CVE-2023-45771 | 2024-03-26 | WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-7251 | 2024-03-26 | WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-33322 | 2024-03-26 | WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-32237 | 2024-03-26 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes |
| CVE-2023-23991 | 2024-03-26 | WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection |
| CVE-2024-24805 | 2024-03-26 | WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-28131 | 2024-03-26 | EasyRange Ver 1.41 contains an issue with the executable file... |
| CVE-2024-26018 | 2024-03-26 | Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script... |
| CVE-2024-28033 | 2024-03-26 | OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9,... |
| CVE-2024-28034 | 2024-03-26 | Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An... |
| CVE-2024-28048 | 2024-03-26 | OS command injection vulnerability exists in ffBull ver.4.11, which may... |
| CVE-2024-2904 | 2024-03-26 | WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-28126 | 2024-03-26 | Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An... |
| CVE-2024-24799 | 2024-03-26 | WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2024-24719 | 2024-03-26 | WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability |
| CVE-2024-24718 | 2024-03-26 | WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability |
| CVE-2024-24711 | 2024-03-26 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2024-23520 | 2024-03-26 | WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-30231 | 2024-03-26 | WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability |
| CVE-2024-30232 | 2024-03-26 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30233 | 2024-03-26 | WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability |
| CVE-2024-30234 | 2024-03-26 | WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-30235 | 2024-03-26 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2024-2906 | 2024-03-26 | WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-22156 | 2024-03-26 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2023-52214 | 2024-03-26 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2024-1933 | 2024-03-26 | Improper symlink resolution in TeamViewer Remote client for macOS |
| CVE-2024-29203 | 2024-03-26 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes |
| CVE-2024-29881 | 2024-03-26 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements |
| CVE-2024-29883 | 2024-03-26 | CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor |
| CVE-2024-2891 | 2024-03-26 | Tenda AC7 QuickIndex formQuickIndex stack-based overflow |
| CVE-2023-47150 | 2024-03-26 | IBM Common Cryptographic Architecture denial of service |
| CVE-2024-1455 | 2024-03-26 | Billion Laughs Attack leading to DoS in langchain-ai/langchain |
| CVE-2023-33855 | 2024-03-26 | IBM Common Cryptographic Architecture information disclosure |
| CVE-2024-22356 | 2024-03-26 | IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure |
| CVE-2023-41969 | 2024-03-26 | ZSATrayManager Arbitrary File Deletion |