Lista CVE - 2024 / Maggio
Visualizzazione 4901 - 4994 di 4994 CVE per Maggio 2024 (Pagina 50 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-2421 | 2024-05-30 | LenelS2 NetBox Improper Neutralization of Special Elements |
| CVE-2024-2422 | 2024-05-30 | LenelS2 NetBox Improper Neutralization of Argumented Delimiters |
| CVE-2024-35228 | 2024-05-30 | Improper Handling of Insufficient Permissions in Wagtail |
| CVE-2024-35189 | 2024-05-30 | Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides |
| CVE-2024-32877 | 2024-05-30 | Reflected Cross-site Scripting in yiisoft/yii2 Debug mode |
| CVE-2024-5271 | 2024-05-30 | Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion') |
| CVE-2024-34171 | 2024-05-30 | Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow |
| CVE-2024-1298 | 2024-05-30 | Integer Overflow caused by divide by zero during S3 suspension |
| CVE-2024-36119 | 2024-05-30 | Password confirmation stored in plain text via registration form in statamic/cms |
| CVE-2024-5493 | 2024-05-30 | Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-5494 | 2024-05-30 | Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-5495 | 2024-05-30 | Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-5496 | 2024-05-30 | Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security... |
| CVE-2024-5497 | 2024-05-30 | Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially... |
| CVE-2024-5498 | 2024-05-30 | Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-5499 | 2024-05-30 | Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium... |
| CVE-2024-37017 | 2024-05-30 | asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so. |
| CVE-2024-36843 | 2024-05-31 | libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function. |
| CVE-2024-37032 | 2024-05-31 | Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as... |
| CVE-2024-37018 | 2024-05-31 | The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. |
| CVE-2024-32850 | 2024-05-31 | Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If... |
| CVE-2024-5345 | 2024-05-31 | Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion |
| CVE-2024-5418 | 2024-05-31 | DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute |
| CVE-2024-2793 | 2024-05-31 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-4205 | 2024-05-31 | Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure |
| CVE-2024-4376 | 2024-05-31 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget |
| CVE-2024-4379 | 2024-05-31 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip |
| CVE-2024-4469 | 2024-05-31 | Migration Backup Restore < 3.5.0 - Admin+ SSRF |
| CVE-2024-23847 | 2024-05-31 | Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may... |
| CVE-2024-36246 | 2024-05-31 | Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be... |
| CVE-2024-5427 | 2024-05-31 | WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode |
| CVE-2024-5523 | 2024-05-31 | SQL injection vulnerability in Astrotalks |
| CVE-2024-5524 | 2024-05-31 | Information exposure vulnerability in Astrotalks |
| CVE-2024-5525 | 2024-05-31 | Improper privilege management vulnerability in Astrotalks |
| CVE-2024-5436 | 2024-05-31 | Type Confusion in Snapchat Lenscore |
| CVE-2024-5347 | 2024-05-31 | Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget |
| CVE-2024-4160 | 2024-05-31 | Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode |
| CVE-2024-5041 | 2024-05-31 | Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion |
| CVE-2024-23692 | 2024-05-31 | Rejetto HTTP File Server 2.3m Unauthenticated RCE |
| CVE-2024-22338 | 2024-05-31 | IBM Security Verify Access OIDC Provider information disclosure |
| CVE-2024-31889 | 2024-05-31 | IBM Planning Analytics Local cross-site scripting |
| CVE-2024-31908 | 2024-05-31 | IBM Planning Analytics Local cross-site scripting |
| CVE-2024-31907 | 2024-05-31 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2024-5565 | 2024-05-31 | Prompt Injection in "ask" API with visualization leads to RCE |
| CVE-2023-7073 | 2024-05-31 | Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery |
| CVE-2024-36108 | 2024-05-31 | Multiple Broken Function-Level Authorization vulnerabilities in casgate |
| CVE-2024-28736 | 2024-05-31 | An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. |
| CVE-2022-25038 | 2024-05-31 | wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload function. |
| CVE-2022-25037 | 2024-05-31 | An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function. |
| CVE-2024-36120 | 2024-05-31 | javascript-deobfuscator crafted payload can lead to code execution |
| CVE-2024-35140 | 2024-05-31 | IBM Security Verify Access privilege escalation |
| CVE-2024-35142 | 2024-05-31 | IBM Security Verify Access privilege escalation |
| CVE-2024-1275 | 2024-05-31 | Vulnerability in Baxter Welch Allyn Connex Spot Monitor |
| CVE-2024-35196 | 2024-05-31 | Slack integration leaks sensitive information in logs in Sentry |
| CVE-2024-5176 | 2024-05-31 | Vulnerability in Welch Allyn Configuration Tool Software |
| CVE-2024-29825 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-29824 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-22058 | 2024-05-31 | A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and... |
| CVE-2024-29830 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. |
| CVE-2023-38551 | 2024-05-31 | A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. |
| CVE-2024-29846 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-29848 | 2024-05-31 | An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. |
| CVE-2024-29829 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-29828 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-29826 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-29822 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-22060 | 2024-05-31 | An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. |
| CVE-2024-29827 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-29823 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. |
| CVE-2023-46810 | 2024-05-31 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. |
| CVE-2024-22059 | 2024-05-31 | A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. |
| CVE-2023-38042 | 2024-05-31 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. |
| CVE-2021-44534 | 2024-05-31 | Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. |
| CVE-2024-31030 | 2024-05-31 | An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet. |
| CVE-2024-5564 | 2024-05-31 | Libndp: buffer overflow in route information length field |
| CVE-2024-23316 | 2024-05-31 | PingAccess HTTP Request Desynchronization Weakness |
| CVE-2024-36844 | 2024-05-31 | libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the... |
| CVE-2024-36845 | 2024-05-31 | An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. |
| CVE-2024-33996 | 2024-05-31 | moodle: broken access control when setting calendar event type |
| CVE-2024-33997 | 2024-05-31 | moodle: stored XSS risk when editing another user's equation in equation editor |
| CVE-2024-33998 | 2024-05-31 | moodle: stored XSS via user's name on participants page when opening some options |
| CVE-2024-33999 | 2024-05-31 | moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php |
| CVE-2024-34000 | 2024-05-31 | moodle: stored XSS in lesson overview report via user ID number |
| CVE-2024-34001 | 2024-05-31 | moodle: CSRF risk in admin preset tool management of presets |
| CVE-2024-34002 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup |
| CVE-2024-34003 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup |
| CVE-2024-34004 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup |
| CVE-2024-34005 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup |
| CVE-2024-34006 | 2024-05-31 | moodle: unsanitized HTML in site log for config_log_created |
| CVE-2024-34007 | 2024-05-31 | moodle: logout CSRF in admin/tool/mfa/auth.php |
| CVE-2024-34008 | 2024-05-31 | moodle: CSRF risk in analytics management of models |
| CVE-2024-34009 | 2024-05-31 | moodle: ReCAPTCHA can be bypassed on the login page |
| CVE-2024-5138 | 2024-05-31 | The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl... |
| CVE-2024-2933 | 2024-06-01 | Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles |
| CVE-2024-4711 | 2024-06-01 | WordPress Infinite Scroll – Ajax Load More <= 7.1.1 - Authenticated (Contributor+) Cross-Site Scripting |
| CVE-2024-3565 | 2024-06-01 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode |
| CVE-2024-3564 | 2024-06-01 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2023-6382 | 2024-06-01 | Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4342 | 2024-06-01 | Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5501 | 2024-06-01 | Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.51 - Authenticated (Contributor+) Stored Cross-Site Scripting |