Lista CVE - 2024 / Giugno

Visualizzazione 2401 - 2500 di 3082 CVE per Giugno 2024 (Pagina 25 di 31)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2024-4384	2024-06-21	CSSable Countdown <= 1.5 - Admin+ Stored XSS
CVE-2024-4474	2024-06-21	WP Logs Book <= 1.0.1 - Disable Logging via CSRF
CVE-2024-4475	2024-06-21	WP Logs Book <= 1.0.1 - Log Clearing via CSRF
CVE-2024-4477	2024-06-21	WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
CVE-2024-4616	2024-06-21	Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
CVE-2024-4755	2024-06-21	Google CSE <= 1.0.7 - Admin+ Stored XSS
CVE-2024-4969	2024-06-21	Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
CVE-2024-4970	2024-06-21	Widget Bundle <= 2.0.0 - Admin+ Stored XSS
CVE-2024-5447	2024-06-21	PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS
CVE-2024-5448	2024-06-21	PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS
CVE-2024-5639	2024-06-21	User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
CVE-2024-5191	2024-06-21	Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-2003	2024-06-21	Local Privilege Escalation in Quarantine of ESET products for Windows
CVE-2024-6225	2024-06-21	Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-5945	2024-06-21	WP SVG Images <= 4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
CVE-2024-5859	2024-06-21	Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting
CVE-2024-31890	2024-06-21	IBM i privilege escalation
CVE-2024-6027	2024-06-21	Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter
CVE-2023-52884	2024-06-21	Input: cyapa - add missing input core locking to suspend/resume functions
CVE-2024-31076	2024-06-21	genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
CVE-2024-33619	2024-06-21	efi: libstub: only free priv.runtime_map when allocated
CVE-2024-33621	2024-06-21	ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
CVE-2024-36244	2024-06-21	net/sched: taprio: extend minimum interval restriction to entire cycle too
CVE-2024-36270	2024-06-21	netfilter: tproxy: bail out if IP has been disabled on the device
CVE-2024-36281	2024-06-21	net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
CVE-2024-36286	2024-06-21	netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
CVE-2024-36478	2024-06-21	null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
CVE-2024-36484	2024-06-21	net: relax socket state check at accept time.
CVE-2024-36489	2024-06-21	tls: fix missing memory barrier in tls_init
CVE-2024-37356	2024-06-21	tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
CVE-2024-38381	2024-06-21	nfc: nci: Fix uninit-value in nci_rx_work
CVE-2024-38388	2024-06-21	ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
CVE-2024-38390	2024-06-21	drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
CVE-2024-38621	2024-06-21	media: stk1160: fix bounds checking in stk1160_copy_video()
CVE-2024-38622	2024-06-21	drm/msm/dpu: Add callback function pointer check before its call
CVE-2024-38623	2024-06-21	fs/ntfs3: Use variable length array instead of fixed size
CVE-2024-38624	2024-06-21	fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
CVE-2024-38625	2024-06-21	fs/ntfs3: Check 'folio' pointer for NULL
CVE-2024-38626	2024-06-21	fuse: clear FR_SENT when re-adding requests into pending list
CVE-2024-38627	2024-06-21	stm class: Fix a double free in stm_register_device()
CVE-2024-38628	2024-06-21	usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
CVE-2024-38629	2024-06-21	dmaengine: idxd: Avoid unnecessary destruction of file_ida
CVE-2024-38630	2024-06-21	watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
CVE-2024-38631	2024-06-21	iio: adc: PAC1934: fix accessing out of bounds array index
CVE-2024-38632	2024-06-21	vfio/pci: fix potential memory leak in vfio_intx_enable()
CVE-2024-38633	2024-06-21	serial: max3100: Update uart_driver_registered on driver removal
CVE-2024-38634	2024-06-21	serial: max3100: Lock port->lock when calling uart_handle_cts_change()
CVE-2024-38635	2024-06-21	soundwire: cadence: fix invalid PDI offset
CVE-2024-38636	2024-06-21	f2fs: multidev: fix to recognize valid zero block address
CVE-2024-38637	2024-06-21	greybus: lights: check return of get_channel_from_mode
CVE-2024-3036	2024-06-21	Communication DoS vulnerability
CVE-2024-38659	2024-06-21	enic: Validate length of nl attributes in enic_set_vf_port
CVE-2024-38662	2024-06-21	bpf: Allow delete from sockmap/sockhash only if update is allowed
CVE-2024-38780	2024-06-21	dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
CVE-2024-39277	2024-06-21	dma-mapping: benchmark: handle NUMA_NO_NODE correctly
CVE-2024-34777	2024-06-21	dma-mapping: benchmark: fix node id validation
CVE-2024-36288	2024-06-21	SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
CVE-2024-36477	2024-06-21	tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
CVE-2024-36481	2024-06-21	tracing/probes: fix error check in parse_btf_field()
CVE-2024-5058	2024-06-21	WordPress Typing Text plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35779	2024-06-21	WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability
CVE-2024-35774	2024-06-21	WordPress DImage 360 plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35769	2024-06-21	WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35768	2024-06-21	WordPress Page Builder: Live Composer plugin <= 1.5.42 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35766	2024-06-21	WordPress WPPizza – A Restaurant Plugin plugin <= 3.18.13 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-35764	2024-06-21	WordPress Church Admin plugin <= 4.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35763	2024-06-21	WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35762	2024-06-21	WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35761	2024-06-21	WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35760	2024-06-21	WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35759	2024-06-21	WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35758	2024-06-21	WordPress Interface theme <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35757	2024-06-21	WordPress Easy Age Verify plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-5059	2024-06-21	WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
CVE-2024-35776	2024-06-21	WordPress phpinfo() WP plugin <= 5.0 - Unauthenticated Data Exposure vulnerability
CVE-2024-35772	2024-06-21	WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-35771	2024-06-21	WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-35770	2024-06-21	WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-6239	2024-06-21	Poppler: pdfinfo: crash in broken documents when using -dests parameter
CVE-2022-43453	2024-06-21	WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability
CVE-2024-6240	2024-06-21	Improper privilege management vulnerability in Parallels Desktop
CVE-2022-45803	2024-06-21	WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability
CVE-2023-51375	2024-06-21	WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability
CVE-2024-37230	2024-06-21	WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37227	2024-06-21	WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37212	2024-06-21	WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability
CVE-2024-37198	2024-06-21	WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37118	2024-06-21	WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability
CVE-2023-45197	2024-06-21	Adminer and AdminerEvo vulnerable to directory traversal and file upload
CVE-2022-38055	2024-06-21	WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability
CVE-2022-44587	2024-06-21	WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
CVE-2022-44593	2024-06-21	WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability
CVE-2023-38389	2024-06-21	WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
CVE-2024-35767	2024-06-21	WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability
CVE-2024-35778	2024-06-21	WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability
CVE-2024-35781	2024-06-21	WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability
CVE-2024-6241	2024-06-21	Pear Admin Boot getDictItems sql injection
CVE-2023-45673	2024-06-21	Arbitrary code execution on click of PDF links in Joplin
CVE-2023-39517	2024-06-21	Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin
CVE-2023-38506	2024-06-21	Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin