CVE List - 2024 / January
Showing 2401 - 2500 of 2591 CVEs for January 2024 (Page 25 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1705 | 2024-01-29 | Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows... |
| CVE-2023-40550 | 2024-01-29 | Shim: out-of-bound read in verify_buffer_sbat() |
| CVE-2023-40549 | 2024-01-29 | Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file |
| CVE-2023-40546 | 2024-01-29 | Shim: out-of-bounds read printing error messages |
| CVE-2024-1009 | 2024-01-29 | SourceCodester Employee Management System login.php sql injection |
| CVE-2024-1010 | 2024-01-29 | SourceCodester Employee Management System edit-profile.php cross site scripting |
| CVE-2023-40551 | 2024-01-29 | Shim: out of bounds read when parsing mz binaries |
| CVE-2024-23828 | 2024-01-29 | Nginx-UI authenticated RCE through injecting into the application config via CRLF |
| CVE-2024-1011 | 2024-01-29 | SourceCodester Employee Management System Leave delete-leave.php access control |
| CVE-2024-1016 | 2024-01-29 | Solar FTP Server PASV Command denial of service |
| CVE-2024-23940 | 2024-01-29 | Trend Micro uiAirSupport, included in the Trend Micro Security 2023... |
| CVE-2023-30970 | 2024-01-29 | Gotham table and Forward App Path traversal |
| CVE-2024-1017 | 2024-01-29 | Gabriels FTP Server denial of service |
| CVE-2023-22836 | 2024-01-29 | In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants. |
| CVE-2024-1018 | 2024-01-29 | PbootCMS cross site scripting |
| CVE-2023-4550 | 2024-01-29 | Unauthenticated Arbitrary File Read |
| CVE-2023-4551 | 2024-01-29 | Command Injection via Task Scheduler |
| CVE-2023-4552 | 2024-01-29 | Java Database Connectivity (JDBC) URL Manipulation |
| CVE-2023-4553 | 2024-01-29 | Unauthenticated Access to AppBuilder Configuration Files |
| CVE-2023-4554 | 2024-01-29 | XML External Entity (XXE) Processing |
| CVE-2024-1020 | 2024-01-29 | Rebuild proxy-download getStorageFile cross site scripting |
| CVE-2024-1021 | 2024-01-29 | Rebuild HTTP Request readRawText server-side request forgery |
| CVE-2024-23829 | 2024-01-29 | aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators |
| CVE-2024-23334 | 2024-01-29 | aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal |
| CVE-2024-1022 | 2024-01-29 | CodeAstro Simple Student Result Management System Add Class Page add_classes.php cross site scripting |
| CVE-2023-36260 | 2024-01-30 | An issue was discovered in the Feed Me plugin 4.6.1... |
| CVE-2023-37571 | 2024-01-30 | Softing TH SCOPE through 3.70 allows XSS. |
| CVE-2023-51813 | 2024-01-30 | Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory... |
| CVE-2024-22523 | 2024-01-30 | Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before,... |
| CVE-2024-22648 | 2024-01-30 | A Blind SSRF vulnerability exists in the "Crawl Meta Data"... |
| CVE-2024-22894 | 2024-01-30 | An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or... |
| CVE-2024-24324 | 2024-01-30 | TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password... |
| CVE-2024-24325 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24326 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24328 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24329 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24330 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24333 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2023-36259 | 2024-01-30 | Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin... |
| CVE-2023-51837 | 2024-01-30 | Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. |
| CVE-2023-51843 | 2024-01-30 | react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as... |
| CVE-2023-51982 | 2024-01-30 | CrateDB 5.5.1 is contains an authentication bypass vulnerability in the... |
| CVE-2024-22643 | 2024-01-30 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version... |
| CVE-2024-22646 | 2024-01-30 | An email address enumeration vulnerability exists in the password reset... |
| CVE-2024-22647 | 2024-01-30 | An user enumeration vulnerability was found in SEO Panel 4.10.0.... |
| CVE-2024-22938 | 2024-01-30 | Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker... |
| CVE-2024-24327 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24331 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-24332 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... |
| CVE-2024-1024 | 2024-01-30 | SourceCodester Facebook News Feed Like New Account cross site scripting |
| CVE-2023-5372 | 2024-01-30 | The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions... |
| CVE-2024-1026 | 2024-01-30 | Cogites eReserv config.php cross site scripting |
| CVE-2024-21840 | 2024-01-30 | Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter |
| CVE-2024-1027 | 2024-01-30 | SourceCodester Facebook News Feed Like Post unrestricted upload |
| CVE-2024-1028 | 2024-01-30 | SourceCodester Facebook News Feed Like Post cross site scripting |
| CVE-2024-21488 | 2024-01-30 | Versions of the package network before 0.7.0 are vulnerable to... |
| CVE-2024-1029 | 2024-01-30 | Cogites eReserv tenancyDetail.php cross site scripting |
| CVE-2024-21803 | 2024-01-30 | Possible UAF in bt_accept_poll in Linux kernel |
| CVE-2023-7225 | 2024-01-30 | The MapPress Maps for WordPress plugin for WordPress is vulnerable... |
| CVE-2024-1061 | 2024-01-30 | The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is... |
| CVE-2023-6374 | 2024-01-30 | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... |
| CVE-2023-6942 | 2024-01-30 | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation... |
| CVE-2023-6943 | 2024-01-30 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe... |
| CVE-2024-1063 | 2024-01-30 | Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery... |
| CVE-2024-1030 | 2024-01-30 | Cogites eReserv tenancyDetail.php cross site scripting |
| CVE-2024-0674 | 2024-01-30 | Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines |
| CVE-2024-0675 | 2024-01-30 | Improper checking for unusual or exceptional conditions vulnerability in Lamassu Bitcoin ATM Douro machines |
| CVE-2024-0676 | 2024-01-30 | Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines |
| CVE-2024-1031 | 2024-01-30 | CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting |
| CVE-2024-1032 | 2024-01-30 | openBI Test Connection Databasesource.php testConnection deserialization |
| CVE-2024-1033 | 2024-01-30 | openBI Datament.php agent information disclosure |
| CVE-2024-1034 | 2024-01-30 | openBI File.php uploadFile unrestricted upload |
| CVE-2024-0564 | 2024-01-30 | Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication |
| CVE-2023-37518 | 2024-01-30 | A code injection vulnerability affects HCL BigFix ServiceNow Data Flow |
| CVE-2024-21649 | 2024-01-30 | Remote code execution |
| CVE-2024-21653 | 2024-01-30 | vantage6 insecure SSH configuration for node and server containers |
| CVE-2024-21671 | 2024-01-30 | vantage6 username timing attack |
| CVE-2024-22193 | 2024-01-30 | vantage6 unencrypted task can be created in encrypted collaboration |
| CVE-2024-22200 | 2024-01-30 | vantage6-UI docker image leaks software version information |
| CVE-2024-1035 | 2024-01-30 | openBI Icon.php uploadIcon unrestricted upload |
| CVE-2024-1019 | 2024-01-30 | WAF bypass of the ModSecurity v3 release line |
| CVE-2024-23647 | 2024-01-30 | PKCE downgrade attack in Authentik |
| CVE-2024-23825 | 2024-01-30 | TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts |
| CVE-2024-23838 | 2024-01-30 | TrueLayer.Client SSRF when fetching payment or payment provider |
| CVE-2024-23840 | 2024-01-30 | `goreleaser release --debug` shows secrets |
| CVE-2024-24565 | 2024-01-30 | CrateDB database has an arbitrary file read vulnerability |
| CVE-2023-6258 | 2024-01-30 | Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths |
| CVE-2023-46231 | 2024-01-30 | Session Token Disclosure to Internal Log Files in Splunk Add-on Builder |
| CVE-2023-46230 | 2024-01-30 | Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder |
| CVE-2024-23841 | 2024-01-30 | XSS in @apollo/experimental-nextjs-app-support |
| CVE-2024-24556 | 2024-01-30 | XSS in @urql/next |
| CVE-2024-21388 | 2024-01-30 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2024-1036 | 2024-01-30 | openBI Icon Screen.php uploadIcon unrestricted upload |
| CVE-2024-24558 | 2024-01-30 | react-query-streamed-hydration xss |
| CVE-2023-5389 | 2024-01-30 | An attacker could potentially exploit this vulnerability, leading to the... |
| CVE-2024-24567 | 2024-01-30 | raw_call `value=` kwargs not disabled for static and delegate calls |
| CVE-2024-1059 | 2024-01-30 | Use after free in Peer Connection in Google Chrome prior... |
| CVE-2024-1060 | 2024-01-30 | Use after free in Canvas in Google Chrome prior to... |
| CVE-2024-1077 | 2024-01-30 | Use after free in Network in Google Chrome prior to... |
| CVE-2024-23834 | 2024-01-30 | Discourse improperly sanitized user input leads to XSS |