Lista CVE - 2024 / Maggio
Visualizzazione 1501 - 1600 di 4994 CVE per Maggio 2024 (Pagina 16 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-23351 | 2024-05-06 | Improper Access Control in Graphics Linux |
| CVE-2024-23354 | 2024-05-06 | Use After Free in Graphics Linux |
| CVE-2024-32982 | 2024-05-06 | Litestar and Starlite affected by Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2024-34064 | 2024-05-06 | Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter |
| CVE-2024-34069 | 2024-05-06 | Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution |
| CVE-2024-34078 | 2024-05-06 | html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization |
| CVE-2024-32807 | 2024-05-06 | WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability |
| CVE-2024-34388 | 2024-05-06 | WordPress GDPR Compliance plugin <= 1.2.5 - Sensitive Data Exposure vulnerability |
| CVE-2024-34383 | 2024-05-06 | WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-34382 | 2024-05-06 | WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability |
| CVE-2024-34368 | 2024-05-06 | WordPress Mooberry Book Manager plugin <= 4.15.12 - Sensitive Data Exposure vulnerability |
| CVE-2024-34412 | 2024-05-06 | WordPress ParcelPanel plugin <= 3.8.1 - Auth. SQL Injection vulnerability |
| CVE-2024-34386 | 2024-05-06 | WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability |
| CVE-2024-34367 | 2024-05-06 | WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability |
| CVE-2024-34379 | 2024-05-06 | WordPress Restaurant and Cafe theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34390 | 2024-05-06 | WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34381 | 2024-05-06 | WordPress PropertyHive plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34380 | 2024-05-06 | WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34376 | 2024-05-06 | WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34375 | 2024-05-06 | WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34374 | 2024-05-06 | WordPress ElementsReady Addons for Elementor plugin <= 5.8.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34373 | 2024-05-06 | WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-3661 | 2024-05-06 | DHCP routing options can manipulate interface-based VPN traffic |
| CVE-2024-34369 | 2024-05-06 | WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34366 | 2024-05-06 | WordPress AltText.ai plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34389 | 2024-05-06 | WordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerability |
| CVE-2024-34387 | 2024-05-06 | WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability |
| CVE-2024-34378 | 2024-05-06 | WordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerability |
| CVE-2024-34377 | 2024-05-06 | WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2024-34372 | 2024-05-06 | WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability |
| CVE-2024-34371 | 2024-05-06 | WordPress Login with phone number plugin <= 1.7.18 - Broken Access Control vulnerability |
| CVE-2024-33912 | 2024-05-06 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability |
| CVE-2024-33910 | 2024-05-06 | WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2024-33908 | 2024-05-06 | WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2024-33907 | 2024-05-06 | WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability |
| CVE-2024-33599 | 2024-05-06 | nscd: Stack-based buffer overflow in netgroup cache |
| CVE-2024-33600 | 2024-05-06 | nscd: Null pointer crashes after notfound response |
| CVE-2024-33601 | 2024-05-06 | nscd: netgroup cache may terminate daemon on memory allocation failure |
| CVE-2024-33602 | 2024-05-06 | nscd: netgroup cache assumes NSS callback uses in-buffer strings |
| CVE-2024-33576 | 2024-05-06 | WordPress WPPizza plugin <= 3.18.10 - Broken Access Control vulnerability |
| CVE-2024-33570 | 2024-05-06 | WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2024-4568 | 2024-05-06 | Stack overflow in Xpdf 4.05 due to object loop in PDF resources |
| CVE-2024-34413 | 2024-05-06 | WordPress SliceWP Affiliates plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-1695 | 2024-05-06 | A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates... |
| CVE-2024-29941 | 2024-05-06 | Credential Cloning |
| CVE-2024-2913 | 2024-05-06 | Race Condition Vulnerability in mintplex-labs/anything-llm |
| CVE-2024-25507 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. |
| CVE-2024-25508 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. |
| CVE-2024-25509 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. |
| CVE-2024-25510 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. |
| CVE-2024-25511 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. |
| CVE-2024-25512 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. |
| CVE-2024-25513 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. |
| CVE-2024-25514 | 2024-05-07 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. |
| CVE-2024-29149 | 2024-05-07 | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the... |
| CVE-2024-29150 | 2024-05-07 | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to... |
| CVE-2024-32369 | 2024-05-07 | SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in... |
| CVE-2024-32370 | 2024-05-07 | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. |
| CVE-2024-32371 | 2024-05-07 | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1... |
| CVE-2024-33120 | 2024-05-07 | Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted... |
| CVE-2024-33122 | 2024-05-07 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. |
| CVE-2024-33124 | 2024-05-07 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. |
| CVE-2024-33139 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. |
| CVE-2024-33144 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. |
| CVE-2024-33147 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. |
| CVE-2024-33148 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. |
| CVE-2024-33149 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. |
| CVE-2024-33153 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. |
| CVE-2024-33155 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. |
| CVE-2024-33161 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. |
| CVE-2024-33434 | 2024-05-07 | An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without... |
| CVE-2024-33748 | 2024-05-07 | Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier. |
| CVE-2024-33780 | 2024-05-07 | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. |
| CVE-2024-33781 | 2024-05-07 | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. |
| CVE-2024-33783 | 2024-05-07 | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. |
| CVE-2024-33856 | 2024-05-07 | An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. |
| CVE-2024-33857 | 2024-05-07 | An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger... |
| CVE-2024-33858 | 2024-05-07 | An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path;... |
| CVE-2024-33859 | 2024-05-07 | An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. |
| CVE-2024-33860 | 2024-05-07 | An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the... |
| CVE-2024-34315 | 2024-05-07 | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. |
| CVE-2024-34523 | 2024-05-07 | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This... |
| CVE-2023-42757 | 2024-05-07 | Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching... |
| CVE-2023-46012 | 2024-05-07 | Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. |
| CVE-2024-33146 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. |
| CVE-2024-33164 | 2024-05-07 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. |
| CVE-2024-33782 | 2024-05-07 | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. |
| CVE-2024-34314 | 2024-05-07 | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. |
| CVE-2024-34397 | 2024-05-07 | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager... |
| CVE-2024-34517 | 2024-05-07 | The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. |
| CVE-2024-20821 | 2024-05-07 | A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE. |
| CVE-2024-20856 | 2024-05-07 | Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. |
| CVE-2024-20857 | 2024-05-07 | Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. |
| CVE-2024-20858 | 2024-05-07 | Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. |
| CVE-2024-20859 | 2024-05-07 | Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. |
| CVE-2024-20860 | 2024-05-07 | Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. |
| CVE-2024-20861 | 2024-05-07 | Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. |
| CVE-2024-20862 | 2024-05-07 | Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. |
| CVE-2024-20863 | 2024-05-07 | Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. |
| CVE-2024-20864 | 2024-05-07 | Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. |