Lista CVE - 2024 / Giugno

Visualizzazione 401 - 500 di 3082 CVE per Giugno 2024 (Pagina 5 di 31)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2024-4942	2024-06-06	Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2023-6968	2024-06-06	The Moneytizer <= 9.5.20 - Cross-Site Request Forgery via multiple AJAX actions
CVE-2024-0910	2024-06-06	Restrict for Elementor <= 1.0.6 - Protection Mechanism Bypass
CVE-2023-6956	2024-06-06	EasyAzon – Amazon Associates Affiliate Plugin <= 5.1.0 - Reflected Cross-Site Scripting via easyazon-cloaking-locale
CVE-2024-4194	2024-06-06	Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-5001	2024-06-06	Image Hover Effects for Elementor with Lightbox and Flipbox <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters
CVE-2023-6966	2024-06-06	The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions
CVE-2024-5224	2024-06-06	Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-2350	2024-06-06	Clever Addons for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple CAFE Widgets
CVE-2024-5179	2024-06-06	Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion
CVE-2024-4705	2024-06-06	Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode
CVE-2024-2017	2024-06-06	Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection
CVE-2024-4364	2024-06-06	Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
CVE-2024-2922	2024-06-06	Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags
CVE-2024-4707	2024-06-06	Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode
CVE-2024-4608	2024-06-06	SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-4459	2024-06-06	Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles
CVE-2024-5449	2024-06-06	WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization
CVE-2024-4212	2024-06-06	Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
CVE-2024-4458	2024-06-06	Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs
CVE-2024-5615	2024-06-06	Open Graph <= 1.11.2 - Unauthenticated Sensitive Information Exposure
CVE-2024-5141	2024-06-06	Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-1175	2024-06-06	WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment
CVE-2024-5153	2024-06-06	Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion
CVE-2024-5162	2024-06-06	WordPress prettyPhoto <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2024-5161	2024-06-06	Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5152	2024-06-06	ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-0972	2024-06-06	BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API
CVE-2024-3049	2024-06-06	Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
CVE-2024-5665	2024-06-06	Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure
CVE-2024-4177	2024-06-06	Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)
CVE-2024-36393	2024-06-06	SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36394	2024-06-06	SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5221	2024-06-06	Qi Blocks <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2024-28995	2024-06-06	SolarWinds Serv-U L Directory Transversal Vulnerability
CVE-2024-5259	2024-06-06	MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter
CVE-2024-5329	2024-06-06	Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter
CVE-2024-5673	2024-06-06	Cross-Site Scripting in PHP File Manager by Dulldusk
CVE-2024-5657	2024-06-06	CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
CVE-2024-5658	2024-06-06	CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
CVE-2024-5038	2024-06-06	Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5188	2024-06-06	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5489	2024-06-06	Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion
CVE-2024-5675	2024-06-06	Unreliable data deserialization vulnerability in Mentor
CVE-2024-36779	2024-06-06	Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection...
CVE-2024-5684	2024-06-06	ID Charger Connect & Pro - JWT-Null-Algorithm
CVE-2024-34832	2024-06-06	Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an...
CVE-2024-36106	2024-06-06	Argo CD allows authenticated users to enumerate clusters by name
CVE-2024-36399	2024-06-06	Kanboard affected by Project Takeover via IDOR in ProjectPermissionController
CVE-2024-37150	2024-06-06	Private npm registry support used scope auth token for downloading tarballs
CVE-2024-37152	2024-06-06	Unauthenticated Access to sensitive settings in Argo CD
CVE-2024-35178	2024-06-06	Jupyter server on Windows discloses Windows user password hash
CVE-2024-37156	2024-06-06	TokenController formName not sanitized in hidden input
CVE-2024-36742	2024-06-06	An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows...
CVE-2024-36743	2024-06-06	An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause...
CVE-2024-36745	2024-06-06	An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause...
CVE-2024-3152	2024-06-06	Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
CVE-2024-5127	2024-06-06	Improper Access Control in lunary-ai/lunary
CVE-2024-3033	2024-06-06	Improper Authorization in mintplex-labs/anything-llm
CVE-2024-36737	2024-06-06	Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to...
CVE-2024-5277	2024-06-06	Weak Password Recovery Mechanism in lunary-ai/lunary
CVE-2024-36736	2024-06-06	An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1...
CVE-2024-30374	2024-06-06	Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-30375	2024-06-06	Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-5505	2024-06-06	NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability
CVE-2024-5256	2024-06-06	Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability
CVE-2024-5267	2024-06-06	Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5268	2024-06-06	Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-5269	2024-06-06	Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability
CVE-2024-3104	2024-06-06	Remote Code Execution in mintplex-labs/anything-llm
CVE-2024-5507	2024-06-06	Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5509	2024-06-06	Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability
CVE-2024-5508	2024-06-06	Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5506	2024-06-06	Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-30368	2024-06-06	A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability
CVE-2024-30369	2024-06-06	A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-1879	2024-06-06	CSRF to RCE in significant-gravitas/autogpt
CVE-2024-4889	2024-06-06	Code Injection in berriai/litellm
CVE-2024-3504	2024-06-06	Improper Access Control in lunary-ai/lunary
CVE-2024-5301	2024-06-06	Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5302	2024-06-06	Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5452	2024-06-06	RCE via Property/Class Pollution in lightning-ai/pytorch-lightning
CVE-2024-4941	2024-06-06	Local File Inclusion in JSON component in gradio-app/gradio
CVE-2024-4325	2024-06-06	Server-Side Request Forgery (SSRF) in gradio-app/gradio
CVE-2024-2914	2024-06-06	TarSlip Vulnerability in deepjavalibrary/djl
CVE-2024-5482	2024-06-06	SSRF in add_webpage endpoint in parisneo/lollms-webui
CVE-2024-5303	2024-06-06	Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5304	2024-06-06	Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5305	2024-06-06	Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-23793	2024-06-06	Upload of files outside application directory
CVE-2024-2362	2024-06-06	Path Traversal in parisneo/lollms-webui
CVE-2024-2548	2024-06-06	Path Traversal in parisneo/lollms-webui
CVE-2024-3099	2024-06-06	Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow
CVE-2024-5128	2024-06-06	IDOR Vulnerability in lunary-ai/lunary
CVE-2024-5552	2024-06-06	ReDoS in kubeflow/kubeflow
CVE-2024-5126	2024-06-06	Improper Access Control in lunary-ai/lunary
CVE-2024-3110	2024-06-06	Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
CVE-2024-2624	2024-06-06	Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui
CVE-2024-32873	2024-06-06	evmos allows transferring unvested tokens after delegations
CVE-2024-37364	2024-06-06	Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk...