Lista CVE - 2024 / Luglio
Visualizzazione 1901 - 2000 di 3115 CVE per Luglio 2024 (Pagina 20 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-40629 | 2024-07-18 | Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver |
| CVE-2024-40628 | 2024-07-18 | Arbitrary File Read in Ansible Playbooks in Jumpserver |
| CVE-2024-5625 | 2024-07-18 | XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console |
| CVE-2024-0857 | 2024-07-18 | SQLi in Universal Software's FlexWater Corporate Water Management |
| CVE-2024-30125 | 2024-07-18 | HCL BigFix Compliance is affected by an internal server error |
| CVE-2024-5321 | 2024-07-18 | Incorrect permissions on Windows containers logs |
| CVE-2024-38806 | 2024-07-18 | UAA Failure to Remove Shadow User’s Access |
| CVE-2024-30126 | 2024-07-18 | HCL BigFix Compliance is affected by a missing X-Frame-Options Header vulnerability |
| CVE-2024-6455 | 2024-07-18 | ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function |
| CVE-2024-5997 | 2024-07-18 | Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation |
| CVE-2024-41111 | 2024-07-18 | BishopFox Sliver Authenticated Remote Code Execution |
| CVE-2024-40642 | 2024-07-18 | Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp |
| CVE-2024-35199 | 2024-07-18 | TorchServe gRPC Port Exposure |
| CVE-2024-35198 | 2024-07-18 | TorchServe bypass allowed_urls configuration |
| CVE-2024-38156 | 2024-07-18 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-39123 | 2024-07-19 | In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the... |
| CVE-2024-39962 | 2024-07-19 | D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a... |
| CVE-2024-39963 | 2024-07-19 | AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via... |
| CVE-2024-40400 | 2024-07-19 | An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2024-41281 | 2024-07-19 | Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. |
| CVE-2024-41492 | 2024-07-19 | A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-41597 | 2024-07-19 | Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. |
| CVE-2024-41602 | 2024-07-19 | Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL |
| CVE-2024-41603 | 2024-07-19 | Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. |
| CVE-2024-27489 | 2024-07-19 | An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. |
| CVE-2024-41599 | 2024-07-19 | Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method |
| CVE-2024-41600 | 2024-07-19 | Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. |
| CVE-2024-41601 | 2024-07-19 | Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. |
| CVE-2024-30130 | 2024-07-19 | HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability |
| CVE-2024-6898 | 2024-07-19 | SourceCodester Record Management System index.php sql injection |
| CVE-2024-21583 | 2024-07-19 | Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/auth before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/public-api-server before main-gha.27122; versions of... |
| CVE-2024-21527 | 2024-07-19 | Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the... |
| CVE-2024-6899 | 2024-07-19 | SourceCodester Record Management System view_info.php sql injection |
| CVE-2023-7268 | 2024-07-19 | ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion |
| CVE-2023-7269 | 2024-07-19 | ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF |
| CVE-2024-5604 | 2024-07-19 | Bug Library < 2.1.2 - Admin+ Stored XSS |
| CVE-2024-6205 | 2024-07-19 | PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi |
| CVE-2024-6900 | 2024-07-19 | SourceCodester Record Management System edit_emp.php sql injection |
| CVE-2024-6901 | 2024-07-19 | SourceCodester Record Management System entry.php sql injection |
| CVE-2024-6902 | 2024-07-19 | SourceCodester Record Management System sort_user.php sql injection |
| CVE-2024-6799 | 2024-07-19 | YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation |
| CVE-2024-6338 | 2024-07-19 | FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter |
| CVE-2024-40724 | 2024-07-19 | Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. |
| CVE-2024-6903 | 2024-07-19 | SourceCodester Record Management System sort1_user.php sql injection |
| CVE-2024-6904 | 2024-07-19 | SourceCodester Record Management System sort2_user.php sql injection |
| CVE-2024-39457 | 2024-07-19 | Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. |
| CVE-2024-29736 | 2024-07-19 | Apache CXF: SSRF vulnerability via WADL stylesheet parameter |
| CVE-2024-32007 | 2024-07-19 | Apache CXF Denial of Service vulnerability in JOSE |
| CVE-2024-41172 | 2024-07-19 | Apache CXF: Unrestricted memory consumption in CXF HTTP clients |
| CVE-2024-6905 | 2024-07-19 | SourceCodester Record Management System view_info_user.php sql injection |
| CVE-2024-6906 | 2024-07-19 | SourceCodester Record Management System add_leave_non_user.php sql injection |
| CVE-2024-6907 | 2024-07-19 | SourceCodester Record Management System sort.php cross site scripting |
| CVE-2024-41107 | 2024-07-19 | Apache CloudStack: SAML Signature Exclusion |
| CVE-2024-6916 | 2024-07-19 | Zowe CLI --show-inputs-only displays securely stored properties |
| CVE-2024-5977 | 2024-07-19 | GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions |
| CVE-2024-37066 | 2024-07-19 | A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. |
| CVE-2024-0006 | 2024-07-19 | DB User Password Leak in Application Log |
| CVE-2024-6895 | 2024-07-19 | Insecure Account Profile Management |
| CVE-2024-6908 | 2024-07-19 | Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request |
| CVE-2024-24970 | 2024-07-19 | Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. |
| CVE-2024-29080 | 2024-07-19 | Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. |
| CVE-2024-41124 | 2024-07-19 | Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` |
| CVE-2024-39906 | 2024-07-19 | Remote code execution in Haven IndieAuthClient (GHSL-2024-093) |
| CVE-2024-41121 | 2024-07-19 | Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker |
| CVE-2024-41122 | 2024-07-19 | Custom environment variables allow to alter execution flow of plugins in Woodpecker |
| CVE-2024-40348 | 2024-07-20 | An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. |
| CVE-2024-40347 | 2024-07-20 | A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into... |
| CVE-2024-5804 | 2024-07-20 | Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset |
| CVE-2024-2337 | 2024-07-20 | Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-6560 | 2024-07-20 | Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure |
| CVE-2024-6281 | 2024-07-20 | Path Traversal in parisneo/lollms |
| CVE-2024-3934 | 2024-07-20 | Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download |
| CVE-2024-6694 | 2024-07-20 | WP Mail SMTP <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure |
| CVE-2024-6491 | 2024-07-20 | Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update |
| CVE-2024-6489 | 2024-07-20 | Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update |
| CVE-2024-38758 | 2024-07-20 | WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-38767 | 2024-07-20 | WordPress BSK PDF Manager plugin <= 3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38757 | 2024-07-20 | WordPress Typebot plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38750 | 2024-07-20 | WordPress Advanced post slider plugin <= 3.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38741 | 2024-07-20 | WordPress Amazing Hover Effects plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38739 | 2024-07-20 | WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38738 | 2024-07-20 | WordPress Change From Email plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38725 | 2024-07-20 | WordPress Admin Dashboard RSS Feed plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38722 | 2024-07-20 | WordPress Job Board Manager plugin <= 2.1.57 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38720 | 2024-07-20 | WordPress EazyDocs plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38718 | 2024-07-20 | WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38713 | 2024-07-20 | WordPress WP Photo Album Plus plugin <= 8.8.02.002 - Authenticated Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38712 | 2024-07-20 | WordPress Qi Blocks plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38711 | 2024-07-20 | WordPress Link Library plugin <= 7.7.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38710 | 2024-07-20 | WordPress Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38705 | 2024-07-20 | WordPress ElementInvader Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38703 | 2024-07-20 | WordPress WP Event Aggregator plugin <= 1.7.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38698 | 2024-07-20 | WordPress SKT Skill Bar plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38697 | 2024-07-20 | WordPress Goftino plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38696 | 2024-07-20 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.8.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38694 | 2024-07-20 | WordPress Moloni plugin <= 4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6637 | 2024-07-20 | WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password |
| CVE-2024-38689 | 2024-07-20 | WordPress Simple Popup plugin <= 4.4 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2024-6635 | 2024-07-20 | WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass |
| CVE-2024-6636 | 2024-07-20 | WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation |