Lista CVE - 2024 / Maggio
Visualizzazione 4201 - 4300 di 4997 CVE per Maggio 2024 (Pagina 43 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-4662 | 2024-05-23 | Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution |
| CVE-2024-5233 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection |
| CVE-2024-5234 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_history1.php sql injection |
| CVE-2024-5235 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection |
| CVE-2024-5236 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection |
| CVE-2024-5237 | 2024-05-23 | Campcodes Complete Web-Based School Management System timetable_grade_wise.php sql injection |
| CVE-2024-5238 | 2024-05-23 | Campcodes Complete Web-Based School Management System timetable_insert_form.php sql injection |
| CVE-2024-3626 | 2024-05-23 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization |
| CVE-2024-4347 | 2024-05-23 | WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2024-3711 | 2024-05-23 | Brizy – Page Builder <= 2.4.43 - Missing Authorization |
| CVE-2024-5177 | 2024-05-23 | Hash Elements <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter in Multiple Widgets |
| CVE-2024-2220 | 2024-05-23 | Button contact VR <= 4.7 - Admin+ Stored XSS |
| CVE-2024-3594 | 2024-05-23 | IDonate <= 1.9.0 - Admin+ Stored XSS |
| CVE-2024-3917 | 2024-05-23 | Pet Manager <= 1.4 - Reflected XSS |
| CVE-2024-3918 | 2024-05-23 | Pet Manager <= 1.4 - Contributor+ Stored XSS |
| CVE-2024-3920 | 2024-05-23 | Flattr <= 1.2.2 - Admin+ Stored XSS |
| CVE-2024-4388 | 2024-05-23 | CAS <= 1.0.0 - Unauthenticated Arbitrary File Access |
| CVE-2024-4399 | 2024-05-23 | CAS <= 1.0.0 - Unauthenticated SSRF |
| CVE-2024-5239 | 2024-05-23 | Campcodes Complete Web-Based School Management System timetable_update_form.php sql injection |
| CVE-2024-4835 | 2024-05-23 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-5240 | 2024-05-23 | Campcodes Complete Web-Based School Management System unread_msg.php sql injection |
| CVE-2024-3648 | 2024-05-23 | ShareThis Share Buttons <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode |
| CVE-2024-4043 | 2024-05-23 | WP Ultimate Post Grid <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode |
| CVE-2024-2038 | 2024-05-23 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials |
| CVE-2024-5241 | 2024-05-23 | Huashi Private Cloud CDN Live Streaming Acceleration Server ipconfig_new.php os command injection |
| CVE-2024-2874 | 2024-05-23 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-36011 | 2024-05-23 | Bluetooth: HCI: Fix potential null-ptr-deref |
| CVE-2024-36012 | 2024-05-23 | Bluetooth: msft: fix slab-use-after-free in msft_do_close() |
| CVE-2024-36013 | 2024-05-23 | Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() |
| CVE-2024-4706 | 2024-05-23 | WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode |
| CVE-2024-32969 | 2024-05-23 | vantage6 collaboration admins can extend their influence by expanding the collaboration |
| CVE-2024-30280 | 2024-05-23 | ZDI-CAN-22867: Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2024-30279 | 2024-05-23 | ZDI-CAN-22887: Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-5264 | 2024-05-23 | Network Key Transfer with AES KHT vulnerability in Luna EFT |
| CVE-2024-35223 | 2024-05-23 | Dapr API Token Exposure |
| CVE-2024-35186 | 2024-05-23 | gix traversal outside working tree enables arbitrary code execution |
| CVE-2024-2861 | 2024-05-23 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget |
| CVE-2024-4779 | 2024-05-23 | Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] |
| CVE-2024-5165 | 2024-05-23 | Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input |
| CVE-2024-5258 | 2024-05-23 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2024-1947 | 2024-05-23 | Improper Handling of Highly Compressed Data (Data Amplification) in GitLab |
| CVE-2023-7045 | 2024-05-23 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2023-6502 | 2024-05-23 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2024-1815 | 2024-05-23 | Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block |
| CVE-2024-4575 | 2024-05-23 | LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode |
| CVE-2024-3997 | 2024-05-23 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget |
| CVE-2024-1814 | 2024-05-23 | Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block |
| CVE-2024-4378 | 2024-05-23 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider |
| CVE-2024-26139 | 2024-05-23 | OpenCTI Authenticated Privilege Escalation |
| CVE-2024-28188 | 2024-05-23 | jupyter-scheduler's endpoint is missing authentication |
| CVE-2024-34060 | 2024-05-23 | Arbitrary File Write in IRIS EVTX Pipeline |
| CVE-2024-35197 | 2024-05-23 | gix refs and paths with reserved Windows device names access the devices |
| CVE-2024-1803 | 2024-05-23 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual |
| CVE-2024-4471 | 2024-05-23 | 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-35224 | 2024-05-23 | Stored Cross-Site Scripting (XSS) in OpenProject |
| CVE-2024-5168 | 2024-05-23 | Improper access control vulnerability in Prodys Quantum Audio codec |
| CVE-2024-35222 | 2024-05-23 | iFrames Bypass Origin Checks for Tauri API Access Control |
| CVE-2024-5085 | 2024-05-23 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection |
| CVE-2024-5084 | 2024-05-23 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution |
| CVE-2024-34927 | 2024-05-23 | A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based... |
| CVE-2024-34928 | 2024-05-23 | A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based... |
| CVE-2024-34929 | 2024-05-23 | A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based... |
| CVE-2024-34930 | 2024-05-23 | A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based... |
| CVE-2024-4365 | 2024-05-23 | Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-34931 | 2024-05-23 | A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based... |
| CVE-2024-34932 | 2024-05-23 | A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based... |
| CVE-2024-34933 | 2024-05-23 | A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based... |
| CVE-2024-34934 | 2024-05-23 | A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based... |
| CVE-2024-34935 | 2024-05-23 | A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based... |
| CVE-2024-34936 | 2024-05-23 | A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based... |
| CVE-2024-35083 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-35090 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-2301 | 2024-05-23 | Certain HP LaserJet Pro devices are potentially vulnerable to a... |
| CVE-2024-35085 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-35084 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-5143 | 2024-05-23 | A user with device administrative privileges can change existing SMTP... |
| CVE-2024-35082 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-35086 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-35081 | 2024-05-23 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion... |
| CVE-2024-35091 | 2024-05-23 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-35570 | 2024-05-23 | An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of... |
| CVE-2024-35080 | 2024-05-23 | An arbitrary file upload vulnerability in the gok4 method of... |
| CVE-2024-35079 | 2024-05-23 | An arbitrary file upload vulnerability in the uploadAudio method of... |
| CVE-2024-35375 | 2024-05-23 | There is an arbitrary file upload vulnerability on the media... |
| CVE-2024-31843 | 2024-05-23 | An issue was discovered in Italtel Embrace 1.6.4. The Web... |
| CVE-2024-5202 | 2024-05-23 | Dimensions RM - Arbitrary File Read |
| CVE-2024-5201 | 2024-05-23 | Dimensions RM - Privilege Escalation |
| CVE-2024-5291 | 2024-05-23 | D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability |
| CVE-2024-5292 | 2024-05-23 | D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2024-5293 | 2024-05-23 | D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-5294 | 2024-05-23 | D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability |
| CVE-2024-5295 | 2024-05-23 | D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability |
| CVE-2024-5296 | 2024-05-23 | D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability |
| CVE-2024-5297 | 2024-05-23 | D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability |
| CVE-2024-5298 | 2024-05-23 | D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability |
| CVE-2024-5299 | 2024-05-23 | D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability |
| CVE-2024-5227 | 2024-05-23 | TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability |
| CVE-2024-5228 | 2024-05-23 | TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-5242 | 2024-05-23 | TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-5243 | 2024-05-23 | TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability |