Lista CVE - 2024 / Aprile
Visualizzazione 801 - 900 di 3605 CVE per Aprile 2024 (Pagina 9 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-3420 | 2024-04-07 | SourceCodester Online Courseware saveedit.php sql injection |
| CVE-2024-3421 | 2024-04-07 | SourceCodester Online Courseware deactivatestud.php sql injection |
| CVE-2024-3422 | 2024-04-07 | SourceCodester Online Courseware activatestud.php sql injection |
| CVE-2024-3423 | 2024-04-07 | SourceCodester Online Courseware activateteach.php sql injection |
| CVE-2024-3424 | 2024-04-07 | SourceCodester Online Courseware listscore.php sql injection |
| CVE-2024-3425 | 2024-04-07 | SourceCodester Online Courseware activateall.php sql injection |
| CVE-2024-3426 | 2024-04-07 | SourceCodester Online Courseware editt.php cross site scripting |
| CVE-2024-3427 | 2024-04-07 | SourceCodester Online Courseware addq.php cross site scripting |
| CVE-2024-31288 | 2024-04-07 | WordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-31308 | 2024-04-07 | WordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerability |
| CVE-2024-31277 | 2024-04-07 | WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability |
| CVE-2024-31345 | 2024-04-07 | WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability |
| CVE-2024-31292 | 2024-04-07 | WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability |
| CVE-2024-31286 | 2024-04-07 | WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability |
| CVE-2024-3428 | 2024-04-07 | SourceCodester Online Courseware edit.php cross site scripting |
| CVE-2024-31280 | 2024-04-07 | WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability |
| CVE-2024-31349 | 2024-04-07 | WordPress MailMunch – Grow your Email List plugin <= 3.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31348 | 2024-04-07 | WordPress Super Testimonials plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31346 | 2024-04-07 | WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31344 | 2024-04-07 | WordPress Easy Login Styler plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31306 | 2024-04-07 | WordPress Essential Blocks plugin <= 4.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31258 | 2024-04-07 | WordPress Form to Chat App plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31257 | 2024-04-07 | WordPress Formsite plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31256 | 2024-04-07 | WordPress WebinarPress plugin <= 1.33.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31255 | 2024-04-07 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31236 | 2024-04-07 | WordPress Royal Elementor Addons plugin <= 1.3.93 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-22155 | 2024-04-07 | WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31260 | 2024-04-07 | WordPress Edwiser Bridge plugin <= 3.0.2 - SQL Injection vulnerability |
| CVE-2024-31241 | 2024-04-07 | WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability |
| CVE-2024-31234 | 2024-04-07 | WordPress REHub Framework plugin < 19.6.2 - SQL Injection vulnerability |
| CVE-2024-31233 | 2024-04-07 | WordPress Rehub theme <= 19.6.1 - Auth. SQL Injection vulnerability |
| CVE-2024-31296 | 2024-04-07 | WordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-31291 | 2024-04-07 | WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability |
| CVE-2024-3430 | 2024-04-07 | QKSMS Backup File androidmanifest.xml backup |
| CVE-2024-3431 | 2024-04-07 | EyouCMS Backend deserialization |
| CVE-2024-3432 | 2024-04-07 | PuneethReddyHC Event Management register.php sql injection |
| CVE-2024-3433 | 2024-04-07 | PuneethReddyHC Event Management register.php cross site scripting |
| CVE-2024-3434 | 2024-04-07 | CP Plus Wi-Fi Camera User Management improper authorization |
| CVE-2024-3436 | 2024-04-07 | SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload |
| CVE-2022-43216 | 2024-04-08 | AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page. |
| CVE-2024-22949 | 2024-04-08 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the... |
| CVE-2024-23078 | 2024-04-08 | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to... |
| CVE-2024-23079 | 2024-04-08 | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to... |
| CVE-2024-23081 | 2024-04-08 | ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine... |
| CVE-2024-23082 | 2024-04-08 | ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence... |
| CVE-2024-23084 | 2024-04-08 | Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine... |
| CVE-2024-23085 | 2024-04-08 | Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to... |
| CVE-2024-23086 | 2024-04-08 | Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine... |
| CVE-2024-24279 | 2024-04-08 | An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. |
| CVE-2024-26574 | 2024-04-08 | Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe |
| CVE-2024-27488 | 2024-04-08 | Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default... |
| CVE-2024-27631 | 2024-04-08 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php |
| CVE-2024-28066 | 2024-04-08 | In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). |
| CVE-2024-28270 | 2024-04-08 | An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. |
| CVE-2024-28732 | 2024-04-08 | An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). |
| CVE-2024-31022 | 2024-04-08 | An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. |
| CVE-2024-31047 | 2024-04-08 | An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. |
| CVE-2024-31805 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. |
| CVE-2024-31807 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. |
| CVE-2024-31808 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. |
| CVE-2024-31809 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. |
| CVE-2024-31811 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. |
| CVE-2024-31812 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. |
| CVE-2024-31813 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. |
| CVE-2024-31814 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. |
| CVE-2024-31815 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh |
| CVE-2024-31816 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. |
| CVE-2024-31817 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. |
| CVE-2024-27630 | 2024-04-08 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. |
| CVE-2024-27632 | 2024-04-08 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. |
| CVE-2024-28224 | 2024-04-08 | Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete... |
| CVE-2024-31806 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. |
| CVE-2024-3437 | 2024-04-08 | SourceCodester Prison Management System Avatar add-admin.php unrestricted upload |
| CVE-2024-28744 | 2024-04-08 | The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the... |
| CVE-2023-52341 | 2024-04-08 | In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-52342 | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-52343 | 2024-04-08 | In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-52344 | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-52345 | 2024-04-08 | In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed |
| CVE-2023-52346 | 2024-04-08 | In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed |
| CVE-2023-52347 | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-52348 | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-52349 | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-52350 | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-52351 | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-52352 | 2024-04-08 | In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2024-23658 | 2024-04-08 | In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-52533 | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-52534 | 2024-04-08 | In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed |
| CVE-2023-52535 | 2024-04-08 | In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-52536 | 2024-04-08 | In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2024-1292 | 2024-04-08 | WPB Show Core < 2.6 - Reflected XSS |
| CVE-2024-1588 | 2024-04-08 | SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings |
| CVE-2024-1589 | 2024-04-08 | SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings |
| CVE-2024-1752 | 2024-04-08 | Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings |
| CVE-2024-1956 | 2024-04-08 | WPB Show Core < 2.7 - Reflected XSS |
| CVE-2024-1958 | 2024-04-08 | WPB Show Core < 2.7 - Reflected XSS |
| CVE-2024-23189 | 2024-04-08 | Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access... |
| CVE-2024-23190 | 2024-04-08 | Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access... |
| CVE-2024-23191 | 2024-04-08 | Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access... |