Lista CVE - 2024 / Maggio
Visualizzazione 2201 - 2300 di 4994 CVE per Maggio 2024 (Pagina 23 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-47709 | 2024-05-11 | IBM Security Guardium command injection |
| CVE-2023-47712 | 2024-05-11 | IBM Security Guardium privilege escalation |
| CVE-2023-47711 | 2024-05-11 | IBM Security Guardium denial of service |
| CVE-2024-4790 | 2024-05-11 | DedeCMS path traversal |
| CVE-2024-4791 | 2024-05-12 | Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service |
| CVE-2024-4792 | 2024-05-12 | Campcodes Online Laundry Management System admin_class.php sql injection |
| CVE-2024-4793 | 2024-05-12 | Campcodes Online Laundry Management System manage_laundry.php sql injection |
| CVE-2024-4794 | 2024-05-12 | Campcodes Online Laundry Management System manage_receiving.php sql injection |
| CVE-2024-4795 | 2024-05-12 | Campcodes Online Laundry Management System manage_user.php sql injection |
| CVE-2024-4796 | 2024-05-12 | Campcodes Online Laundry Management System manage_inv.php sql injection |
| CVE-2024-4797 | 2024-05-12 | Campcodes Online Laundry Management System ajax.php cross site scripting |
| CVE-2024-4798 | 2024-05-12 | SourceCodester Online Computer and Laptop Store manage_brand.php sql injection |
| CVE-2024-4799 | 2024-05-12 | Kashipara College Management System view_each_faculty.php sql injection |
| CVE-2024-2299 | 2024-05-12 | Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui |
| CVE-2024-4800 | 2024-05-12 | Kashipara College Management System submit_student.php sql injection |
| CVE-2024-4801 | 2024-05-12 | Kashipara College Management System submit_new_faculty.php sql injection |
| CVE-2024-4802 | 2024-05-12 | Kashipara College Management System submit_extracurricular_activity.php sql injection |
| CVE-2024-4803 | 2024-05-12 | Kashipara College Management System submit_admin.php sql injection |
| CVE-2024-4804 | 2024-05-12 | Kashipara College Management System edit_user.php sql injection |
| CVE-2024-4805 | 2024-05-12 | Kashipara College Management System edit_faculty.php sql injection |
| CVE-2024-4806 | 2024-05-12 | Kashipara College Management System each_extracurricula_activities.php sql injection |
| CVE-2024-4807 | 2024-05-12 | Kashipara College Management System delete_user.php sql injection |
| CVE-2024-35204 | 2024-05-13 | Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. |
| CVE-2024-26306 | 2024-05-13 | iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient... |
| CVE-2024-34459 | 2024-05-13 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. |
| CVE-2024-4808 | 2024-05-13 | Kashipara College Management System delete_faculty.php sql injection |
| CVE-2024-4809 | 2024-05-13 | SourceCodester Open Source Clinic Management System setting.php unrestricted upload |
| CVE-2024-35205 | 2024-05-13 | The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal.... |
| CVE-2024-29212 | 2024-05-13 | Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to... |
| CVE-2023-43040 | 2024-05-13 | IBM Spectrum Fusion HCI improper access control |
| CVE-2024-3239 | 2024-05-13 | PostX < 4.0.2 - Contributor+ Stored XSS |
| CVE-2023-5052 | 2024-05-13 | Cross Site Scripting (XSS) in Servidor Uniforme Zero |
| CVE-2024-32700 | 2024-05-13 | WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-34749 | 2024-05-13 | Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the... |
| CVE-2024-3462 | 2024-05-13 | Authorization bypass in Ant Media Server |
| CVE-2024-34811 | 2024-05-13 | WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35172 | 2024-05-13 | WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-34555 | 2024-05-13 | WordPress Z-Downloads plugin <= 1.11.3 - Auth. Arbitrary File Upload vulnerability |
| CVE-2024-34440 | 2024-05-13 | WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability |
| CVE-2024-34416 | 2024-05-13 | WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability |
| CVE-2024-34411 | 2024-05-13 | WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability |
| CVE-2024-31377 | 2024-05-13 | WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability |
| CVE-2024-35171 | 2024-05-13 | WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability |
| CVE-2024-35166 | 2024-05-13 | WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability |
| CVE-2024-3263 | 2024-05-13 | Improper authentication in YMS VIS Pro |
| CVE-2024-35165 | 2024-05-13 | WordPress Gutenify plugin <= 1.4.0 - Sensitive Data Exposure via API vulnerability |
| CVE-2024-34812 | 2024-05-13 | WordPress ShopBuilder plugin <= 2.1.8 - Sensitive Data Exposure vulnerability |
| CVE-2024-32100 | 2024-05-13 | WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability |
| CVE-2024-4747 | 2024-05-13 | WordPress Propovoice CRM plugin <= 1.7.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4813 | 2024-05-13 | Ruijie RG-UAC interface_commit.php os command injection |
| CVE-2024-4814 | 2024-05-13 | Ruijie RG-UAC static_route_edit_commit.php os command injection |
| CVE-2024-35170 | 2024-05-13 | WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35169 | 2024-05-13 | WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35167 | 2024-05-13 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4067 | 2024-05-13 | Regular Expression Denial of Service in micromatch |
| CVE-2024-4068 | 2024-05-13 | Memory Exhaustion in braces |
| CVE-2023-52655 | 2024-05-13 | usb: aqc111: check packet for fixup for true limit |
| CVE-2024-27398 | 2024-05-13 | Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout |
| CVE-2024-27399 | 2024-05-13 | Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout |
| CVE-2024-27400 | 2024-05-13 | drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 |
| CVE-2024-27401 | 2024-05-13 | firewire: nosy: ensure user_length is taken into account when fetching packet contents |
| CVE-2024-4815 | 2024-05-13 | Ruijie RG-UAC detail.php os command injection |
| CVE-2024-4825 | 2024-05-13 | Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo |
| CVE-2024-4822 | 2024-05-13 | Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION |
| CVE-2024-4823 | 2024-05-13 | Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION |
| CVE-2024-4824 | 2024-05-13 | SQL Injection in School ERP Pro+Responsive by AROX SOLUTION |
| CVE-2024-25581 | 2024-05-13 | Transfer requests received over DoH can lead to a denial of service in DNSdist |
| CVE-2022-4967 | 2024-05-13 | strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods,... |
| CVE-2024-4816 | 2024-05-13 | Ruijie RG-UAC gre_add_commit.php os command injection |
| CVE-2024-4817 | 2024-05-13 | Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection |
| CVE-2024-4818 | 2024-05-13 | Campcodes Online Laundry Management System index.php file inclusion |
| CVE-2023-52656 | 2024-05-13 | io_uring: drop any code related to SCM_RIGHTS |
| CVE-2024-35048 | 2024-05-13 | An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. |
| CVE-2024-35049 | 2024-05-13 | SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590. |
| CVE-2024-35050 | 2024-05-13 | An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. |
| CVE-2024-25641 | 2024-05-13 | Cacti RCE vulnerability when importing packages |
| CVE-2024-4819 | 2024-05-13 | Campcodes Online Laundry Management System admin_class.php improper authorization |
| CVE-2024-27082 | 2024-05-13 | Cacti Cross-site Scripting vulnerability when managing trees |
| CVE-2024-28866 | 2024-05-13 | GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up |
| CVE-2024-4820 | 2024-05-13 | SourceCodester Online Computer and Laptop Store unrestricted upload |
| CVE-2024-29894 | 2024-05-13 | Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API |
| CVE-2024-29895 | 2024-05-13 | Cacti command injection in cmd_realtime.php |
| CVE-2024-30258 | 2024-05-13 | FastDDS crash when publisher send malformed packet |
| CVE-2024-30259 | 2024-05-13 | FastDDS heap buffer overflow when publisher sends malformed packet |
| CVE-2024-30268 | 2024-05-13 | Cacti XSS vulnerability in display_settings |
| CVE-2024-31443 | 2024-05-13 | Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database |
| CVE-2024-31444 | 2024-05-13 | Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database |
| CVE-2024-31445 | 2024-05-13 | SQL Injection vulnerability in automation_get_new_graphs_sql |
| CVE-2024-31458 | 2024-05-13 | Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database |
| CVE-2024-31459 | 2024-05-13 | Cacti RCE vulnerability by file include in lib/plugin.php |
| CVE-2024-31460 | 2024-05-13 | Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database |
| CVE-2024-34340 | 2024-05-13 | Authentication Bypass when using using older password hashes |
| CVE-2024-34077 | 2024-05-13 | MantisBT user account takeover in the signup/reset password process |
| CVE-2024-34080 | 2024-05-13 | MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-34081 | 2024-05-13 | MantisBT Cross-site Scripting vulnerability |
| CVE-2024-34353 | 2024-05-13 | matrix-sdk-crypto contains a log exposure of private key of the server-side key backup |
| CVE-2020-18305 | 2024-05-13 | Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information... |
| CVE-2024-34697 | 2024-05-13 | Freescout vulnerable to Stored HTML Injection in Editing Received Emails |
| CVE-2024-33250 | 2024-05-13 | An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. |
| CVE-2024-34698 | 2024-05-13 | Prototype Pollution in getQueryParam Function (URL Query Parser) |