Lista CVE - 2024 / Aprile
Visualizzazione 2001 - 2100 di 3606 CVE per Aprile 2024 (Pagina 21 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-47622 | 2024-04-15 | iTop vulnerable to XSS vulnerability in dashlet refresh |
| CVE-2023-47626 | 2024-04-15 | iTop vulnerable to XSS vulnerability in authent-token |
| CVE-2023-48709 | 2024-04-15 | iTop vulnerable to potential formula injection in Excel/CSV export file |
| CVE-2023-48710 | 2024-04-15 | iTop limit pages/exec.php script to PHP files |
| CVE-2023-4855 | 2024-04-15 | A command injection vulnerability was identified in SMM/SMM2 and FPC... |
| CVE-2023-4856 | 2024-04-15 | A format string vulnerability was identified in SMM/SMM2 and FPC... |
| CVE-2023-4857 | 2024-04-15 | An authentication bypass vulnerability was identified in SMM/SMM2 and FPC... |
| CVE-2024-2659 | 2024-04-15 | A command injection vulnerability was identified in SMM/SMM2 and FPC... |
| CVE-2024-31219 | 2024-04-15 | Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page |
| CVE-2024-23593 | 2024-04-15 | A vulnerability was reported in a system recovery bootloader that... |
| CVE-2024-23594 | 2024-04-15 | A buffer overflow vulnerability was reported in a system recovery... |
| CVE-2024-3803 | 2024-04-15 | Vesystem Cloud Desktop fileupload.php unrestricted upload |
| CVE-2024-23560 | 2024-04-15 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type |
| CVE-2024-3804 | 2024-04-15 | Vesystem Cloud Desktop fileupload2.php unrestricted upload |
| CVE-2024-31990 | 2024-04-15 | Argo CD' API server does not enforce project sourceNamespaces |
| CVE-2024-32035 | 2024-04-15 | Memory Allocation with Excessive Size Value in SixLabors.ImageSharp |
| CVE-2024-32036 | 2024-04-15 | SixLabors.ImageSharp vulnerable to data leakage |
| CVE-2024-23561 | 2024-04-15 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability |
| CVE-2024-23558 | 2024-04-15 | HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout |
| CVE-2024-3493 | 2024-04-15 | Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value |
| CVE-2024-2424 | 2024-04-15 | Rockwell Automation Input/Output Device Vulnerable to Major Nonrecoverable Fault |
| CVE-2024-27794 | 2024-04-15 | Claris FileMaker Server before version 20.3.2 was susceptible to a... |
| CVE-2024-29291 | 2024-04-16 | An issue in Laravel Framework 8 through 11 might allow... |
| CVE-2024-29402 | 2024-04-16 | cskefu v7 suffers from Insufficient Session Expiration, which allows attackers... |
| CVE-2024-31503 | 2024-04-16 | Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and... |
| CVE-2024-31634 | 2024-04-16 | Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and... |
| CVE-2024-31680 | 2024-04-16 | File Upload vulnerability in Shibang Communications Co., Ltd. IP network... |
| CVE-2024-31759 | 2024-04-16 | An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to... |
| CVE-2024-31760 | 2024-04-16 | An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker... |
| CVE-2024-31784 | 2024-04-16 | An issue in Typora v.1.8.10 and before, allows a local... |
| CVE-2024-32254 | 2024-04-16 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload... |
| CVE-2024-32256 | 2024-04-16 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload... |
| CVE-2023-50872 | 2024-04-16 | The API in Accredible Credential.net December 6th, 2023 allows an... |
| CVE-2024-31783 | 2024-04-16 | Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before,... |
| CVE-2024-0404 | 2024-04-16 | Mass Assignment Vulnerability in mintplex-labs/anything-llm |
| CVE-2024-1456 | 2024-04-16 | S3 Bucket Takeover in h2oai/h2o-3 |
| CVE-2024-1560 | 2024-04-16 | Path Traversal Vulnerability in mlflow/mlflow |
| CVE-2024-3575 | 2024-04-16 | Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb |
| CVE-2024-1666 | 2024-04-16 | Unauthorized Radar Creation in lunary-ai/lunary |
| CVE-2024-1483 | 2024-04-16 | Path Traversal Vulnerability in mlflow/mlflow |
| CVE-2024-3028 | 2024-04-16 | Improper Input Validation in mintplex-labs/anything-llm |
| CVE-2024-1593 | 2024-04-16 | Path Traversal via Parameter Smuggling in mlflow/mlflow |
| CVE-2024-0549 | 2024-04-16 | Relative Path Traversal in mintplex-labs/anything-llm |
| CVE-2024-1646 | 2024-04-16 | Authentication Bypass in parisneo/lollms-webui |
| CVE-2024-1601 | 2024-04-16 | SQL Injection in parisneo/lollms-webui |
| CVE-2024-1183 | 2024-04-16 | SSRF Vulnerability in gradio-app/gradio |
| CVE-2024-1738 | 2024-04-16 | Incorrect Authorization in lunary-ai/lunary |
| CVE-2024-1626 | 2024-04-16 | IDOR Vulnerability in lunary-ai/lunary |
| CVE-2024-3572 | 2024-04-16 | XML External Entity (XXE) Vulnerability in scrapy/scrapy |
| CVE-2024-1594 | 2024-04-16 | Local File Read via Path Traversal in mlflow/mlflow |
| CVE-2024-1558 | 2024-04-16 | Path Traversal Vulnerability in mlflow/mlflow |
| CVE-2024-3029 | 2024-04-16 | Improper Input Validation in mintplex-labs/anything-llm |
| CVE-2024-3573 | 2024-04-16 | Local File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow |
| CVE-2024-1569 | 2024-04-16 | Uncontrolled Resource Consumption in parisneo/lollms-webui |
| CVE-2024-1135 | 2024-04-16 | HTTP Request Smuggling in benoitc/gunicorn |
| CVE-2024-2260 | 2024-04-16 | Session Fixation Vulnerability in zenml-io/zenml |
| CVE-2024-3271 | 2024-04-16 | Command Injection in run-llama/llama_index |
| CVE-2024-3574 | 2024-04-16 | Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy |
| CVE-2024-2912 | 2024-04-16 | Insecure Deserialization Leading to RCE in bentoml/bentoml |
| CVE-2024-3571 | 2024-04-16 | Path Traversal in langchain-ai/langchain |
| CVE-2024-1739 | 2024-04-16 | Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary |
| CVE-2024-2083 | 2024-04-16 | Directory Traversal in zenml-io/zenml |
| CVE-2024-1961 | 2024-04-16 | Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb |
| CVE-2024-1561 | 2024-04-16 | Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio |
| CVE-2024-22262 | 2024-04-16 | CVE-2024-22262: Spring Framework URL Parsing with Host Validation |
| CVE-2024-32557 | 2024-04-16 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-3871 | 2024-04-16 | Authenticated Remote Command Injection in Delta Electronics DVW |
| CVE-2024-32631 | 2024-04-16 | Out-of-bounds read in telephony |
| CVE-2024-32632 | 2024-04-16 | Printf arg type mismatch in ATCMD |
| CVE-2024-32633 | 2024-04-16 | Unsigned compared against 0 |
| CVE-2024-32634 | 2024-04-16 | Logically dead code |
| CVE-2024-32625 | 2024-04-16 | Uninitialized scalar field |
| CVE-2024-3872 | 2024-04-16 | Mattermost Mobile app versions 2.13.0 and earlier use a regular... |
| CVE-2024-3867 | 2024-04-16 | The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site... |
| CVE-2024-1357 | 2024-04-16 | The Shortcodes and extra features for Phlox theme plugin for... |
| CVE-2024-3367 | 2024-04-16 | Argument injection to runmqsc |
| CVE-2024-3067 | 2024-04-16 | The WooCommerce Google Feed Manager plugin for WordPress is vulnerable... |
| CVE-2024-3869 | 2024-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable... |
| CVE-2024-3243 | 2024-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable... |
| CVE-2024-3672 | 2024-04-16 | The BA Book Everything plugin for WordPress is vulnerable to... |
| CVE-2024-30256 | 2024-04-16 | Open WebUI vulnerable to server-side request forgery in utils.py |
| CVE-2024-31451 | 2024-04-16 | Limited file write in routes.py (GHSL-2023-250) |
| CVE-2024-32023 | 2024-04-16 | Kohya_ss vulnerable to path injection in `common_gui.py` `find_and_replace` function (`GHSL-2024-024`) |
| CVE-2024-32024 | 2024-04-16 | Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023`) |
| CVE-2024-32025 | 2024-04-16 | Kohya_ss is vulnerable to a command injection in `group_images_gui.py` (`GHSL-2024-021`) |
| CVE-2024-32026 | 2024-04-16 | Kohya_ss is vulnerable to a command injection in `git_caption_gui.py` (`GHSL-2024-020`) |
| CVE-2024-32027 | 2024-04-16 | Kohya_ss is vulnerable to a command injection in `finetune_gui.py` (`GHSL-2024-022`) |
| CVE-2024-32022 | 2024-04-16 | Kohya_ss is vulnerable to a command injection in basic_caption_gui.py (GHSL-2024-019) |
| CVE-2024-3852 | 2024-04-16 | GetBoundName could return the wrong version of an object when... |
| CVE-2024-3853 | 2024-04-16 | A use-after-free could result if a JavaScript realm was in... |
| CVE-2024-3854 | 2024-04-16 | In some code patterns the JIT incorrectly optimized switch statements... |
| CVE-2024-3855 | 2024-04-16 | In certain cases the JIT incorrectly optimized MSubstr operations, which... |
| CVE-2024-3856 | 2024-04-16 | A use-after-free could occur during WASM execution if garbage collection... |
| CVE-2024-3857 | 2024-04-16 | The JIT created incorrect code for arguments in certain cases.... |
| CVE-2024-3858 | 2024-04-16 | It was possible to mutate a JavaScript object so that... |
| CVE-2024-3859 | 2024-04-16 | On 32-bit versions there were integer-overflows that led to an... |
| CVE-2024-3860 | 2024-04-16 | An out-of-memory condition during object initialization could result in an... |
| CVE-2024-3861 | 2024-04-16 | If an AlignedBuffer were assigned to itself, the subsequent self-move... |
| CVE-2024-3862 | 2024-04-16 | The MarkStack assignment operator, part of the JavaScript engine, could... |
| CVE-2024-3863 | 2024-04-16 | The executable file warning was not presented when downloading .xrm-ms... |