Lista CVE - 2024 / Giugno
Visualizzazione 301 - 400 di 3082 CVE per Giugno 2024 (Pagina 4 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-30528 | 2024-06-04 | WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability |
| CVE-2024-30525 | 2024-06-04 | WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2024-4520 | 2024-06-04 | Improper Access Control in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-28103 | 2024-06-04 | Action Pack is missing security headers on non-HTML responses |
| CVE-2024-32464 | 2024-06-04 | ActionText ContentAttachment can Contain Unsanitized HTML |
| CVE-2024-23326 | 2024-06-04 | Envoy incorrectly accepts HTTP 200 response for entering upgrade mode |
| CVE-2024-4219 | 2024-06-04 | SSRF In BeyondInsight |
| CVE-2024-4220 | 2024-06-04 | Information Disclosure in BeyondInsight |
| CVE-2024-34364 | 2024-06-04 | Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response |
| CVE-2024-34363 | 2024-06-04 | Envoy can crash due to uncaught nlohmann JSON exception |
| CVE-2024-34362 | 2024-06-04 | Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream |
| CVE-2024-32976 | 2024-06-04 | Envoy can enter an endless loop while decompressing Brotli data with extra input |
| CVE-2024-32975 | 2024-06-04 | Envoy crashes in QuicheDataReader::PeekVarInt62Length() |
| CVE-2024-32974 | 2024-06-04 | Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete() |
| CVE-2024-36121 | 2024-06-04 | netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces |
| CVE-2024-36675 | 2024-06-04 | LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via... |
| CVE-2022-28652 | 2024-06-04 | ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack |
| CVE-2024-30889 | 2024-06-04 | Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed... |
| CVE-2022-28654 | 2024-06-04 | is_closing_session() allows users to fill up apport.log |
| CVE-2022-28655 | 2024-06-04 | is_closing_session() allows users to create arbitrary tcp dbus connections |
| CVE-2022-28656 | 2024-06-04 | is_closing_session() allows users to consume RAM in the Apport process |
| CVE-2024-5635 | 2024-06-04 | itsourcecode Bakery Online Ordering System index.php sql injection |
| CVE-2022-28657 | 2024-06-04 | Apport does not disable python crash handler before entering chroot |
| CVE-2022-28658 | 2024-06-04 | Apport argument parsing mishandles filename splitting on older kernels resulting... |
| CVE-2023-49927 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2023-50803 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor, and Modem... |
| CVE-2024-34055 | 2024-06-05 | Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated... |
| CVE-2024-36837 | 2024-06-05 | SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker... |
| CVE-2023-49928 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2023-50804 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor, and Modem... |
| CVE-2024-28818 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2024-4084 | 2024-06-05 | SSRF vulnerability in mintplex-labs/anything-llm |
| CVE-2024-5636 | 2024-06-05 | itsourcecode Bakery Online Ordering System index.php sql injection |
| CVE-2024-5317 | 2024-06-05 | Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 |
| CVE-2024-5483 | 2024-06-05 | LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API |
| CVE-2024-5262 | 2024-06-05 | ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties |
| CVE-2024-5149 | 2024-06-05 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness |
| CVE-2024-1161 | 2024-06-05 | Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes |
| CVE-2024-4295 | 2024-06-05 | Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash |
| CVE-2024-2087 | 2024-06-05 | Brizy – Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form |
| CVE-2024-1940 | 2024-06-05 | Brizy – Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3667 | 2024-06-05 | Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget Link To URL |
| CVE-2024-4886 | 2024-06-05 | BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR |
| CVE-2024-2368 | 2024-06-05 | Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication |
| CVE-2024-1164 | 2024-06-05 | Brizy – Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality |
| CVE-2024-5222 | 2024-06-05 | Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-4088 | 2024-06-05 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization |
| CVE-2024-5006 | 2024-06-05 | Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter |
| CVE-2024-5453 | 2024-06-05 | ProfileGrid <= 5.8.6 - Missing Authorization |
| CVE-2024-4939 | 2024-06-05 | Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode |
| CVE-2024-5439 | 2024-06-05 | Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-23669 | 2024-06-05 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0... |
| CVE-2024-1272 | 2024-06-05 | Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software |
| CVE-2024-5571 | 2024-06-05 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget |
| CVE-2024-4743 | 2024-06-05 | LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode |
| CVE-2024-4821 | 2024-06-05 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode |
| CVE-2024-5536 | 2024-06-05 | GamiPress – Link <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4001 | 2024-06-05 | Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode |
| CVE-2024-5526 | 2024-06-05 | Grafana OnCall is an easy-to-use on-call management tool that will... |
| CVE-2024-1662 | 2024-06-05 | Information Disclosure in Porty's PowerBank |
| CVE-2024-5459 | 2024-06-05 | Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation |
| CVE-2024-3469 | 2024-06-05 | GP Premium <= 2.4.0 - Reflected Cross-Site Scripting |
| CVE-2024-35673 | 2024-06-05 | WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-5629 | 2024-06-05 | Out-of-bounds read in bson module of PyMongo |
| CVE-2024-3716 | 2024-06-05 | Foreman-installer: candlepin database password being leaked to local users via the process list |
| CVE-2024-4812 | 2024-06-05 | Katello: potential cross-site scripting exploit in ui |
| CVE-2024-24790 | 2024-06-05 | Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip |
| CVE-2024-24789 | 2024-06-05 | Mishandling of corrupt central directory record in archive/zip |
| CVE-2024-20404 | 2024-06-05 | A vulnerability in the web-based management interface of Cisco Finesse... |
| CVE-2024-20405 | 2024-06-05 | A vulnerability in the web-based management interface of Cisco Finesse... |
| CVE-2024-35674 | 2024-06-05 | WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability |
| CVE-2024-4008 | 2024-06-05 | FDSK Leak in KNX Secure Devices |
| CVE-2024-4009 | 2024-06-05 | Replay Attack in KNX Secure Devices |
| CVE-2024-36129 | 2024-06-05 | OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC |
| CVE-2024-5184 | 2024-06-05 | Prompt Injection in EmailGPT |
| CVE-2024-5037 | 2024-06-05 | Openshift/telemeter: iss check during jwt authentication can be bypassed |
| CVE-2024-27379 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27380 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27376 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27378 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27382 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27381 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27370 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27377 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27372 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27375 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27374 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27373 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27371 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-36669 | 2024-06-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-36670 | 2024-06-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-36668 | 2024-06-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-36667 | 2024-06-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-5171 | 2024-06-05 | heap buffer overflow in libaom |
| CVE-2024-5653 | 2024-06-05 | Chanjet Smooth T+system keyEdit.aspx sql injection |
| CVE-2024-0912 | 2024-06-05 | CCURE passwords exposed to administrators |
| CVE-2024-33655 | 2024-06-06 | The DNS protocol in RFC 1035 and updates allows remote... |
| CVE-2024-5324 | 2024-06-06 | Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update |
| CVE-2024-4788 | 2024-06-06 | Boostify Header Footer Builder for Elementor <= 1.3.3 - Missing Authorization to Page/Post Creation |
| CVE-2024-5342 | 2024-06-06 | Simple Image Popup Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |