Lista CVE - 2024 / Aprile
Visualizzazione 1301 - 1400 di 3605 CVE per Aprile 2024 (Pagina 14 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-1792 | 2024-04-09 | The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes... |
| CVE-2024-2504 | 2024-04-09 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including,... |
| CVE-2023-6965 | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2,... |
| CVE-2024-2117 | 2024-04-09 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to,... |
| CVE-2024-2654 | 2024-04-09 | The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers,... |
| CVE-2024-2344 | 2024-04-09 | The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied... |
| CVE-2024-3208 | 2024-04-09 | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input... |
| CVE-2024-2501 | 2024-04-09 | The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted... |
| CVE-2024-1812 | 2024-04-09 | The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated... |
| CVE-2023-6486 | 2024-04-09 | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to... |
| CVE-2024-2327 | 2024-04-09 | The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input... |
| CVE-2024-2946 | 2024-04-09 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... |
| CVE-2023-6999 | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception... |
| CVE-2024-1461 | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including,... |
| CVE-2024-2039 | 2024-04-09 | The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11... |
| CVE-2024-2792 | 2024-04-09 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output... |
| CVE-2024-2456 | 2024-04-09 | The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input... |
| CVE-2024-1458 | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including,... |
| CVE-2024-2081 | 2024-04-09 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to... |
| CVE-2024-1984 | 2024-04-09 | The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals... |
| CVE-2024-2341 | 2024-04-09 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7... |
| CVE-2024-3213 | 2024-04-09 | The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up... |
| CVE-2024-2093 | 2024-04-09 | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes... |
| CVE-2024-2787 | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to... |
| CVE-2024-2347 | 2024-04-09 | The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and... |
| CVE-2024-3267 | 2024-04-09 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input... |
| CVE-2024-0952 | 2024-04-09 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter... |
| CVE-2024-1498 | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to... |
| CVE-2024-1352 | 2024-04-09 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the... |
| CVE-2024-2306 | 2024-04-09 | The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping.... |
| CVE-2024-2138 | 2024-04-09 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input... |
| CVE-2024-2311 | 2024-04-09 | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output... |
| CVE-2024-3545 | 2024-04-09 | Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access... |
| CVE-2023-6695 | 2024-04-09 | The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated... |
| CVE-2024-1412 | 2024-04-09 | The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization... |
| CVE-2023-6694 | 2024-04-09 | The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and... |
| CVE-2022-4965 | 2024-04-09 | The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due... |
| CVE-2024-3446 | 2024-04-09 | Qemu: virtio: dma reentrancy issue leads to double free vulnerability |
| CVE-2024-3521 | 2024-04-09 | Byzoro Smart S80 Management Platform userattestation.php unrestricted upload |
| CVE-2024-3313 | 2024-04-09 | SUBNET PowerSYSTEM Server and Substation Server Reliance on Insufficiently Trustworthy Component |
| CVE-2024-3522 | 2024-04-09 | Campcodes Online Event Management System process.php sql injection |
| CVE-2024-3523 | 2024-04-09 | Campcodes Online Event Management System index.php sql injection |
| CVE-2024-3524 | 2024-04-09 | Campcodes Online Event Management System process.php cross site scripting |
| CVE-2024-3119 | 2024-04-09 | Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep |
| CVE-2024-3120 | 2024-04-09 | Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep |
| CVE-2023-52070 | 2024-04-10 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable... |
| CVE-2024-23076 | 2024-04-10 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the... |
| CVE-2024-23077 | 2024-04-10 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine... |
| CVE-2024-23080 | 2024-04-10 | Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine... |
| CVE-2024-23083 | 2024-04-10 | Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine... |
| CVE-2024-23734 | 2024-04-10 | Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP... |
| CVE-2024-23735 | 2024-04-10 | Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data... |
| CVE-2024-26362 | 2024-04-10 | HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. |
| CVE-2024-27474 | 2024-04-10 | Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. |
| CVE-2024-27476 | 2024-04-10 | Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. |
| CVE-2024-27477 | 2024-04-10 | In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known... |
| CVE-2024-28344 | 2024-04-10 | An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double... |
| CVE-2024-28345 | 2024-04-10 | An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL. |
| CVE-2024-29269 | 2024-04-10 | An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. |
| CVE-2024-29296 | 2024-04-10 | A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to... |
| CVE-2024-29460 | 2024-04-10 | An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. |
| CVE-2024-29504 | 2024-04-10 | Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. |
| CVE-2024-31819 | 2024-04-10 | An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. |
| CVE-2024-29500 | 2024-04-10 | An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. |
| CVE-2024-29502 | 2024-04-10 | An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. |
| CVE-2024-3525 | 2024-04-10 | Campcodes Online Event Management System index.php cross site scripting |
| CVE-2023-40148 | 2024-04-10 | PingFederate Server Side Request Forgery vulnerability |
| CVE-2024-3526 | 2024-04-10 | Campcodes Online Event Management System index.php cross site scripting |
| CVE-2024-3528 | 2024-04-10 | Campcodes Complete Online Student Management System units_view.php cross site scripting |
| CVE-2024-3529 | 2024-04-10 | Campcodes Complete Online Student Management System students_view.php cross site scripting |
| CVE-2024-3530 | 2024-04-10 | Campcodes Complete Online Student Management System Marks_view.php cross site scripting |
| CVE-2023-6236 | 2024-04-10 | Eap: oidc app attempting to access the second tenant, the user should be prompted to log |
| CVE-2023-50347 | 2024-04-10 | Insecure SQL Interface affects HCL DRYiCE MyXalytics |
| CVE-2024-3531 | 2024-04-10 | Campcodes Complete Online Student Management System courses_view.php cross site scripting |
| CVE-2024-3532 | 2024-04-10 | Campcodes Complete Online Student Management System attendance_view.php cross site scripting |
| CVE-2024-3533 | 2024-04-10 | Campcodes Complete Online Student Management System academic_year_view.php cross site scripting |
| CVE-2024-3534 | 2024-04-10 | Campcodes Church Management System login.php sql injection |
| CVE-2024-3535 | 2024-04-10 | Campcodes Church Management System index.php sql injection |
| CVE-2024-2665 | 2024-04-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input... |
| CVE-2024-2664 | 2024-04-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient... |
| CVE-2024-3536 | 2024-04-10 | Campcodes Church Management System delete_log.php sql injection |
| CVE-2024-2666 | 2024-04-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due... |
| CVE-2024-2733 | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input... |
| CVE-2024-3537 | 2024-04-10 | Campcodes Church Management System admin_user.php sql injection |
| CVE-2024-1041 | 2024-04-10 | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and... |
| CVE-2024-2734 | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization... |
| CVE-2024-2735 | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input... |
| CVE-2024-2736 | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and... |
| CVE-2024-3235 | 2024-04-10 | The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it... |
| CVE-2024-1042 | 2024-04-10 | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX... |
| CVE-2024-3020 | 2024-04-10 | The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows... |
| CVE-2024-3538 | 2024-04-10 | Campcodes Church Management System addTithes.php sql injection |
| CVE-2024-21509 | 2024-04-10 | Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. |
| CVE-2024-21507 | 2024-04-10 | Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within... |
| CVE-2023-6385 | 2024-04-10 | WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF |
| CVE-2024-2428 | 2024-04-10 | The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS |
| CVE-2024-3539 | 2024-04-10 | Campcodes Church Management System addgiving.php sql injection |
| CVE-2024-3540 | 2024-04-10 | Campcodes Church Management System add_sundaysch.php sql injection |
| CVE-2024-3541 | 2024-04-10 | Campcodes Church Management System admin_user.php cross site scripting |
| CVE-2024-2539 | 2024-04-10 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input... |