CVE List - 2024 / February
Showing 1 - 100 of 2784 CVEs for February 2024 (Page 1 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-22936 | 2024-02-01 | Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or... |
| CVE-2024-22939 | 2024-02-01 | Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. |
| CVE-2024-23052 | 2024-02-01 | An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. |
| CVE-2023-47256 | 2024-02-01 | ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings |
| CVE-2023-47257 | 2024-02-01 | ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. |
| CVE-2023-51939 | 2024-02-01 | An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. |
| CVE-2024-22859 | 2024-02-01 | Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability... |
| CVE-2024-22927 | 2024-02-01 | Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
| CVE-2024-23031 | 2024-02-01 | Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
| CVE-2024-23032 | 2024-02-01 | Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
| CVE-2024-23033 | 2024-02-01 | Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
| CVE-2024-23034 | 2024-02-01 | Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
| CVE-2024-24041 | 2024-02-01 | A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2024-24059 | 2024-02-01 | springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. |
| CVE-2024-24060 | 2024-02-01 | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. |
| CVE-2024-24061 | 2024-02-01 | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. |
| CVE-2024-24062 | 2024-02-01 | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. |
| CVE-2024-24945 | 2024-02-01 | A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2024-0831 | 2024-02-01 | Vault May Expose Sensitive Information When Configuring An Audit Log Device |
| CVE-2023-7069 | 2024-02-01 | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization... |
| CVE-2024-23941 | 2024-02-01 | Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on... |
| CVE-2024-0907 | 2024-02-01 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function... |
| CVE-2024-1129 | 2024-02-01 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function... |
| CVE-2024-1130 | 2024-02-01 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function... |
| CVE-2024-24548 | 2024-02-01 | Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. |
| CVE-2024-22148 | 2024-02-01 | WordPress WP Smart Editor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21750 | 2024-02-01 | WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52195 | 2024-02-01 | WordPress Posts to Page Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52194 | 2024-02-01 | WordPress oEmbed Gist Plugin <= 4.9.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22449 | 2024-02-01 | Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. |
| CVE-2023-52193 | 2024-02-01 | WordPress Page Builder: Live Composer Plugin <= 1.5.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22430 | 2024-02-01 | Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2023-52192 | 2024-02-01 | WordPress Keap Official Opt-in Forms Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52191 | 2024-02-01 | WordPress Infogram Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52189 | 2024-02-01 | WordPress Ideal Interactive Map Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52188 | 2024-02-01 | WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52175 | 2024-02-01 | WordPress Auto Amazon Links Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52118 | 2024-02-01 | WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51540 | 2024-02-01 | WordPress Custom 404 Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51548 | 2024-02-01 | WordPress SlickNav Mobile Menu Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51666 | 2024-02-01 | WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51669 | 2024-02-01 | WordPress Product Code for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51674 | 2024-02-01 | WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51536 | 2024-02-01 | WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51677 | 2024-02-01 | WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51534 | 2024-02-01 | WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51684 | 2024-02-01 | WordPress Easy Digital Downloads Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51685 | 2024-02-01 | WordPress WP Review Slider Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51689 | 2024-02-01 | WordPress Easy Video Player Plugin <= 1.2.2.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51690 | 2024-02-01 | WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51691 | 2024-02-01 | WordPress wpDiscuz Plugin <= 7.6.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51532 | 2024-02-01 | WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51693 | 2024-02-01 | WordPress Themify Icons Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51694 | 2024-02-01 | WordPress Embed Privacy Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51695 | 2024-02-01 | WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51520 | 2024-02-01 | WordPress Booking Calendar Plugin < 9.7.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51514 | 2024-02-01 | WordPress CBX Bookmark & Favorite Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51506 | 2024-02-01 | WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51509 | 2024-02-01 | WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6078 | 2024-02-01 | OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023 |
| CVE-2024-0935 | 2024-02-01 | Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024 |
| CVE-2024-1141 | 2024-02-01 | Glance-store: glance store access key logged in debug log level |
| CVE-2024-23645 | 2024-02-01 | GLPI reflected XSS in reports pages |
| CVE-2023-51446 | 2024-02-01 | GLPI LDAP Injection during authentication |
| CVE-2024-23328 | 2024-02-01 | The Dataease datasource exists deserialization and arbitrary file read vulnerability |
| CVE-2024-22433 | 2024-02-01 | Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this... |
| CVE-2024-24753 | 2024-02-01 | Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2 |
| CVE-2024-24752 | 2024-02-01 | Bref Uploaded Files Not Deleted in Event-Driven Functions |
| CVE-2024-24754 | 2024-02-01 | Bref Body Parsing Inconsistency in Event-Driven Functions |
| CVE-2024-23832 | 2024-02-01 | Mastodon Remote user impersonation and takeover |
| CVE-2024-24557 | 2024-02-01 | Moby classic builder cache poisoning |
| CVE-2024-24561 | 2024-02-01 | Vyper bounds check on built-in `slice()` function can be overflowed |
| CVE-2024-24570 | 2024-02-01 | Statamic account takeover via XSS and password reset link |
| CVE-2024-1167 | 2024-02-01 | SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference |
| CVE-2023-5841 | 2024-02-01 | OpenEXR Heap Overflow in Scanline Deep Data Parsing |
| CVE-2024-24569 | 2024-02-01 | `ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability |
| CVE-2024-1039 | 2024-02-01 | Use of Hard-coded Credentials in Gessler GmbH WEB-MASTER |
| CVE-2024-1040 | 2024-02-01 | Use of a Broken or Risky Cryptographic Algorithm in Gessler GmbH WEB-MASTER |
| CVE-2024-0325 | 2024-02-01 | Command Injection in Helix Sync |
| CVE-2023-4472 | 2024-02-01 | Cryptographically weak PRNG in Opinio 7.22 |
| CVE-2024-24755 | 2024-02-01 | discourse-group-membership-ip-block is exposing potentially sensitive custom fields |
| CVE-2023-6221 | 2024-02-01 | MachineSense FeverWarn Missing Authentication for Critical Function |
| CVE-2023-46706 | 2024-02-01 | MachineSense FeverWarn Use of Hard-coded Credentials |
| CVE-2023-49617 | 2024-02-01 | MachineSense FeverWarn Missing Authentication for Critical Function |
| CVE-2023-49115 | 2024-02-01 | MachineSense FeverWarn Missing Authentication for Critical Function |
| CVE-2023-47867 | 2024-02-01 | MachineSense FeverWarn Improper Access Control |
| CVE-2023-49610 | 2024-02-01 | MachineSense FeverWarn Improper Input Validation |
| CVE-2024-24756 | 2024-02-01 | Crafatar path traversal vulnerability |
| CVE-2023-36496 | 2024-02-01 | Delegated Admin Virtual Attribute Provider Privilege Escalation |
| CVE-2024-21852 | 2024-02-01 | Rapid SCADA Path Traversal |
| CVE-2024-22096 | 2024-02-01 | Relative Path Traversal in Rapid SCADA |
| CVE-2024-22016 | 2024-02-01 | Incorrect Permission Assignment for Critical Resource in Rapid SCADA |
| CVE-2024-21794 | 2024-02-01 | Open Redirect in Rapid SCADA |
| CVE-2024-21764 | 2024-02-01 | Use of Hard-Coded Credentials in Rapid SCADA |
| CVE-2024-21869 | 2024-02-01 | Plaintext Storage of a Password in Rapid SCADA |
| CVE-2024-21866 | 2024-02-01 | Generation of Error Message Containing Sensitive Information in Rapid SCADA |
| CVE-2023-50939 | 2024-02-01 | IBM PowerSC information Disclosure |
| CVE-2024-22779 | 2024-02-02 | Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. |
| CVE-2024-24482 | 2024-02-02 | Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. |
| CVE-2024-24524 | 2024-02-02 | Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. |