Lista CVE - 2024 / Aprile
Visualizzazione 201 - 300 di 3605 CVE per Aprile 2024 (Pagina 3 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-20799 | 2024-04-02 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-2931 | 2024-04-02 | The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it... |
| CVE-2024-1732 | 2024-04-02 | The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions... |
| CVE-2024-1807 | 2024-04-02 | The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions... |
| CVE-2024-1946 | 2024-04-02 | The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and... |
| CVE-2024-2745 | 2024-04-02 | Rapid7 InsightVM Sensitive Information Exposure via URL |
| CVE-2023-6948 | 2024-04-02 | A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause... |
| CVE-2023-6949 | 2024-04-02 | A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate... |
| CVE-2023-6950 | 2024-04-02 | An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path... |
| CVE-2023-6951 | 2024-04-02 | A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate... |
| CVE-2023-51452 | 2024-04-02 | A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the... |
| CVE-2023-51453 | 2024-04-02 | A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the... |
| CVE-2023-51454 | 2024-04-02 | A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process... |
| CVE-2023-51455 | 2024-04-02 | A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled... |
| CVE-2023-51456 | 2024-04-02 | A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into... |
| CVE-2024-29947 | 2024-04-02 | There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to... |
| CVE-2024-29948 | 2024-04-02 | There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality. |
| CVE-2024-29949 | 2024-04-02 | There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands. |
| CVE-2024-2389 | 2024-04-02 | Flowmon Unauthenticated Command Injection Vulnerability |
| CVE-2023-50313 | 2024-04-02 | IBM WebSphere Application Server information disclosure |
| CVE-2024-30248 | 2024-04-02 | Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page |
| CVE-2024-22246 | 2024-04-02 | VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be... |
| CVE-2024-22247 | 2024-04-02 | VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to... |
| CVE-2024-22248 | 2024-04-02 | VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to... |
| CVE-2024-2435 | 2024-04-02 | Stored XSS in Timeline View |
| CVE-2024-3151 | 2024-04-02 | Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery |
| CVE-2024-31109 | 2024-04-02 | WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31105 | 2024-04-02 | WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30335 | 2024-04-02 | Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-24888 | 2024-04-02 | WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-30532 | 2024-04-02 | WordPress Builderall Builder for WordPress plugin <= 2.0.1 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-30531 | 2024-04-02 | WordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-29834 | 2024-04-02 | Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints |
| CVE-2024-30336 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30337 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30338 | 2024-04-02 | Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30339 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30340 | 2024-04-02 | Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-30341 | 2024-04-02 | Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2024-30342 | 2024-04-02 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30343 | 2024-04-02 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30344 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30345 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30346 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30347 | 2024-04-02 | Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-30348 | 2024-04-02 | Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-30349 | 2024-04-02 | Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-30350 | 2024-04-02 | Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-30351 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30352 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30353 | 2024-04-02 | Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2024-30354 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30355 | 2024-04-02 | Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-30356 | 2024-04-02 | Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-30357 | 2024-04-02 | Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability |
| CVE-2024-30358 | 2024-04-02 | Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30359 | 2024-04-02 | Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2024-30360 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30361 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30362 | 2024-04-02 | Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30363 | 2024-04-02 | Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-30364 | 2024-04-02 | Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-30365 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30367 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30370 | 2024-04-02 | RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability |
| CVE-2024-30371 | 2024-04-02 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-3202 | 2024-04-02 | codelyfe Stupid Simple CMS Login Page excessive authentication |
| CVE-2024-3203 | 2024-04-02 | c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow |
| CVE-2024-3204 | 2024-04-02 | c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow |
| CVE-2024-3207 | 2024-04-02 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow |
| CVE-2024-3247 | 2024-04-02 | Stack overflow in Xpdf 4.05 due to object loop in PDF object stream |
| CVE-2024-3209 | 2024-04-02 | UPX bele.h get_ne64 heap-based overflow |
| CVE-2024-3248 | 2024-04-02 | Stack overflow in Xpdf 4.05 due to object loop in attachments |
| CVE-2024-3218 | 2024-04-02 | Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal |
| CVE-2021-27312 | 2024-04-03 | Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. |
| CVE-2023-44038 | 2024-04-03 | In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack. |
| CVE-2023-44039 | 2024-04-03 | In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator... |
| CVE-2023-44040 | 2024-04-03 | In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the... |
| CVE-2023-52043 | 2024-04-03 | An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network... |
| CVE-2024-24506 | 2024-04-03 | Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function. |
| CVE-2024-24724 | 2024-04-03 | Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization. |
| CVE-2024-27674 | 2024-04-03 | Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary. |
| CVE-2024-27705 | 2024-04-03 | Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. |
| CVE-2024-27706 | 2024-04-03 | Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. |
| CVE-2024-28275 | 2024-04-03 | Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and... |
| CVE-2024-28515 | 2024-04-03 | Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component. |
| CVE-2024-28589 | 2024-04-03 | An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from... |
| CVE-2024-28755 | 2024-04-03 | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored... |
| CVE-2024-28836 | 2024-04-03 | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the... |
| CVE-2024-29413 | 2024-04-03 | Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function. |
| CVE-2024-30166 | 2024-04-03 | In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256... |
| CVE-2024-30568 | 2024-04-03 | Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. |
| CVE-2024-30569 | 2024-04-03 | An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. |
| CVE-2024-30570 | 2024-04-03 | An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. |
| CVE-2024-30998 | 2024-04-03 | SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component. |
| CVE-2024-31008 | 2024-04-03 | An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. |
| CVE-2024-31009 | 2024-04-03 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php. |
| CVE-2024-31010 | 2024-04-03 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php. |
| CVE-2024-31011 | 2024-04-03 | Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in... |
| CVE-2024-31012 | 2024-04-03 | An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. |