Lista CVE - 2024 / Giugno
Visualizzazione 2501 - 2600 di 3082 CVE per Giugno 2024 (Pagina 26 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-37898 | 2024-06-21 | Safe mode Cross-site Scripting (XSS) vulnerability in Joplin |
| CVE-2020-27352 | 2024-06-21 | When generating the systemd service units for the docker snap... |
| CVE-2024-6120 | 2024-06-21 | Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import |
| CVE-2024-5346 | 2024-06-22 | Flatsome | Multi-Purpose Responsive WooCommerce Theme <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-2484 | 2024-06-22 | Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets |
| CVE-2024-5791 | 2024-06-22 | Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-4313 | 2024-06-22 | Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter |
| CVE-2024-5966 | 2024-06-22 | Grey Opaque <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode |
| CVE-2024-5965 | 2024-06-22 | Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-4874 | 2024-06-22 | Bricks Builder <= 1.9.8 - Insecure Direct Object Reference |
| CVE-2024-21515 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. A... |
| CVE-2024-21517 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. A... |
| CVE-2024-21518 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. A... |
| CVE-2024-21514 | 2024-06-22 | This affects versions of the package opencart/opencart from 0.0.0. An... |
| CVE-2024-21519 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. An... |
| CVE-2024-21516 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0 and... |
| CVE-2024-4940 | 2024-06-22 | Open Redirect in gradio-app/gradio |
| CVE-2024-5596 | 2024-06-22 | ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions |
| CVE-2024-3593 | 2024-06-22 | UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset |
| CVE-2024-38379 | 2024-06-22 | Apache Allura: Stored authenticated XSS |
| CVE-2024-6251 | 2024-06-22 | playSMS New Phonebook cross site scripting |
| CVE-2024-6252 | 2024-06-22 | Zorlan SkyCaiji Task cross site scripting |
| CVE-2024-6253 | 2024-06-22 | itsourcecode Online Food Ordering System purchase.php sql injection |
| CVE-2024-5443 | 2024-06-22 | Remote Code Execution via Path Traversal in parisneo/lollms |
| CVE-2024-38319 | 2024-06-22 | IBM Security SOAR code execution |
| CVE-2024-39331 | 2024-06-23 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...)... |
| CVE-2024-39334 | 2024-06-23 | MENDELSON AS4 before 2024 B376 has a client-side vulnerability when... |
| CVE-2024-39337 | 2024-06-23 | Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication... |
| CVE-2024-6266 | 2024-06-23 | Pear Admin Boot loadDictItem sql injection |
| CVE-2024-6267 | 2024-06-23 | SourceCodester Service Provider Management System System Info Page index.php cross site scripting |
| CVE-2024-6268 | 2024-06-23 | lahirudanushka School Management System Login Page login.php sql injection |
| CVE-2024-6269 | 2024-06-23 | Ruijie RG-UAC HTTP POST Request sxh_vpnlic.php get_ip.addr_details command injection |
| CVE-2024-4841 | 2024-06-23 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-6273 | 2024-06-23 | SourceCodester Clinic Queuing System patient_side.php save_patient cross site scripting |
| CVE-2021-45785 | 2024-06-24 | TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site... |
| CVE-2023-50029 | 2024-06-24 | PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf)... |
| CVE-2024-33278 | 2024-06-24 | Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions... |
| CVE-2024-33879 | 2024-06-24 | An issue was discovered in VirtoSoftware Virto Bulk File Download... |
| CVE-2024-33881 | 2024-06-24 | An issue was discovered in VirtoSoftware Virto Bulk File Download... |
| CVE-2024-34313 | 2024-06-24 | An issue in VPL Jail System up to v4.0.2 allows... |
| CVE-2024-34988 | 2024-06-24 | SQL injection vulnerability in the module "Complete for Create a... |
| CVE-2024-34991 | 2024-06-24 | In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique... |
| CVE-2024-34992 | 2024-06-24 | SQL Injection vulnerability in the module "Help Desk - Customer... |
| CVE-2024-36681 | 2024-06-24 | SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from... |
| CVE-2024-36682 | 2024-06-24 | In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu... |
| CVE-2024-36683 | 2024-06-24 | SQL injection vulnerability in the module "Products Alert" (productsalert) before... |
| CVE-2024-37677 | 2024-06-24 | An issue in Shenzhen Weitillage Industrial Co., Ltd the access... |
| CVE-2024-37678 | 2024-06-24 | Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co.,... |
| CVE-2024-37679 | 2024-06-24 | Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co.,... |
| CVE-2024-37681 | 2024-06-24 | An issue the background management system of Shanxi Internet Chuangxiang... |
| CVE-2024-37732 | 2024-06-24 | Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a... |
| CVE-2024-37759 | 2024-06-24 | DataGear v5.0.0 and earlier was discovered to contain a SpEL... |
| CVE-2024-37825 | 2024-06-24 | An issue in EnvisionWare Computer Access & Reservation Control SelfCheck... |
| CVE-2024-38892 | 2024-06-24 | An issue in Wavlink WN551K1 allows a remote attacker to... |
| CVE-2024-38894 | 2024-06-24 | WAVLINK WN551K1 found a command injection vulnerability through the IP... |
| CVE-2024-38895 | 2024-06-24 | WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. |
| CVE-2024-38896 | 2024-06-24 | WAVLINK WN551K1 found a command injection vulnerability through the start_hour... |
| CVE-2024-38897 | 2024-06-24 | WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. |
| CVE-2024-38903 | 2024-06-24 | H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers... |
| CVE-2024-33880 | 2024-06-24 | An issue was discovered in VirtoSoftware Virto Bulk File Download... |
| CVE-2024-33898 | 2024-06-24 | Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is... |
| CVE-2024-34312 | 2024-06-24 | Virtual Programming Lab for Moodle up to v4.2.3 was discovered... |
| CVE-2024-37680 | 2024-06-24 | Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected... |
| CVE-2024-38902 | 2024-06-24 | H3C Magic R230 V100R002 was discovered to contain a hardcoded... |
| CVE-2024-3121 | 2024-06-24 | Remote Code Execution in create_conda_env function in parisneo/lollms |
| CVE-2024-6274 | 2024-06-24 | lahirudanushka School Management System Attendance Report Page attendancelist.php sql injection |
| CVE-2024-6275 | 2024-06-24 | lahirudanushka School Management System Parent Page parent.php sql injection |
| CVE-2024-6276 | 2024-06-24 | lahirudanushka School Management System Teacher Page teacher.php sql injection |
| CVE-2024-6277 | 2024-06-24 | lahirudanushka School Management System Student Page student.php sql injection |
| CVE-2024-6278 | 2024-06-24 | lahirudanushka School Management System Subject Page subject.php sql injection |
| CVE-2024-6279 | 2024-06-24 | lahirudanushka School Management System Exam Results Page examresults-par.php sql injection |
| CVE-2024-6280 | 2024-06-24 | SourceCodester Simple Online Bidding System unrestricted upload |
| CVE-2024-4499 | 2024-06-24 | CSRF Vulnerability in parisneo/lollms XTTS Server |
| CVE-2024-4899 | 2024-06-24 | SEOPress < 7.8 - Contributor+ Stored XSS |
| CVE-2024-4900 | 2024-06-24 | SEOPress < 7.8 - Contributor+ Open Redirect |
| CVE-2024-24550 | 2024-06-24 | Bludit - Remote Code Execution (RCE) through File API |
| CVE-2024-24551 | 2024-06-24 | Bludit - Remote Code Execution (RCE) through Image API |
| CVE-2024-24552 | 2024-06-24 | Bludit is Vulnerable to Session Fixation |
| CVE-2024-24553 | 2024-06-24 | Bludit uses SHA1 as Password Hashing Algorithm |
| CVE-2024-24554 | 2024-06-24 | Bludit - Insecure Token Generation |
| CVE-2024-27136 | 2024-06-24 | Apache JSPWiki: Cross-site scripting vulnerability on upload page |
| CVE-2024-36495 | 2024-06-24 | Read/Write Permissions for Everyone on Configuration File |
| CVE-2024-5683 | 2024-06-24 | Remote Code Execution in Next4Biz's BPM |
| CVE-2024-4754 | 2024-06-24 | Stored XSS in Next4Biz's BPM |
| CVE-2024-36496 | 2024-06-24 | Hardcoded Credentials |
| CVE-2024-36497 | 2024-06-24 | Unhashed Storage of Password |
| CVE-2024-6160 | 2024-06-24 | SQL Injection in MegaBIP |
| CVE-2024-29868 | 2024-06-24 | Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation |
| CVE-2024-36038 | 2024-06-24 | Stored XSS |
| CVE-2024-37089 | 2024-06-24 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-37091 | 2024-06-24 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-37092 | 2024-06-24 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2024-37107 | 2024-06-24 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Privilege Escalation vulnerability |
| CVE-2024-37109 | 2024-06-24 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability |
| CVE-2024-5862 | 2024-06-24 | User Enumeration in Mia Technology's Mia-Med Health Aplication |
| CVE-2024-37111 | 2024-06-24 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability |
| CVE-2024-37228 | 2024-06-24 | WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability |
| CVE-2024-37231 | 2024-06-24 | WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability |
| CVE-2024-3264 | 2024-06-24 | Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication |
| CVE-2024-37233 | 2024-06-24 | WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability |