VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2024 / Marzo

Visualizzazione 1701 - 1800 di 3299 CVE per Marzo 2024 (Pagina 18 di 33)

ID CVE Data Titolo
CVE-2024-20762 2024-03-18 Adobe Animate MP3 File parsing unitialized heap memory corruption
CVE-2024-26043 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26041 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26125 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-20768 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26045 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26107 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26052 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26105 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26032 2024-03-18 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-26118 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26028 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26042 2024-03-18 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-26094 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26040 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26067 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26050 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26038 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26044 2024-03-18 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-26102 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26030 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26073 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26059 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26031 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26119 2024-03-18 Adobe Experience Manager | Information Exposure (CWE-200)
CVE-2024-26124 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26034 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26056 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26096 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26101 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26051 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26103 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26104 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26061 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26069 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26120 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26064 2024-03-18 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-20760 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26033 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26035 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26062 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26080 2024-03-18 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-26063 2024-03-18 Adobe Experience Manager | Information Exposure (CWE-200)
CVE-2024-26106 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26065 2024-03-18 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-21661 2024-03-18 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
CVE-2024-21662 2024-03-18 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow
CVE-2023-41334 2024-03-18 astropy vulnerable to RCE in TranformGraph().to_dot_graph function
CVE-2024-0780 2024-03-18 Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
CVE-2024-0779 2024-03-18 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
CVE-2024-0365 2024-03-18 Fancy Product Designer < 6.1.5 - Admin+ SQL Injection
CVE-2024-0719 2024-03-18 Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
CVE-2024-0820 2024-03-18 Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS
CVE-2024-0973 2024-03-18 Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS
CVE-2024-0858 2024-03-18 Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
CVE-2023-6821 2024-03-18 Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
CVE-2023-7085 2024-03-18 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG
CVE-2024-0711 2024-03-18 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode
CVE-2024-0951 2024-03-18 Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS
CVE-2023-7236 2024-03-18 Backup Bolt <= 1.3.0 - Sensitive Data Exposure
CVE-2024-22412 2024-03-18 ClickHouse's Role-based Access Control is bypassed when query caching is enabled.
CVE-2024-2604 2024-03-18 SourceCodester File Manager App update-file.php unrestricted upload
CVE-2024-23333 2024-03-18 LAM vulnerable to Authenticated Remote Code Execution
CVE-2024-24578 2024-03-18 RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload
CVE-2024-28237 2024-03-18 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
CVE-2024-28248 2024-03-18 Cilium intermittent HTTP policy bypass
CVE-2024-28249 2024-03-18 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies
CVE-2024-28250 2024-03-18 Cilium has possible unencrypted traffic between nodes when using WireGuard and L7 policies
CVE-2024-28855 2024-03-18 ZITADEL vulnerable to improper HTML sanitization
CVE-2024-28864 2024-03-18 [TagAwareCipher] - Decryption Failure (Regex Match)
CVE-2024-28865 2024-03-18 django-wiki denial of service via regular expression
CVE-2023-40276 2024-03-19 An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
CVE-2023-40277 2024-03-19 An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
CVE-2023-40280 2024-03-19 An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2023-50966 2024-03-19 erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE...
CVE-2024-24042 2024-03-19 Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.
CVE-2024-24043 2024-03-19 Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.
CVE-2024-26369 2024-03-19 An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.
CVE-2024-28092 2024-03-19 UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields...
CVE-2024-28283 2024-03-19 There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution.
CVE-2024-28303 2024-03-19 Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.
CVE-2024-28389 2024-03-19 SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method.
CVE-2024-28394 2024-03-19 An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.
CVE-2024-28446 2024-03-19 Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi.
CVE-2024-28447 2024-03-19 Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.
CVE-2024-28595 2024-03-19 SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
CVE-2024-28715 2024-03-19 Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.
CVE-2024-28734 2024-03-19 Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.
CVE-2023-40275 2024-03-19 An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
CVE-2023-40278 2024-03-19 An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can...
CVE-2023-40279 2024-03-19 An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-50811 2024-03-19 An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception....
CVE-2024-24336 2024-03-19 A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks,...
CVE-2024-2620 2024-03-19 Fujian Kelixin Communication Command and Dispatch Platform down_file.php sql injection
CVE-2024-2621 2024-03-19 Fujian Kelixin Communication Command and Dispatch Platform pwd_update.php sql injection
CVE-2024-2622 2024-03-19 Fujian Kelixin Communication Command and Dispatch Platform editemedia.php sql injection
CVE-2024-22017 2024-03-19 setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through...
CVE-2024-22025 2024-03-19 A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL....
CVE-2024-21504 2024-03-19 Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code...
CVE-2024-21503 2024-03-19 Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability...