Lista CVE - 2024 / Aprile

Visualizzazione 1801 - 1900 di 3605 CVE per Aprile 2024 (Pagina 19 di 37)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2024-29844	2024-04-14	Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
CVE-2020-22539	2024-04-15	An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2020-22540	2024-04-15	Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component.
CVE-2023-33806	2024-04-15	Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.
CVE-2023-45503	2024-04-15	SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload...
CVE-2024-24485	2024-04-15	An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command.
CVE-2024-24486	2024-04-15	An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command.
CVE-2024-24487	2024-04-15	An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.
CVE-2024-28556	2024-04-15	SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.
CVE-2024-28557	2024-04-15	SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.
CVE-2024-28558	2024-04-15	SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.
CVE-2024-30567	2024-04-15	An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality.
CVE-2024-30656	2024-04-15	An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.
CVE-2024-30840	2024-04-15	A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.
CVE-2024-31648	2024-04-15	Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at...
CVE-2024-31649	2024-04-15	A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name...
CVE-2024-31650	2024-04-15	A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name...
CVE-2024-31651	2024-04-15	A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name...
CVE-2024-31652	2024-04-15	A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
CVE-2024-32488	2024-04-15	In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files...
CVE-2024-22014	2024-04-15	An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
CVE-2024-28056	2024-04-15	Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a...
CVE-2024-31497	2024-04-15	In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures....
CVE-2024-32489	2024-04-15	TCPDF before 6.7.4 mishandles calls that use HTML syntax.
CVE-2024-3772	2024-04-15	Regular expression denial of service in Pydantic < 2.4.0
CVE-2024-3774	2024-04-15	aEnrich Technology a+HRD - Exposure of Sensitive Data
CVE-2024-3775	2024-04-15	aEnrich Technology a+HRD - Argument Injection
CVE-2024-3776	2024-04-15	Netvision airPASS - Reflected XSS
CVE-2024-3767	2024-04-15	PHPGurukul News Portal edit-post.php sql injection
CVE-2024-3777	2024-04-15	Ai3 QbiBot - Broken Access Control
CVE-2024-3768	2024-04-15	PHPGurukul/itsourcecode News Portal search.php sql injection
CVE-2024-3778	2024-04-15	Ai3 QbiBot - Unrestricted File Upload
CVE-2024-3769	2024-04-15	PHPGurukul Student Record System login.php sql injection
CVE-2024-1655	2024-04-15	ASUS WiFi Router - OS Command Injection
CVE-2023-6067	2024-04-15	WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS
CVE-2023-7201	2024-04-15	Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
CVE-2024-0399	2024-04-15	WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection
CVE-2024-0902	2024-04-15	Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title
CVE-2024-1204	2024-04-15	Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
CVE-2024-1306	2024-04-15	Smart Forms < 2.6.94 - Edit Entries via CSRF
CVE-2024-1307	2024-04-15	Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
CVE-2024-1310	2024-04-15	WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
CVE-2024-1660	2024-04-15	Top Bar < 3.0.5 - Admin+ Stored XSS
CVE-2024-1712	2024-04-15	Carousel Slider < 2.2.7 - Editor+ Stored XSS
CVE-2024-1746	2024-04-15	Testimonial Slider < 2.3.8 - Admin+ Stored XSS
CVE-2024-1754	2024-04-15	NPS computy <= 2.7.5 - Admin+ Stored XSS
CVE-2024-1755	2024-04-15	NPS computy <= 2.7.5 - Results Deletion via CSRF
CVE-2024-1846	2024-04-15	Responsive Tabs < 4.0.7 - Contributor+ Stored XSS
CVE-2024-1849	2024-04-15	WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
CVE-2024-2739	2024-04-15	Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
CVE-2024-2836	2024-04-15	Super Socializer < 7.13.64 - Editor+ Stored XSS
CVE-2024-2857	2024-04-15	Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS
CVE-2024-2858	2024-04-15	Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
CVE-2024-3770	2024-04-15	PHPGurukul Student Record System sql injection
CVE-2024-3771	2024-04-15	PHPGurukul Student Record System edit-subject.php sql injection
CVE-2024-32453	2024-04-15	WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32429	2024-04-15	WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32428	2024-04-15	WordPress MWW Disclaimer Buttons plugin <= 3.0.2 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-32149	2024-04-15	WordPress Jobs for WordPress plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32147	2024-04-15	WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32145	2024-04-15	WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability
CVE-2024-32140	2024-04-15	WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32138	2024-04-15	WordPress Short URL plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32133	2024-04-15	WordPress EZ Form Calculator plugin <= 2.14.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32079	2024-04-15	WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability
CVE-2023-52144	2024-04-15	WordPress Product Feed Manager plugin <= 7.3.15 - Directory Traversal vulnerability
CVE-2024-32454	2024-04-15	WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability
CVE-2024-32430	2024-04-15	WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability
CVE-2024-32431	2024-04-15	WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
CVE-2024-32139	2024-04-15	WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability
CVE-2024-32137	2024-04-15	WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability
CVE-2024-32136	2024-04-15	WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability
CVE-2024-32135	2024-04-15	WordPress Disable Comments \| WPZest plugin <= 1.51 - SQL Injection vulnerability
CVE-2024-32134	2024-04-15	WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability
CVE-2024-32132	2024-04-15	WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - SQL Injection vulnerability
CVE-2024-32128	2024-04-15	WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Unauthenticated SQL Injection vulnerability
CVE-2024-32127	2024-04-15	WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability
CVE-2024-32125	2024-04-15	WordPress BA Book Everything plugin <= 1.6.4 - Auth. SQL Injection vulnerability
CVE-2024-32098	2024-04-15	WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability
CVE-2024-32087	2024-04-15	WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability
CVE-2024-3505	2024-04-15	JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users
CVE-2024-32082	2024-04-15	WordPress Sync Post With Other Site plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability
CVE-2024-31093	2024-04-15	WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability
CVE-2024-31086	2024-04-15	WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability
CVE-2024-30545	2024-04-15	WordPress Social Author Bio plugin <= 2.4 - Stored XSS via Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32452	2024-04-15	WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32451	2024-04-15	WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32450	2024-04-15	WordPress WpTravelly plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32449	2024-04-15	WordPress RestroPress plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32448	2024-04-15	WordPress Ads.txt Admin plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-3701	2024-04-15	Improper Authentication in com.transsion.kolun.aiservice
CVE-2024-32447	2024-04-15	WordPress AWP Classifieds plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32446	2024-04-15	WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32445	2024-04-15	WordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32443	2024-04-15	WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32442	2024-04-15	WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32441	2024-04-15	WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32440	2024-04-15	WordPress Asgaros Forum plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32439	2024-04-15	WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32438	2024-04-15	WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability