Lista CVE - 2024 / Maggio
Visualizzazione 2301 - 2400 di 4994 CVE per Maggio 2024 (Pagina 24 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-34701 | 2024-05-13 | CreateWiki vulnerable to impersonation of wiki requester |
| CVE-2024-34706 | 2024-05-13 | @valtimo/components exposes access token to form.io |
| CVE-2023-50717 | 2024-05-13 | NocoDB Allows Preview of File with Dangerous Content |
| CVE-2023-50718 | 2024-05-13 | NocoDB SQL Injection vulnerability |
| CVE-2024-34223 | 2024-05-13 | Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. |
| CVE-2024-34222 | 2024-05-13 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. |
| CVE-2024-34221 | 2024-05-13 | Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. |
| CVE-2024-34224 | 2024-05-13 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename,... |
| CVE-2024-34226 | 2024-05-13 | SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. |
| CVE-2024-34225 | 2024-05-13 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname... |
| CVE-2023-46870 | 2024-05-13 | extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via... |
| CVE-2024-34899 | 2024-05-13 | WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2024-31771 | 2024-05-13 | Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file |
| CVE-2023-49781 | 2024-05-13 | NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue |
| CVE-2024-34699 | 2024-05-13 | GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names. |
| CVE-2024-28285 | 2024-05-13 | A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information... |
| CVE-2024-25662 | 2024-05-13 | Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting (XSS) for malicious URLs. |
| CVE-2024-34704 | 2024-05-13 | era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization |
| CVE-2024-34230 | 2024-05-13 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. |
| CVE-2024-34231 | 2024-05-13 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name... |
| CVE-2024-34707 | 2024-05-13 | Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages |
| CVE-2024-34921 | 2024-05-13 | TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. |
| CVE-2024-35099 | 2024-05-13 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. |
| CVE-2024-29513 | 2024-05-13 | An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to... |
| CVE-2024-34708 | 2024-05-13 | Directus allows redacted data extraction on the API through "alias" |
| CVE-2024-22774 | 2024-05-13 | An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. |
| CVE-2024-34709 | 2024-05-13 | Directus Lacks Session Tokens Invalidation |
| CVE-2024-28277 | 2024-05-13 | In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially... |
| CVE-2024-28279 | 2024-05-13 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=. |
| CVE-2024-33433 | 2024-05-13 | Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. |
| CVE-2024-28276 | 2024-05-13 | Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. |
| CVE-2024-31810 | 2024-05-13 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2024-23576 | 2024-05-13 | HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability |
| CVE-2024-4840 | 2024-05-13 | Rhosp-director: cleartext passwords exposed in logs |
| CVE-2024-27798 | 2024-05-13 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges. |
| CVE-2024-27825 | 2024-05-13 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy... |
| CVE-2024-27813 | 2024-05-13 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code out of its sandbox or with... |
| CVE-2024-27852 | 2024-05-13 | A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be... |
| CVE-2024-27829 | 2024-05-13 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution. |
| CVE-2024-27804 | 2024-05-13 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able... |
| CVE-2024-27824 | 2024-05-13 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges. |
| CVE-2024-23236 | 2024-05-13 | A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files. |
| CVE-2024-27842 | 2024-05-13 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2024-27803 | 2024-05-13 | A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from... |
| CVE-2024-27839 | 2024-05-13 | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able... |
| CVE-2024-27835 | 2024-05-13 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able... |
| CVE-2024-27834 | 2024-05-13 | The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary... |
| CVE-2024-27822 | 2024-05-13 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges. |
| CVE-2024-27789 | 2024-05-13 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may... |
| CVE-2024-27818 | 2024-05-13 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app... |
| CVE-2024-27843 | 2024-05-13 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges. |
| CVE-2024-23229 | 2024-05-13 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able... |
| CVE-2024-27837 | 2024-05-13 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items. |
| CVE-2024-27821 | 2024-05-13 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user... |
| CVE-2024-27841 | 2024-05-13 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory. |
| CVE-2024-27816 | 2024-05-13 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able... |
| CVE-2024-27827 | 2024-05-13 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files. |
| CVE-2024-27796 | 2024-05-13 | The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges. |
| CVE-2024-27847 | 2024-05-13 | This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences. |
| CVE-2024-27810 | 2024-05-13 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be... |
| CVE-2024-4853 | 2024-05-14 | Mismatched Memory Management Routines in editcap |
| CVE-2024-4854 | 2024-05-14 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark |
| CVE-2024-4855 | 2024-05-14 | Use After Free in editcap |
| CVE-2024-3037 | 2024-05-14 | Arbitrary File Deletion in PaperCut NG/MF Web Print |
| CVE-2024-4712 | 2024-05-14 | Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler |
| CVE-2023-6812 | 2024-05-14 | WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css |
| CVE-2024-4761 | 2024-05-14 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium... |
| CVE-2024-0870 | 2024-05-14 | YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update |
| CVE-2024-32731 | 2024-05-14 | Missing Authorization check in SAP My Travel Requests |
| CVE-2024-32733 | 2024-05-14 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2024-33007 | 2024-05-14 | Client-side script execution vulnerability in SAP UI5(PDFViewer) |
| CVE-2024-33008 | 2024-05-14 | Memory Corruption vulnerability in SAP Replication Server |
| CVE-2024-33000 | 2024-05-14 | Missing Authorization check in SAP Bank Account Management |
| CVE-2024-33002 | 2024-05-14 | Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS) |
| CVE-2024-28165 | 2024-05-14 | Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2024-4139 | 2024-05-14 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-4138 | 2024-05-14 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-34687 | 2024-05-14 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform |
| CVE-2024-33009 | 2024-05-14 | SQL injection vulnerability in SAP Global Label Management (GLM) |
| CVE-2024-33004 | 2024-05-14 | Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) |
| CVE-2024-33006 | 2024-05-14 | File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2024-4445 | 2024-05-14 | WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization |
| CVE-2024-4144 | 2024-05-14 | Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-3241 | 2024-05-14 | Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS |
| CVE-2024-25968 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information... |
| CVE-2024-25967 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2024-25970 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity. |
| CVE-2024-25966 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2024-25965 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial... |
| CVE-2024-25969 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of... |
| CVE-2024-28133 | 2024-05-14 | PHOENIX CONTACT: Privilege escalation in CHARX Series |
| CVE-2024-28134 | 2024-05-14 | PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series |
| CVE-2024-28135 | 2024-05-14 | PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series |
| CVE-2024-28136 | 2024-05-14 | PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service |
| CVE-2024-28137 | 2024-05-14 | PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series |
| CVE-2024-4392 | 2024-05-14 | Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode |
| CVE-2024-3579 | 2024-05-14 | XSS in Online Shopping System Advanced |
| CVE-2024-4859 | 2024-05-14 | Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL. |
| CVE-2024-4860 | 2024-05-14 | The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. |
| CVE-2024-4440 | 2024-05-14 | 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |