Lista CVE - 2024 / Giugno
Visualizzazione 1 - 100 di 3082 CVE per Giugno 2024 (Pagina 1 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-4711 | 2024-06-01 | WordPress Infinite Scroll – Ajax Load More <= 7.1.1 - Authenticated (Contributor+) Cross-Site Scripting |
| CVE-2024-3565 | 2024-06-01 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode |
| CVE-2024-3564 | 2024-06-01 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2023-6382 | 2024-06-01 | Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4342 | 2024-06-01 | Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5501 | 2024-06-01 | Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.51 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4087 | 2024-06-01 | Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget |
| CVE-2024-2506 | 2024-06-01 | Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS |
| CVE-2024-1324 | 2024-06-01 | QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval |
| CVE-2024-2295 | 2024-06-01 | Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4958 | 2024-06-01 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation |
| CVE-2024-3821 | 2024-06-01 | wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification |
| CVE-2024-5348 | 2024-06-01 | Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes |
| CVE-2024-3200 | 2024-06-01 | wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-3820 | 2024-06-01 | wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection |
| CVE-2024-35636 | 2024-06-01 | WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4148 | 2024-06-01 | Redos (Regular Expression Denial of Service) in lunary-ai/lunary |
| CVE-2024-35647 | 2024-06-01 | WordPress Global Notification Bar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35646 | 2024-06-01 | WordPress Smartarget Message Bar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35645 | 2024-06-01 | WordPress Random Banner plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4344 | 2024-06-02 | Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request Forgery |
| CVE-2024-5587 | 2024-06-02 | Casdoor Configuration File app.conf file access |
| CVE-2024-2178 | 2024-06-02 | Path Traversal Vulnerability in parisneo/lollms-webui |
| CVE-2024-27776 | 2024-06-02 | MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2024-36388 | 2024-06-02 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function |
| CVE-2024-36389 | 2024-06-02 | MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values |
| CVE-2024-36390 | 2024-06-02 | MileSight DeviceHub - CWE-20 Improper Input Validation |
| CVE-2024-36391 | 2024-06-02 | MileSight DeviceHub - CWE-320: Key Management Errors |
| CVE-2024-36392 | 2024-06-02 | MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-5588 | 2024-06-02 | itsourcecode Learning Management System processscore.php sql injection |
| CVE-2024-34987 | 2024-06-03 | A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL... |
| CVE-2023-51219 | 2024-06-03 | A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering... |
| CVE-2024-5589 | 2024-06-03 | Netentsec NS-ASG Application Security Gateway sql injection |
| CVE-2024-5590 | 2024-06-03 | Netentsec NS-ASG Application Security Gateway JSON Content uploadiscuser.php sql injection |
| CVE-2024-20065 | 2024-06-03 | In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2024-20066 | 2024-06-03 | In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20067 | 2024-06-03 | In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2024-20068 | 2024-06-03 | In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2024-20069 | 2024-06-03 | In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no... |
| CVE-2024-20070 | 2024-06-03 | In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is... |
| CVE-2024-20071 | 2024-06-03 | In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20072 | 2024-06-03 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20073 | 2024-06-03 | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20074 | 2024-06-03 | In dmc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20075 | 2024-06-03 | In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-42427 | 2024-06-03 | Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the... |
| CVE-2023-51436 | 2024-06-03 | Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the... |
| CVE-2024-36042 | 2024-06-03 | Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access. |
| CVE-2024-37031 | 2024-06-03 | The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with... |
| CVE-2024-5311 | 2024-06-03 | DigiWin EasyFlow .NET - SQL Injection |
| CVE-2024-35643 | 2024-06-03 | WordPress WP Back Button plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35642 | 2024-06-03 | WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35641 | 2024-06-03 | WordPress Just Writing Statistics plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35640 | 2024-06-03 | WordPress Safety Exit plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-36960 | 2024-06-03 | drm/vmwgfx: Fix invalid reads in fence signaled events |
| CVE-2024-36961 | 2024-06-03 | thermal/debugfs: Fix two locking issues with thermal zone debug |
| CVE-2024-36962 | 2024-06-03 | net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs |
| CVE-2024-36963 | 2024-06-03 | tracefs: Reset permissions on remount if permissions are options |
| CVE-2024-36964 | 2024-06-03 | fs/9p: only translate RWX permissions for plain 9P2000 |
| CVE-2024-23107 | 2024-06-03 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated... |
| CVE-2024-31493 | 2024-06-03 | An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged... |
| CVE-2023-48789 | 2024-06-03 | A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. |
| CVE-2024-35639 | 2024-06-03 | WordPress Simple Spoiler plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35638 | 2024-06-03 | WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35637 | 2024-06-03 | WordPress Church Admin plugin <= 4.3.6 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-5404 | 2024-06-03 | ifm: moneo prone to weak password recovery mechanism |
| CVE-2024-23670 | 2024-06-03 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP... |
| CVE-2024-23668 | 2024-06-03 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP... |
| CVE-2024-23667 | 2024-06-03 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP... |
| CVE-2024-23664 | 2024-06-03 | A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to... |
| CVE-2024-23665 | 2024-06-03 | Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an... |
| CVE-2024-35635 | 2024-06-03 | WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-35633 | 2024-06-03 | WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-43537 | 2024-06-03 | Buffer Over-read in WLAN Host |
| CVE-2023-43538 | 2024-06-03 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in TZ Secure OS |
| CVE-2023-43542 | 2024-06-03 | Buffer Copy Without Checking Size of Input in Trusted Execution Environment |
| CVE-2023-43543 | 2024-06-03 | Use After Free in Audio |
| CVE-2023-43544 | 2024-06-03 | Use After Free in Audio |
| CVE-2023-43545 | 2024-06-03 | Integer Overflow or Wraparound in WLAN HOST |
| CVE-2023-43551 | 2024-06-03 | Improper Authentication in Multi-Mode Call Processor |
| CVE-2023-43555 | 2024-06-03 | Buffer Over-read in Video |
| CVE-2023-43556 | 2024-06-03 | Buffer Copy Without Checking Size of Input in Hypervisor |
| CVE-2024-21478 | 2024-06-03 | NULL Pointer Dereference in Graphics |
| CVE-2024-23360 | 2024-06-03 | Improper Access Control in Graphics Windows |
| CVE-2024-23363 | 2024-06-03 | Buffer Over-read in WLAN Firmware |
| CVE-2024-3829 | 2024-06-03 | Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant |
| CVE-2024-34803 | 2024-06-03 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability |
| CVE-2024-34798 | 2024-06-03 | WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability |
| CVE-2024-34754 | 2024-06-03 | WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability |
| CVE-2024-35630 | 2024-06-03 | WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability |
| CVE-2024-35631 | 2024-06-03 | WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34801 | 2024-06-03 | WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34797 | 2024-06-03 | WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34796 | 2024-06-03 | WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34795 | 2024-06-03 | WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34794 | 2024-06-03 | WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34793 | 2024-06-03 | WordPress WP Next Post Navi plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34791 | 2024-06-03 | WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34790 | 2024-06-03 | WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34789 | 2024-06-03 | WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability |