CVE List - 2024 / January
Showing 1801 - 1900 of 2591 CVEs for January 2024 (Page 19 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-23683 | 2024-01-19 | Artemis Java Test Sandbox InvocationTargetException Subclass Escape |
| CVE-2024-22420 | 2024-01-19 | Stored cross site scripting in Markdown Preview in JupyterLab |
| CVE-2024-23681 | 2024-01-19 | Artemis Java Test Sandbox Libary Load Escape |
| CVE-2024-23684 | 2024-01-19 | upokecenter CBOR Denial of Service |
| CVE-2024-0735 | 2024-01-19 | SourceCodester Online Tours & Travels Management System expense.php exec sql injection |
| CVE-2024-0736 | 2024-01-19 | EFS Easy File Sharing FTP Login denial of service |
| CVE-2024-23689 | 2024-01-19 | ClickHouse Client Certificate Password Exposure |
| CVE-2024-23685 | 2024-01-19 | FOLIO mod-remote-storage Hard Coded Credentials |
| CVE-2024-23686 | 2024-01-19 | DependencyCheck Debug Mode Logging of NVD API Key |
| CVE-2024-23687 | 2024-01-19 | FOLIO mod-data-export-spring Hard-Coded Credentials |
| CVE-2024-23688 | 2024-01-19 | Consensys Discovery Nonce Reuse |
| CVE-2024-0737 | 2024-01-19 | Xlightftpd Xlight FTP Server Login denial of service |
| CVE-2024-0738 | 2024-01-19 | 个人开源 mldong DecisionModel.java ExpressionEngine code injection |
| CVE-2024-0739 | 2024-01-19 | Hecheng Leadshop leadshop.php deserialization |
| CVE-2024-23332 | 2024-01-19 | Client configured with permissive trust policies susceptible to rollback attack in Notary Project |
| CVE-2021-31314 | 2024-01-20 | File upload vulnerability in ejinshan v8+ terminal security system allows... |
| CVE-2023-46447 | 2024-01-20 | The POPS! Rebel application 5.0 for Android, in POPS! Rebel... |
| CVE-2023-47024 | 2024-01-20 | Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads... |
| CVE-2023-51906 | 2024-01-20 | An issue in yonyou YonBIP v3_23.05 allows a remote attacker... |
| CVE-2023-51924 | 2024-01-20 | An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of... |
| CVE-2023-51925 | 2024-01-20 | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of... |
| CVE-2023-51927 | 2024-01-20 | YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability... |
| CVE-2023-51928 | 2024-01-20 | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of... |
| CVE-2023-51892 | 2024-01-20 | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker... |
| CVE-2023-51926 | 2024-01-20 | YonBIP v3_23.05 was discovered to contain an arbitrary file read... |
| CVE-2024-0623 | 2024-01-20 | The VK Block Patterns plugin for WordPress is vulnerable to... |
| CVE-2024-0679 | 2024-01-20 | The ColorMag theme for WordPress is vulnerable to unauthorized access... |
| CVE-2023-7063 | 2024-01-20 | The WPForms Pro plugin for WordPress is vulnerable to Stored... |
| CVE-2024-0521 | 2024-01-20 | Code Injection in paddlepaddle/paddle |
| CVE-2024-23732 | 2024-01-21 | The JSON loader in Embedchain before 0.1.57 allows a ReDoS... |
| CVE-2023-52353 | 2024-01-21 | An issue was discovered in Mbed TLS through 3.5.1. In... |
| CVE-2024-23725 | 2024-01-21 | Ghost before 5.76.0 allows XSS via a post excerpt in... |
| CVE-2024-23726 | 2024-01-21 | Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that... |
| CVE-2024-23730 | 2024-01-21 | The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub)... |
| CVE-2024-23731 | 2024-01-21 | The OpenAPI loader in Embedchain before 0.1.57 allows attackers to... |
| CVE-2024-23744 | 2024-01-21 | An issue was discovered in Mbed TLS 3.5.1. There is... |
| CVE-2016-15037 | 2024-01-21 | go4rayyan Scumblr Task cross site scripting |
| CVE-2024-0769 | 2024-01-21 | D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal |
| CVE-2023-6531 | 2024-01-21 | Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf |
| CVE-2024-0770 | 2024-01-21 | European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission |
| CVE-2024-0771 | 2024-01-21 | Nsasoft Product Key Explorer Registration memory corruption |
| CVE-2024-0772 | 2024-01-21 | Nsasoft ShareAlarmPro Registration memory corruption |
| CVE-2024-0773 | 2024-01-21 | CodeAstro Internet Banking System pages_client_signup.php cross site scripting |
| CVE-2021-42141 | 2024-01-22 | An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One... |
| CVE-2023-24135 | 2024-01-22 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain... |
| CVE-2023-48118 | 2024-01-22 | SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows... |
| CVE-2023-52354 | 2024-01-22 | chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are... |
| CVE-2024-23750 | 2024-01-22 | MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary... |
| CVE-2024-23751 | 2024-01-22 | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the... |
| CVE-2017-20189 | 2024-01-22 | In Clojure before 1.9.0, classes can be used to construct... |
| CVE-2023-47352 | 2024-01-22 | Technicolor TC8715D devices have predictable default WPA2 security passwords. An... |
| CVE-2024-22895 | 2024-01-22 | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. |
| CVE-2024-23752 | 2024-01-22 | GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows... |
| CVE-2024-23768 | 2024-01-22 | Dremio before 24.3.1 allows path traversal. An authenticated user who... |
| CVE-2024-23770 | 2024-01-22 | darkhttpd through 1.15 allows local users to discover credentials (for... |
| CVE-2024-23771 | 2024-01-22 | darkhttpd before 1.15 uses strcmp (which is not constant time)... |
| CVE-2024-0774 | 2024-01-22 | Any-Capture Any Sound Recorder Registration memory corruption |
| CVE-2024-0776 | 2024-01-22 | LinZhaoguan pb-cms Comment cross site scripting |
| CVE-2024-22113 | 2024-01-22 | Open redirect vulnerability in Access analysis CGI An-Analyzer released in... |
| CVE-2024-21484 | 2024-01-22 | Versions of the package jsrsasign before 11.0.0 are vulnerable to... |
| CVE-2024-22233 | 2024-01-22 | CVE-2024-22233: Spring Framework server Web DoS Vulnerability |
| CVE-2024-0775 | 2024-01-22 | Kernel: use-after-free while changing the mount option in __ext4_remount leading |
| CVE-2020-36771 | 2024-01-22 | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as... |
| CVE-2020-36772 | 2024-01-22 | CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied... |
| CVE-2023-44395 | 2024-01-22 | Autolab has Path Traversal vulnerability in Assessment functionality |
| CVE-2024-0778 | 2024-01-22 | Uniview ISC 2500-S VM.php setNatConfig os command injection |
| CVE-2024-0781 | 2024-01-22 | CodeAstro Internet Banking System pages_client_signup.php redirect |
| CVE-2024-0782 | 2024-01-22 | CodeAstro Online Railway Reservation System pass-profile.php cross site scripting |
| CVE-2022-45790 | 2024-01-22 | Omron FINS memory protection susceptible to bruteforce |
| CVE-2024-0783 | 2024-01-22 | Project Worlds Online Admission System documents.php unrestricted upload |
| CVE-2024-0784 | 2024-01-22 | hongmaple octopus list sql injection |
| CVE-2022-45792 | 2024-01-22 | Directory Traversal in Project File Format allows overwrite (Zip Slip) |
| CVE-2024-0204 | 2024-01-22 | Authentication Bypass in GoAnywhere MFT |
| CVE-2024-0605 | 2024-01-22 | Using a javascript: URI with a setTimeout race condition, an... |
| CVE-2024-0606 | 2024-01-22 | An attacker could execute unauthorized script on a legitimate site... |
| CVE-2023-47746 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2024-0430 | 2024-01-22 | IObit Malware Fighter v11.0.0.1274 - Denial of Service (DoS) |
| CVE-2023-50308 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-45193 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-7170 | 2024-01-22 | EventON-RSVP < 2.9.5 - Reflected XSS |
| CVE-2023-6625 | 2024-01-22 | Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF |
| CVE-2023-6384 | 2024-01-22 | WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR |
| CVE-2023-7194 | 2024-01-22 | Meris <= 1.1.2 - Reflected XSS |
| CVE-2023-6290 | 2024-01-22 | WP SEO Press < 7.3 - Admin+ Stored XSS |
| CVE-2023-6456 | 2024-01-22 | WP Review Slider < 13.0 - Admin+ Stored XSS |
| CVE-2023-6626 | 2024-01-22 | Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS |
| CVE-2023-7082 | 2024-01-22 | WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE |
| CVE-2023-6447 | 2024-01-22 | EventPrime < 3.3.6 - Unauthenticated Event Access |
| CVE-2023-47747 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-27859 | 2024-01-22 | IBM Db2 code execution |
| CVE-2023-47152 | 2024-01-22 | IBM Db2 information disclosure |
| CVE-2023-47158 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-47141 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2024-23675 | 2024-01-22 | Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion |
| CVE-2024-23677 | 2024-01-22 | Server Response Disclosure in RapidDiag Salesforce.com Log File |
| CVE-2024-23676 | 2024-01-22 | Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command |
| CVE-2024-23678 | 2024-01-22 | Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition |
| CVE-2024-23339 | 2024-01-22 | hoolock does not block Prototype pollution with object-path related utilities |
| CVE-2024-23340 | 2024-01-22 | @hono/node-server can't handle "double dots" in URL |
| CVE-2024-23342 | 2024-01-22 | python-ecdsa vulnerable to Minerva attack on P-256 |