CVE List - 2024 / January
Showing 2301 - 2400 of 2591 CVEs for January 2024 (Page 24 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-22283 | 2024-01-26 | WordPress Delhivery Logistics Courier Plugin <= 1.0.107 is vulnerable to SQL Injection |
| CVE-2024-22147 | 2024-01-26 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.7.5 is vulnerable to SQL Injection |
| CVE-2024-23506 | 2024-01-26 | WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to Sensitive Data Exposure |
| CVE-2023-48201 | 2024-01-27 | Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. |
| CVE-2023-48202 | 2024-01-27 | Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. |
| CVE-2023-52389 | 2024-01-27 | UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a... |
| CVE-2024-22860 | 2024-01-27 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. |
| CVE-2024-22861 | 2024-01-27 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. |
| CVE-2024-22862 | 2024-01-27 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. |
| CVE-2023-6482 | 2024-01-27 | Encryption key derived from static host information |
| CVE-2024-0664 | 2024-01-27 | The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to... |
| CVE-2023-6497 | 2024-01-27 | The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to... |
| CVE-2024-0667 | 2024-01-27 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21.... |
| CVE-2024-0697 | 2024-01-27 | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the... |
| CVE-2024-0824 | 2024-01-27 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient... |
| CVE-2024-0618 | 2024-01-27 | The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all... |
| CVE-2024-0958 | 2024-01-27 | CodeAstro Stock Management System Add Category index.php cross site scripting |
| CVE-2024-0959 | 2024-01-27 | StanfordVL GibsonEnv pposgd_fuse.py cloudpickle.load deserialization |
| CVE-2024-0960 | 2024-01-27 | flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization |
| CVE-2024-0962 | 2024-01-27 | obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow |
| CVE-2024-23738 | 2024-01-28 | An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute... |
| CVE-2024-23742 | 2024-01-28 | An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it... |
| CVE-2024-23743 | 2024-01-28 | Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that... |
| CVE-2024-23739 | 2024-01-28 | An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. |
| CVE-2024-23740 | 2024-01-28 | An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. |
| CVE-2024-23741 | 2024-01-28 | An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. |
| CVE-2024-0841 | 2024-01-28 | Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function |
| CVE-2023-6200 | 2024-01-28 | Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability |
| CVE-2024-23782 | 2024-01-28 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to... |
| CVE-2024-0986 | 2024-01-28 | Issabel PBX Asterisk-Cli os command injection |
| CVE-2024-24139 | 2024-01-29 | Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter. |
| CVE-2024-24141 | 2024-01-29 | Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. |
| CVE-2023-49038 | 2024-01-29 | Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. |
| CVE-2023-51839 | 2024-01-29 | DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. |
| CVE-2023-51840 | 2024-01-29 | DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. |
| CVE-2023-51842 | 2024-01-29 | An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16. |
| CVE-2024-22559 | 2024-01-29 | LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. |
| CVE-2024-22570 | 2024-01-29 | A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-23747 | 2024-01-29 | The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through... |
| CVE-2024-24134 | 2024-01-29 | Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. |
| CVE-2024-24135 | 2024-01-29 | Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. |
| CVE-2024-24136 | 2024-01-29 | The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. |
| CVE-2024-24140 | 2024-01-29 | Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' |
| CVE-2024-24736 | 2024-01-29 | The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558. |
| CVE-2024-0987 | 2024-01-29 | Sichuan Yougou Technology KuERP log neutralization for logs |
| CVE-2024-0988 | 2024-01-29 | Sichuan Yougou Technology KuERP common.php checklogin improper authentication |
| CVE-2024-0989 | 2024-01-29 | Sichuan Yougou Technology KuERP Service.php del_sn_db path traversal |
| CVE-2024-0990 | 2024-01-29 | Tenda i6 httpd setAutoPing formSetAutoPing stack-based overflow |
| CVE-2024-0991 | 2024-01-29 | Tenda i6 httpd setcfm formSetCfm stack-based overflow |
| CVE-2024-0992 | 2024-01-29 | Tenda i6 httpd wifiSSIDset formwrlSSIDset stack-based overflow |
| CVE-2024-0993 | 2024-01-29 | Tenda i6 httpd WifiMacFilterGet formWifiMacFilterGet stack-based overflow |
| CVE-2024-0994 | 2024-01-29 | Tenda W6 httpd setcfm formSetCfm stack-based overflow |
| CVE-2024-0995 | 2024-01-29 | Tenda W6 httpd wifiSSIDset formwrlSSIDset stack-based overflow |
| CVE-2024-0996 | 2024-01-29 | Tenda i9 httpd setcfm formSetCfm stack-based overflow |
| CVE-2024-0212 | 2024-01-29 | Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users) |
| CVE-2024-23792 | 2024-01-29 | Insufficient access control |
| CVE-2024-23791 | 2024-01-29 | Unnecessary data is written to log if issues during indexing occurs |
| CVE-2024-23790 | 2024-01-29 | Missing file type check in avatar picture upload |
| CVE-2023-46838 | 2024-01-29 | Linux: netback processing of zero-length transmit fragment |
| CVE-2023-5378 | 2024-01-29 | Stored XSS in SmodBIP and MegaBIP |
| CVE-2023-29055 | 2024-01-29 | Apache Kylin: Insufficiently protected credentials in config file |
| CVE-2024-0997 | 2024-01-29 | Totolink N200RE cstecgi.cgi setOpModeCfg stack-based overflow |
| CVE-2024-0998 | 2024-01-29 | Totolink N200RE cstecgi.cgi setDiagnosisCfg stack-based overflow |
| CVE-2024-0999 | 2024-01-29 | Totolink N200RE cstecgi.cgi setParentalRules stack-based overflow |
| CVE-2024-1000 | 2024-01-29 | Totolink N200RE cstecgi.cgi setTracerouteCfg stack-based overflow |
| CVE-2024-1001 | 2024-01-29 | Totolink N200RE cstecgi.cgi main stack-based overflow |
| CVE-2024-1014 | 2024-01-29 | Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 |
| CVE-2024-1015 | 2024-01-29 | Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 |
| CVE-2024-1002 | 2024-01-29 | Totolink N200RE cstecgi.cgi setIpPortFilterRules stack-based overflow |
| CVE-2024-1003 | 2024-01-29 | Totolink N200RE cstecgi.cgi setLanguageCfg stack-based overflow |
| CVE-2023-6278 | 2024-01-29 | Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting |
| CVE-2023-7074 | 2024-01-29 | WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF |
| CVE-2023-6389 | 2024-01-29 | WordPress Toolbar <= 2.2.6 - Open Redirect |
| CVE-2023-6633 | 2024-01-29 | Site Notes <= 2.0.0 - Admin Note Deletion via CSRF |
| CVE-2023-6279 | 2024-01-29 | Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS |
| CVE-2023-7199 | 2024-01-29 | Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure |
| CVE-2023-5956 | 2024-01-29 | Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview |
| CVE-2023-7204 | 2024-01-29 | WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure |
| CVE-2023-6946 | 2024-01-29 | Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF |
| CVE-2023-6530 | 2024-01-29 | TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes |
| CVE-2023-5124 | 2024-01-29 | PageLayer < 1.8.0 - Author+ Stored XSS |
| CVE-2023-7089 | 2024-01-29 | Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG |
| CVE-2023-5943 | 2024-01-29 | Wp-Adv-Quiz < 1.0.3 - Admin+ Stored XSS |
| CVE-2023-6503 | 2024-01-29 | WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7200 | 2024-01-29 | EventON < 4.4.1 - Reflected Cross-Site Scripting |
| CVE-2023-6391 | 2024-01-29 | Custom User CSS <= 0.2 - Settings Update via CSRF |
| CVE-2023-6165 | 2024-01-29 | Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS |
| CVE-2023-6390 | 2024-01-29 | WordPress Users <= 1.4 - Settings Update via CSRF |
| CVE-2023-40548 | 2024-01-29 | Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems |
| CVE-2024-1004 | 2024-01-29 | Totolink N200RE cstecgi.cgi loginAuth stack-based overflow |
| CVE-2024-1005 | 2024-01-29 | Shanxi Diankeyun Technology NODERP log file access |
| CVE-2024-1006 | 2024-01-29 | Shanxi Diankeyun Technology NODERP Cookie common.php improper authentication |
| CVE-2024-23822 | 2024-01-29 | Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22) |
| CVE-2024-23826 | 2024-01-29 | Uploading an image with a specific filename causes a server-side DoS |
| CVE-2024-1007 | 2024-01-29 | SourceCodester Employee Management System edit_profile.php sql injection |
| CVE-2024-1008 | 2024-01-29 | SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload |
| CVE-2024-23441 | 2024-01-29 | Vba32 Antivirus v3.36.0 - Denial of Service (DoS) |
| CVE-2024-23827 | 2024-01-29 | Nginx-UI arbitrary file write through the Import Certificate feature |
| CVE-2024-0788 | 2024-01-29 | SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation |
| CVE-2023-1705 | 2024-01-29 | Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. |