CVE List - 2024 / January
Showing 2501 - 2591 of 2591 CVEs for January 2024 (Page 26 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-47072 | 2024-01-31 | SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers... |
| CVE-2023-31505 | 2024-01-31 | An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows... |
| CVE-2024-23170 | 2024-01-31 | An issue was discovered in Mbed TLS 2.x before 2.28.7... |
| CVE-2024-23745 | 2024-01-31 | In Notion Web Clipper 1.0.3(7), a .nib file is susceptible... |
| CVE-2024-22569 | 2024-01-31 | Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers... |
| CVE-2024-23775 | 2024-01-31 | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and... |
| CVE-2024-1069 | 2024-01-31 | The Contact Form Entries plugin for WordPress is vulnerable to... |
| CVE-2023-2439 | 2024-01-31 | The UserPro plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-0914 | 2024-01-31 | Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin) |
| CVE-2024-22236 | 2024-01-31 | In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions... |
| CVE-2024-1012 | 2024-01-31 | Wanhu ezOFFICE wf_printnum.jsp sql injection |
| CVE-2024-0836 | 2024-01-31 | The WordPress Review & Structure Data Schema Plugin – Review... |
| CVE-2023-44312 | 2024-01-31 | Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server |
| CVE-2023-44313 | 2024-01-31 | Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API |
| CVE-2023-50356 | 2024-01-31 | Improper Certificate Validation in AREAL Topkapi Vision (Server) |
| CVE-2023-50357 | 2024-01-31 | Cross site scripting vulnerability in AREAL SAS Webserv1 ASP Web Site |
| CVE-2024-1098 | 2024-01-31 | Rebuild proxy-download QiniuCloud.getStorageFile information disclosure |
| CVE-2024-1099 | 2024-01-31 | Rebuild read-raw getFileOfData cross site scripting |
| CVE-2024-22305 | 2024-01-31 | WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2024-23507 | 2024-01-31 | WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to SQL Injection |
| CVE-2024-22290 | 2024-01-31 | WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22287 | 2024-01-31 | WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1085 | 2024-01-31 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2024-1086 | 2024-01-31 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2024-22304 | 2024-01-31 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22291 | 2024-01-31 | WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22285 | 2024-01-31 | WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-7043 | 2024-01-31 | Unquoted path privilege vulnerability in ESET products for Windows |
| CVE-2024-22143 | 2024-01-31 | WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-0589 | 2024-01-31 | Cross-site scripting (XSS) vulnerability in the entry overview tab in... |
| CVE-2024-1112 | 2024-01-31 | Buffer Overflow Vulnerability in Resource Hacker |
| CVE-2024-22140 | 2024-01-31 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22136 | 2024-01-31 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5992 | 2024-01-31 | Opensc: side-channel leaks while stripping encryption pkcs#1 padding |
| CVE-2023-6246 | 2024-01-31 | Glibc: heap-based buffer overflow in __vsyslog_internal() |
| CVE-2023-6779 | 2024-01-31 | Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() |
| CVE-2023-6780 | 2024-01-31 | Glibc: integer overflow in __vsyslog_internal() |
| CVE-2024-1103 | 2024-01-31 | CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting |
| CVE-2024-0219 | 2024-01-31 | Privilege Elevation via Telerik JustDecompile Installer |
| CVE-2024-0832 | 2024-01-31 | Privilege Elevation via Telerik Reporting Installer |
| CVE-2024-0833 | 2024-01-31 | Privilege Elevation via Telerik Test Studio |
| CVE-2024-23508 | 2024-01-31 | WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23505 | 2024-01-31 | WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23502 | 2024-01-31 | WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47116 | 2024-01-31 | Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections |
| CVE-2024-24566 | 2024-01-31 | Lobe Chat unauthorized access to plugins |
| CVE-2024-24579 | 2024-01-31 | Tar path traversal in stereoscope when processing OCI tar archives |
| CVE-2024-22310 | 2024-01-31 | WordPress Formzu WP Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22307 | 2024-01-31 | WordPress WP-Lister Lite for eBay Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22306 | 2024-01-31 | WordPress Mang Board WP Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22302 | 2024-01-31 | WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50165 | 2024-01-31 | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by... |
| CVE-2023-50166 | 2024-01-31 | Pega Platform from 8.5.4 to 8.8.3 is affected by an... |
| CVE-2024-22297 | 2024-01-31 | WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22295 | 2024-01-31 | WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22293 | 2024-01-31 | WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22292 | 2024-01-31 | WordPress WP To Do Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5390 | 2024-01-31 | An attacker could potentially exploit this vulnerability, leading to files... |
| CVE-2024-22289 | 2024-01-31 | WordPress Post views Stats Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21888 | 2024-01-31 | A privilege escalation vulnerability in web component of Ivanti Connect... |
| CVE-2024-21893 | 2024-01-31 | A server-side request forgery vulnerability in the SAML component of... |
| CVE-2024-22286 | 2024-01-31 | WordPress BA Plus Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22282 | 2024-01-31 | WordPress SimpleMap Store Locator Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22163 | 2024-01-31 | WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22162 | 2024-01-31 | WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23637 | 2024-01-31 | OctoPrint Unverified Password Change via Access Control Settings |
| CVE-2024-22161 | 2024-01-31 | WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22160 | 2024-01-31 | WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22159 | 2024-01-31 | WordPress WOLF Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22158 | 2024-01-31 | WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21917 | 2024-01-31 | Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability |
| CVE-2024-22150 | 2024-01-31 | WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22153 | 2024-01-31 | WordPress Stock Locations for WooCommerce Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22146 | 2024-01-31 | WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21916 | 2024-01-31 | Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller |
| CVE-2024-1111 | 2024-01-31 | SourceCodester QR Code Login System add-user.php cross site scripting |
| CVE-2023-28807 | 2024-01-31 | Bypass of ZIA domain fronting detection module through evasion technique |
| CVE-2024-1113 | 2024-01-31 | openBI Unity.php uploadUnity unrestricted upload |
| CVE-2024-1114 | 2024-01-31 | openBI Screen.php dlfile access control |
| CVE-2024-1115 | 2024-01-31 | openBI Setting.php dlfile os command injection |
| CVE-2024-1116 | 2024-01-31 | openBI Upload.php index unrestricted upload |
| CVE-2024-1117 | 2024-01-31 | openBI Screen.php index code injection |
| CVE-2024-21626 | 2024-01-31 | runc container breakout through process.cwd trickery and leaked fds |
| CVE-2024-23650 | 2024-01-31 | BuildKit possible panic when incorrect parameters sent from frontend |
| CVE-2024-23651 | 2024-01-31 | BuildKit possible race condition with accessing subpaths from cache mounts |
| CVE-2024-23652 | 2024-01-31 | BuildKit possible host system access from mount stub cleaner |
| CVE-2024-23653 | 2024-01-31 | BuildKit interactive containers API does not validate entitlements check |
| CVE-2024-24747 | 2024-01-31 | MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation |
| CVE-2024-24571 | 2024-01-31 | facileManager Systemic Cross-Site Scripting (XSS) |
| CVE-2024-24572 | 2024-01-31 | facileManager Authenticated Variable Manipulation leading to SQL Injection |
| CVE-2024-24573 | 2024-01-31 | facileManager Privilege Escalation via Mass Assignment |