Lista CVE - 2024 / Giugno
Visualizzazione 1901 - 2000 di 3082 CVE per Giugno 2024 (Pagina 20 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-6058 | 2024-06-17 | LabVantage LIMS cross site scripting |
| CVE-2018-25103 | 2024-06-17 | Use-after-free vulnerabilities in lighttpd <= 1.4.50 |
| CVE-2024-6059 | 2024-06-17 | Ingenico Estate Manager News Feed messages cross site scripting |
| CVE-2024-37890 | 2024-06-17 | Denial of service when handling a request with many HTTP headers in ws |
| CVE-2024-37891 | 2024-06-17 | Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 |
| CVE-2024-37902 | 2024-06-17 | Path thraversal in DeepJavaLibrary |
| CVE-2024-37895 | 2024-06-17 | API Key Leak in lobe-chat |
| CVE-2024-6061 | 2024-06-17 | GPAC MP4Box isoffin_read.c isoffin_process infinite loop |
| CVE-2024-6062 | 2024-06-17 | GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference |
| CVE-2024-37896 | 2024-06-17 | SQL injection vulnerability in Gin-vue-admin |
| CVE-2024-37893 | 2024-06-17 | MFA bypass in oauth flow in Firefly III |
| CVE-2024-37305 | 2024-06-17 | Buffer overflow in deserialization in oqs-provider |
| CVE-2024-6063 | 2024-06-17 | GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference |
| CVE-2024-6064 | 2024-06-17 | GPAC MP4Box loader_xmt.c xmt_node_end use after free |
| CVE-2024-6065 | 2024-06-17 | itsourcecode Bakery Online Ordering System index.php sql injection |
| CVE-2024-6066 | 2024-06-17 | SourceCodester Best House Rental Management System payment_report.php sql injection |
| CVE-2024-6067 | 2024-06-17 | SourceCodester Music Class Enrollment System sql injection |
| CVE-2024-6080 | 2024-06-17 | Intelbras InControl incontrolWebcam Service unquoted search path |
| CVE-2024-6082 | 2024-06-17 | PHPVibe Global Options Page functionalities.global.php cross site scripting |
| CVE-2024-6083 | 2024-06-17 | PHPVibe Media Upload Page upload-mp3.php unrestricted upload |
| CVE-2024-22002 | 2024-06-18 | CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged... |
| CVE-2024-37791 | 2024-06-18 | DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-37799 | 2024-06-18 | CodeProjects Restaurant Reservation System v1.0 was discovered to contain a... |
| CVE-2024-37800 | 2024-06-18 | CodeProjects Restaurant Reservation System v1.0 was discovered to contain a... |
| CVE-2024-37802 | 2024-06-18 | CodeProjects Health Care hospital Management System v1.0 was discovered to... |
| CVE-2024-37821 | 2024-06-18 | An arbitrary file upload vulnerability in the Upload Template function... |
| CVE-2024-38347 | 2024-06-18 | CodeProjects Health Care hospital Management System v1.0 was discovered to... |
| CVE-2024-38348 | 2024-06-18 | CodeProjects Health Care hospital Management System v1.0 was discovered to... |
| CVE-2024-37803 | 2024-06-18 | Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care... |
| CVE-2024-6084 | 2024-06-18 | itsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted upload |
| CVE-2024-4375 | 2024-06-18 | Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode |
| CVE-2024-0845 | 2024-06-18 | PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render |
| CVE-2024-1634 | 2024-06-18 | Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection |
| CVE-2024-5541 | 2024-06-18 | Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update |
| CVE-2024-5860 | 2024-06-18 | Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion |
| CVE-2023-5527 | 2024-06-18 | Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection |
| CVE-2024-37079 | 2024-06-18 | vCenter Server contains a heap-overflow vulnerability in the implementation of... |
| CVE-2024-37080 | 2024-06-18 | vCenter Server contains a heap-overflow vulnerability in the implementation of... |
| CVE-2024-37081 | 2024-06-18 | The vCenter Server contains multiple local privilege escalation vulnerabilities due... |
| CVE-2024-33622 | 2024-06-18 | Missing authentication for critical function vulnerability exists in ID Link... |
| CVE-2024-33620 | 2024-06-18 | Absolute path traversal vulnerability exists in ID Link Manager and... |
| CVE-2024-34024 | 2024-06-18 | Observable response discrepancy issue exists in ID Link Manager and... |
| CVE-2024-3276 | 2024-06-18 | FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS |
| CVE-2024-4094 | 2024-06-18 | Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS |
| CVE-2024-5172 | 2024-06-18 | Expert Invoice <= 1.0.2 -Admin+ Stored XSS |
| CVE-2024-0066 | 2024-06-18 | Johan Fagerström, member of the AXIS OS Bug Bounty Program,... |
| CVE-2024-5533 | 2024-06-18 | Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5899 | 2024-06-18 | Improper trust check in Bazel Build intellij plugin |
| CVE-2024-6108 | 2024-06-18 | Genexis Tilgin Home Gateway Login cross site scripting |
| CVE-2024-5953 | 2024-06-18 | 389-ds-base: malformed userpassword hash may cause denial of service |
| CVE-2024-38504 | 2024-06-18 | In JetBrains YouTrack before 2024.2.34646 the Guest User Account was... |
| CVE-2024-38505 | 2024-06-18 | In JetBrains YouTrack before 2024.2.34646 user access token was sent... |
| CVE-2024-38506 | 2024-06-18 | In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could... |
| CVE-2024-38507 | 2024-06-18 | In JetBrains Hub before 2024.2.34646 stored XSS via project description... |
| CVE-2024-6109 | 2024-06-18 | itsourcecode Tailoring Management System addmeasurement.php sql injection |
| CVE-2024-6110 | 2024-06-18 | itsourcecode Magbanua Beach Resort Online Reservation System controller.php unrestricted upload |
| CVE-2024-5967 | 2024-06-18 | Keycloak: leak of configured ldap bind credentials through the keycloak admin console |
| CVE-2024-6111 | 2024-06-18 | itsourcecode Pool of Bethesda Online Reservation System login.php sql injection |
| CVE-2024-6112 | 2024-06-18 | itsourcecode Pool of Bethesda Online Reservation System index.php sql injection |
| CVE-2024-6114 | 2024-06-18 | itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload |
| CVE-2024-6115 | 2024-06-18 | itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload |
| CVE-2024-6116 | 2024-06-18 | itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload |
| CVE-2023-47726 | 2024-06-18 | IBM QRadar Suite improper input validation |
| CVE-2024-5275 | 2024-06-18 | Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier) |
| CVE-2024-21685 | 2024-06-18 | This High severity Information Disclosure vulnerability was introduced in versions... |
| CVE-2024-38351 | 2024-06-18 | Password auth and OAuth2 unverified email linking |
| CVE-2024-37904 | 2024-06-18 | Denial of service from maliciously configured Git repository in Minder |
| CVE-2022-23829 | 2024-06-18 | A potential weakness in AMD SPI protection features may allow... |
| CVE-2024-36974 | 2024-06-18 | net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP |
| CVE-2024-36975 | 2024-06-18 | KEYS: trusted: Do not use WARN when encode fails |
| CVE-2024-36976 | 2024-06-18 | Revert "media: v4l2-ctrls: show all owned controls in log_status" |
| CVE-2024-36977 | 2024-06-18 | usb: dwc3: Wait unconditionally after issuing EndXfer command |
| CVE-2024-38273 | 2024-06-18 | moodle: BigBlueButton web service leaks meeting joining information to users who should not have access |
| CVE-2024-38274 | 2024-06-18 | moodle: stored XSS via calendar's event title when deleting the event |
| CVE-2024-38275 | 2024-06-18 | moodle: HTTP authorization header is preserved between "emulated redirects" |
| CVE-2024-38276 | 2024-06-18 | moodle: CSRF risks due to misuse of confirm_sesskey |
| CVE-2024-38277 | 2024-06-18 | moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys |
| CVE-2024-6128 | 2024-06-18 | spa-cartcms Checkout Page checkout behavioral workflow |
| CVE-2024-6129 | 2024-06-18 | spa-cartcms Username login observable behavioral discrepancy |
| CVE-2024-5970 | 2024-06-18 | MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode |
| CVE-2024-6142 | 2024-06-18 | Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-6143 | 2024-06-18 | Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-6144 | 2024-06-18 | Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-6145 | 2024-06-18 | Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability |
| CVE-2024-6146 | 2024-06-18 | Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-33836 | 2024-06-19 | In the module "JA Marketplace" (jamarketplace) up to version 9.0.1... |
| CVE-2024-34990 | 2024-06-19 | In the module "Help Desk - Customer Support Management System"... |
| CVE-2024-34993 | 2024-06-19 | In the module "Bulk Export products to Google Merchant-Google Shopping"... |
| CVE-2024-34994 | 2024-06-19 | In the module "Channable" (channable) up to version 3.2.1 from... |
| CVE-2024-36677 | 2024-06-19 | In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from... |
| CVE-2024-36678 | 2024-06-19 | In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu... |
| CVE-2024-36679 | 2024-06-19 | In the module "Module Live Chat Pro (All in One... |
| CVE-2024-36680 | 2024-06-19 | In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop,... |
| CVE-2024-36684 | 2024-06-19 | In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu... |
| CVE-2024-6125 | 2024-06-19 | Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism |
| CVE-2024-4450 | 2024-06-19 | AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Missing Authorization via Several Functions |
| CVE-2024-4787 | 2024-06-19 | Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending |
| CVE-2024-5021 | 2024-06-19 | WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery |
| CVE-2024-4663 | 2024-06-19 | OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-4541 | 2024-06-19 | Custom Product List Table <= 3.0.0 - Cross-Site Request Forgery |