Lista CVE - 2024 / Giugno
Visualizzazione 1201 - 1300 di 3082 CVE per Giugno 2024 (Pagina 13 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-49559 | 2024-06-12 | An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function. |
| CVE-2024-36523 | 2024-06-12 | An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that... |
| CVE-2024-36691 | 2024-06-12 | Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information. |
| CVE-2024-36840 | 2024-06-12 | SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and... |
| CVE-2024-36856 | 2024-06-12 | RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP packets. |
| CVE-2024-37665 | 2024-06-12 | An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. |
| CVE-2024-22855 | 2024-06-12 | A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-24051 | 2024-06-12 | Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the... |
| CVE-2024-36761 | 2024-06-12 | naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. |
| CVE-2024-37629 | 2024-06-12 | SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. |
| CVE-2024-37878 | 2024-06-12 | Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources |
| CVE-2024-36103 | 2024-06-12 | OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a... |
| CVE-2024-4315 | 2024-06-12 | LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms |
| CVE-2024-4892 | 2024-06-12 | BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-5543 | 2024-06-12 | Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-5553 | 2024-06-12 | Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-4564 | 2024-06-12 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-3559 | 2024-06-12 | Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content] |
| CVE-2024-36454 | 2024-06-12 | Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may... |
| CVE-2024-5892 | 2024-06-12 | Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-0427 | 2024-06-12 | Arforms < 6.4.1 - Reflected XSS |
| CVE-2024-4924 | 2024-06-12 | Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting |
| CVE-2024-0160 | 2024-06-12 | Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the... |
| CVE-2024-28970 | 2024-06-12 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. |
| CVE-2024-5739 | 2024-06-12 | The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed... |
| CVE-2024-3925 | 2024-06-12 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events |
| CVE-2024-2698 | 2024-06-12 | Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service |
| CVE-2024-3183 | 2024-06-12 | Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force |
| CVE-2024-5266 | 2024-06-12 | Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-5468 | 2024-06-12 | WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion |
| CVE-2023-52177 | 2024-06-12 | WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2023-52117 | 2024-06-12 | WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability |
| CVE-2023-51680 | 2024-06-12 | WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-51679 | 2024-06-12 | WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2023-51671 | 2024-06-12 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Plugin Settings Change vulnerability |
| CVE-2024-5154 | 2024-06-12 | Cri-o: malicious container can create symlink on host |
| CVE-2024-5742 | 2024-06-12 | Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file |
| CVE-2023-51670 | 2024-06-12 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability |
| CVE-2023-51537 | 2024-06-12 | WordPress Awesome Support plugin <= 6.1.5 - Broken Access Control vulnerability |
| CVE-2023-51526 | 2024-06-12 | WordPress Simple Staff List plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2023-51524 | 2024-06-12 | WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability |
| CVE-2023-47828 | 2024-06-12 | WordPress wpMandrill plugin <= 1.33 - Broken Access Control vulnerability |
| CVE-2023-51413 | 2024-06-12 | WordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerability |
| CVE-2023-48280 | 2024-06-12 | WordPress Consensu.io plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2023-47845 | 2024-06-12 | WordPress Grab & Save plugin <= 1.0.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4845 | 2024-06-12 | Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] |
| CVE-2024-2092 | 2024-06-12 | Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget |
| CVE-2023-40672 | 2024-06-12 | WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2023-38395 | 2024-06-12 | WordPress WP Clone Menu plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2023-25030 | 2024-06-12 | WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability |
| CVE-2023-44234 | 2024-06-12 | WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability |
| CVE-2023-41240 | 2024-06-12 | WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability |
| CVE-2023-40603 | 2024-06-12 | WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability |
| CVE-2023-40209 | 2024-06-12 | WordPress Highcompress Image Compressor plugin <= 6.0.0 - Broken Access Control vulnerability |
| CVE-2024-4898 | 2024-06-12 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation |
| CVE-2024-1766 | 2024-06-12 | Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting |
| CVE-2024-3492 | 2024-06-12 | Events Manager – Calendar, Bookings, Tickets, and more! <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes |
| CVE-2024-5674 | 2024-06-12 | Newsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribers Management |
| CVE-2024-5211 | 2024-06-12 | Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm |
| CVE-2024-5056 | 2024-06-12 | CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or... |
| CVE-2024-5313 | 2024-06-12 | CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make... |
| CVE-2024-25949 | 2024-06-12 | Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. |
| CVE-2024-5891 | 2024-06-12 | Quay: unauthorized user may authenticate via oauth application token |
| CVE-2024-1576 | 2024-06-12 | SQL Injection in MegaBIP |
| CVE-2024-1577 | 2024-06-12 | Remote Code Execution in MegaBIP |
| CVE-2024-1659 | 2024-06-12 | Arbitrary File Upload in MegaBIP |
| CVE-2024-23445 | 2024-06-12 | Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions |
| CVE-2024-36263 | 2024-06-12 | Apache Submarine Server Core: SQL injection |
| CVE-2024-36264 | 2024-06-12 | Apache Submarine Commons Utils: default secret |
| CVE-2024-36265 | 2024-06-12 | Apache Submarine Server Core: authorization bypass |
| CVE-2024-37304 | 2024-06-12 | NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting |
| CVE-2024-5893 | 2024-06-12 | SourceCodester Cab Management System sql injection |
| CVE-2024-29181 | 2024-06-12 | @strapi/plugin-content-manager leaks data via relations via the Admin Panel |
| CVE-2024-31217 | 2024-06-12 | @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling |
| CVE-2024-34065 | 2024-06-12 | @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass |
| CVE-2024-5894 | 2024-06-12 | SourceCodester Online Eyewear Shop manage_product.php sql injection |
| CVE-2024-5895 | 2024-06-12 | SourceCodester Employee and Visitor Gate Pass Logging System delete_users sql injection |
| CVE-2024-2300 | 2024-06-12 | HP Advance Mobile Application – Potential Information Disclosure |
| CVE-2024-28964 | 2024-06-12 | Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in... |
| CVE-2024-37297 | 2024-06-12 | WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms |
| CVE-2024-37300 | 2024-06-12 | Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 |
| CVE-2024-5896 | 2024-06-12 | SourceCodester Employee and Visitor Gate Pass Logging System save_users sql injection |
| CVE-2024-1891 | 2024-06-12 | Stored Cross Site Scripting |
| CVE-2024-5897 | 2024-06-12 | SourceCodester Employee and Visitor Gate Pass Logging System cross site scripting |
| CVE-2024-5759 | 2024-06-12 | Improper privilege management |
| CVE-2024-5905 | 2024-06-12 | Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent |
| CVE-2024-5906 | 2024-06-12 | Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface |
| CVE-2024-5558 | 2024-06-12 | CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. |
| CVE-2024-5907 | 2024-06-12 | Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability |
| CVE-2024-5908 | 2024-06-12 | GlobalProtect App: Encrypted Credential Exposure via Log Files |
| CVE-2024-5557 | 2024-06-12 | CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. |
| CVE-2024-5909 | 2024-06-12 | Cortex XDR Agent: Local Windows User Can Disable the Agent |
| CVE-2024-5898 | 2024-06-12 | itsourcecode Payroll Management System print_payroll.php sql injection |
| CVE-2024-5560 | 2024-06-12 | CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. |
| CVE-2024-37036 | 2024-06-12 | CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. |
| CVE-2024-37037 | 2024-06-12 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files... |
| CVE-2024-37038 | 2024-06-12 | CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web... |
| CVE-2024-37039 | 2024-06-12 | CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. |
| CVE-2024-37040 | 2024-06-12 | CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on... |
| CVE-2024-2747 | 2024-06-12 | CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots... |