Lista CVE - 2024 / Giugno
Visualizzazione 3001 - 3082 di 3082 CVE per Giugno 2024 (Pagina 31 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-5925 | 2024-06-28 | Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-5662 | 2024-06-28 | Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget |
| CVE-2024-5922 | 2024-06-28 | Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-5735 | 2024-06-28 | Full Path Disclosure in AdmirorFrames Joomla! Extension |
| CVE-2024-5736 | 2024-06-28 | SSRF in AdmirorFrames Joomla! Extension |
| CVE-2024-5737 | 2024-06-28 | HTML Injection in AdmirorFrames Joomla! Extension |
| CVE-2024-3800 | 2024-06-28 | XSS in S@M CMS |
| CVE-2024-3801 | 2024-06-28 | XSS in S@M CMS |
| CVE-2024-3816 | 2024-06-28 | SQLi in S@M CMS |
| CVE-2024-38531 | 2024-06-28 | Nix sandbox escape |
| CVE-2024-29038 | 2024-06-28 | tpm2 does not detect if quote was not generated by TPM |
| CVE-2024-35137 | 2024-06-28 | IBM Security Access Manager Docker information disclosure |
| CVE-2024-38521 | 2024-06-28 | Persistent Cross-Site Scripting (XSS) in hushline inbox |
| CVE-2024-35139 | 2024-06-28 | IBM Security Access Manager Docker information disclosure |
| CVE-2024-29039 | 2024-06-28 | Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state |
| CVE-2024-6402 | 2024-06-28 | Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow |
| CVE-2024-6403 | 2024-06-28 | Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow |
| CVE-2024-38522 | 2024-06-28 | CSP bypass in Hush Line |
| CVE-2024-37905 | 2024-06-28 | Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik |
| CVE-2024-31919 | 2024-06-28 | IBM MQ denial of service |
| CVE-2024-31912 | 2024-06-28 | IBM MQ privilege escalation |
| CVE-2024-35155 | 2024-06-28 | IBM MQ information disclosure |
| CVE-2024-38371 | 2024-06-28 | Insufficient access control for OAuth2 Device Code flow in authentik |
| CVE-2024-38374 | 2024-06-28 | Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java |
| CVE-2024-38514 | 2024-06-28 | NextChat Server-Side Request Forgery (SSRF) |
| CVE-2024-35156 | 2024-06-28 | IBM MQ information disclosure |
| CVE-2024-35116 | 2024-06-28 | IBM MQ denial of service |
| CVE-2024-25031 | 2024-06-28 | IBM Storage Defender information disclosure |
| CVE-2024-38322 | 2024-06-28 | IBM Storage Defender information disclosure |
| CVE-2024-25053 | 2024-06-28 | IBM Cognos Analytics improper certificate validation |
| CVE-2024-25041 | 2024-06-28 | IBM Cognos Analytics cross-site scripting |
| CVE-2022-27540 | 2024-06-28 | A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and... |
| CVE-2022-38383 | 2024-06-28 | IBM Cloud Pak for Security information disclosure |
| CVE-2024-5712 | 2024-06-28 | CSRF Vulnerability in stitionai/devika |
| CVE-2024-5827 | 2024-06-28 | Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna |
| CVE-2024-38528 | 2024-06-28 | Unlimited number of NTS-KE connections can crash ntpd-rs server |
| CVE-2024-3995 | 2024-06-28 | Command Injection in Helix ALM |
| CVE-2024-38518 | 2024-06-28 | bbb-web API additional parameters considered |
| CVE-2024-39307 | 2024-06-28 | Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita |
| CVE-2024-39302 | 2024-06-28 | Some bbb-record-core files installed with wrong file permission |
| CVE-2024-29040 | 2024-06-28 | Fapi Verify Quote: Does not detect if quote was not generated by TPM |
| CVE-2024-38525 | 2024-06-28 | dd-trace-cpp malformed unicode header values may cause crash |
| CVE-2024-38533 | 2024-06-28 | ZKsync Era invalid stack addressing conversion |
| CVE-2024-38532 | 2024-06-28 | TEST_KEY used in example dcp_tool reference implementation |
| CVE-2024-39840 | 2024-06-29 | Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode... |
| CVE-2024-39846 | 2024-06-29 | NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted,... |
| CVE-2024-39848 | 2024-06-29 | Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr... |
| CVE-2024-6405 | 2024-06-29 | Floating Social Buttons <= 1.5 - Cross-Site Request Forgery |
| CVE-2024-5942 | 2024-06-29 | Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure |
| CVE-2024-5192 | 2024-06-29 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-6265 | 2024-06-29 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' |
| CVE-2024-5889 | 2024-06-29 | Events Manager <= 6.4.8 - Reflected Cross-Site Scripting |
| CVE-2024-5598 | 2024-06-29 | Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing |
| CVE-2024-6363 | 2024-06-29 | Stock Ticker <= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode |
| CVE-2024-5666 | 2024-06-29 | Extensions for Elementor <= 2.0.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter |
| CVE-2024-5790 | 2024-06-29 | Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget |
| CVE-2024-5819 | 2024-06-29 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes |
| CVE-2023-4017 | 2024-06-29 | Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters |
| CVE-2024-25943 | 2024-06-29 | iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability,... |
| CVE-2024-2386 | 2024-06-29 | WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-5926 | 2024-06-30 | Path Traversal in stitionai/devika |
| CVE-2024-6414 | 2024-06-30 | Parsec Automation TrakSYS Export Page contentpage direct request |
| CVE-2024-6415 | 2024-06-30 | Ingenico Estate Manager New Widget cross site scripting |
| CVE-2024-5062 | 2024-06-30 | Reflected XSS through survey redirect parameter in zenml-io/zenml |
| CVE-2024-28795 | 2024-06-30 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-35022 | 2024-06-30 | IBM InfoSphere Information Server improper authentication |
| CVE-2024-28798 | 2024-06-30 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2024-35119 | 2024-06-30 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-31902 | 2024-06-30 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-50954 | 2024-06-30 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-31898 | 2024-06-30 | IBM InfoSphere Information Server data modification |
| CVE-2024-28797 | 2024-06-30 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-50952 | 2024-06-30 | IBM InfoSphere Information Server server-side request forgery |
| CVE-2023-50953 | 2024-06-30 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-28794 | 2024-06-30 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-50964 | 2024-06-30 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2024-34703 | 2024-06-30 | Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters |
| CVE-2024-6416 | 2024-06-30 | SeaCMS sql injection |
| CVE-2024-6417 | 2024-06-30 | SourceCodester Simple Online Bidding System sql injection |
| CVE-2024-6418 | 2024-06-30 | SourceCodester Medicine Tracker System sql injection |
| CVE-2024-6419 | 2024-06-30 | SourceCodester Medicine Tracker System sql injection |
| CVE-2024-23736 | 2024-07-01 | Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. |
| CVE-2024-32228 | 2024-07-01 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. |
| CVE-2024-32229 | 2024-07-01 | FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. |
| CVE-2024-37762 | 2024-07-01 | MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. |
| CVE-2024-37763 | 2024-07-01 | MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. |
| CVE-2024-37764 | 2024-07-01 | MachForm up to version 19 is affected by an authenticated stored cross-site scripting. |
| CVE-2024-37765 | 2024-07-01 | Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page. |
| CVE-2024-38987 | 2024-07-01 | aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38990 | 2024-07-01 | Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38991 | 2024-07-01 | akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38992 | 2024-07-01 | airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38993 | 2024-07-01 | rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38994 | 2024-07-01 | amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS)... |
| CVE-2024-38996 | 2024-07-01 | ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service... |
| CVE-2024-38997 | 2024-07-01 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38999 | 2024-07-01 | jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39000 | 2024-07-01 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39001 | 2024-07-01 | ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting... |
| CVE-2024-39002 | 2024-07-01 | rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |