Lista CVE - 2024 / Giugno
Visualizzazione 801 - 900 di 3082 CVE per Giugno 2024 (Pagina 9 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-32715 | 2024-06-09 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability |
| CVE-2024-32714 | 2024-06-09 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability |
| CVE-2024-32713 | 2024-06-09 | WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2024-32705 | 2024-06-09 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability |
| CVE-2024-32704 | 2024-06-09 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability |
| CVE-2024-31423 | 2024-06-09 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability |
| CVE-2024-32703 | 2024-06-09 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability |
| CVE-2024-32701 | 2024-06-09 | WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability |
| CVE-2024-31359 | 2024-06-09 | WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability |
| CVE-2024-31352 | 2024-06-09 | WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability |
| CVE-2024-31350 | 2024-06-09 | WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2024-31347 | 2024-06-09 | WordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-31307 | 2024-06-09 | WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability |
| CVE-2024-31304 | 2024-06-09 | WordPress MultiVendorX Marketplace <= 4.1.3 - Broken Access Control vulnerability |
| CVE-2024-31284 | 2024-06-09 | WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability |
| CVE-2024-31283 | 2024-06-09 | WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability |
| CVE-2024-31276 | 2024-06-09 | WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2024-31275 | 2024-06-09 | WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability |
| CVE-2024-5458 | 2024-06-09 | Filter bypass in filter_var (FILTER_VALIDATE_URL) |
| CVE-2024-35662 | 2024-06-09 | WordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2024-35661 | 2024-06-09 | WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-34802 | 2024-06-09 | WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2024-5585 | 2024-06-09 | Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix) |
| CVE-2024-32081 | 2024-06-09 | WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability |
| CVE-2024-35748 | 2024-06-09 | WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability |
| CVE-2024-4577 | 2024-06-09 | Argument Injection in PHP-CGI |
| CVE-2024-2408 | 2024-06-09 | PHP is vulnerable to the Marvin Attack |
| CVE-2024-5389 | 2024-06-09 | Insufficient Access Control in lunary-ai/lunary |
| CVE-2022-45176 | 2024-06-10 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare... |
| CVE-2024-26507 | 2024-06-10 | An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace,... |
| CVE-2024-31612 | 2024-06-10 | Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. |
| CVE-2024-31613 | 2024-06-10 | BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." |
| CVE-2024-33850 | 2024-06-10 | Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed... |
| CVE-2024-34332 | 2024-06-10 | An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. |
| CVE-2024-35474 | 2024-06-10 | A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. |
| CVE-2024-36528 | 2024-06-10 | nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. |
| CVE-2024-36531 | 2024-06-10 | nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. |
| CVE-2024-37014 | 2024-06-10 | Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. |
| CVE-2024-37393 | 2024-06-10 | Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP... |
| CVE-2024-37880 | 2024-06-10 | The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM... |
| CVE-2022-45168 | 2024-06-10 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a... |
| CVE-2024-31611 | 2024-06-10 | SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. |
| CVE-2024-32167 | 2024-06-10 | Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. |
| CVE-2024-4328 | 2024-06-10 | CSRF in clear_personality_files_list in parisneo/lollms-webui |
| CVE-2024-35742 | 2024-06-10 | WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability |
| CVE-2024-35741 | 2024-06-10 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2024-35735 | 2024-06-10 | WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability |
| CVE-2024-35729 | 2024-06-10 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability |
| CVE-2024-35727 | 2024-06-10 | WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerability |
| CVE-2024-35726 | 2024-06-10 | WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability |
| CVE-2024-35725 | 2024-06-10 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability |
| CVE-2024-35724 | 2024-06-10 | WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2024-35723 | 2024-06-10 | WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2024-35722 | 2024-06-10 | WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2024-35721 | 2024-06-10 | WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2024-35720 | 2024-06-10 | WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2024-35717 | 2024-06-10 | WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-4746 | 2024-06-10 | WordPress Netgsm plugin <= 2.9.16 - Broken Access Control vulnerability |
| CVE-2024-23524 | 2024-06-10 | WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability |
| CVE-2024-21751 | 2024-06-10 | WordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerability |
| CVE-2024-22298 | 2024-06-10 | WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability |
| CVE-2024-22296 | 2024-06-10 | WordPress 12 Step Meeting List plugin <= 3.14.28 - Broken Access Control vulnerability |
| CVE-2024-4745 | 2024-06-10 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability |
| CVE-2024-4744 | 2024-06-10 | WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2024-36971 | 2024-06-10 | net: fix __dst_negative_advice() race |
| CVE-2024-1228 | 2024-06-10 | Hardcoded password in Eurosoft Przychodnia |
| CVE-2024-3699 | 2024-06-10 | Hardcoded password in drEryk Gabinet |
| CVE-2024-3700 | 2024-06-10 | Hardcoded password in Estomed Sp. z o.o. Simple Care software |
| CVE-2024-28833 | 2024-06-10 | Missing brute-force protection for two factor authentication |
| CVE-2024-5785 | 2024-06-10 | Command injection vulnerability in Comtrend router |
| CVE-2024-5786 | 2024-06-10 | Cross-Site Request Forgery vulnerability in Comtrend router |
| CVE-2024-36405 | 2024-06-10 | Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options |
| CVE-2024-35304 | 2024-06-10 | System command injection through Netflow function |
| CVE-2024-35305 | 2024-06-10 | Unauth Time-Based SQL Injection via API |
| CVE-2024-35306 | 2024-06-10 | OS Command injection in Ajax PHP files through HTTP Request |
| CVE-2024-35307 | 2024-06-10 | Argument Injection Leading to Remote Code Execution in Realtime Graph Extension |
| CVE-2024-4403 | 2024-06-10 | CSRF in restart_program in parisneo/lollms-webui |
| CVE-2024-36972 | 2024-06-10 | af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. |
| CVE-2024-36406 | 2024-06-10 | SuiteCRM vulnerable to open redirects |
| CVE-2024-34761 | 2024-06-10 | Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability |
| CVE-2024-34762 | 2024-06-10 | Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability |
| CVE-2024-34800 | 2024-06-10 | WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability |
| CVE-2024-35650 | 2024-06-10 | WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability |
| CVE-2024-35658 | 2024-06-10 | WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-35677 | 2024-06-10 | WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-35680 | 2024-06-10 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability |
| CVE-2024-35712 | 2024-06-10 | WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability |
| CVE-2024-37051 | 2024-06-10 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7,... |
| CVE-2024-5102 | 2024-06-10 | Elevation of Privelage via symlinked file in Avast Antivirus |
| CVE-2024-35728 | 2024-06-10 | WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability |
| CVE-2024-35743 | 2024-06-10 | WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability |
| CVE-2024-35744 | 2024-06-10 | WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-35745 | 2024-06-10 | WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-35746 | 2024-06-10 | WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability |
| CVE-2024-35747 | 2024-06-10 | WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability |
| CVE-2024-36407 | 2024-06-10 | SuiteCRM unauthenticated user password reset on php7 |
| CVE-2024-35749 | 2024-06-10 | WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability |
| CVE-2024-35754 | 2024-06-10 | WordPress Ovic Importer plugin <= 1.6.3 - Arbitrary File Download vulnerability |
| CVE-2024-36408 | 2024-06-10 | SuiteCRM authenticated SQL Injection in Alerts |
| CVE-2024-3850 | 2024-06-10 | Uniview NVR301-04S2-P4 Cross-site Scripting |