CVE List - 2024 / February
Showing 901 - 1000 of 2784 CVEs for February 2024 (Page 10 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-24928 | 2024-02-12 | WordPress Content Cards Plugin <= 0.9.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24927 | 2024-02-12 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24889 | 2024-02-12 | WordPress All 404 Pages Redirect to Homepage Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51403 | 2024-02-12 | WordPress Restaurant Reservations Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51370 | 2024-02-12 | WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50875 | 2024-02-12 | WordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47526 | 2024-02-12 | WordPress Chartify Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-25100 | 2024-02-12 | WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection |
| CVE-2024-24926 | 2024-02-12 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection |
| CVE-2024-24797 | 2024-02-12 | WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection |
| CVE-2024-24796 | 2024-02-12 | WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection |
| CVE-2024-23513 | 2024-02-12 | WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection |
| CVE-2023-41703 | 2024-02-12 | User ID references at mentions in document comments were not... |
| CVE-2023-41704 | 2024-02-12 | Processing of CID references at E-Mail can be abused to... |
| CVE-2023-41705 | 2024-02-12 | Processing of user-defined DAV user-agent strings is not limited. Availability... |
| CVE-2023-41706 | 2024-02-12 | Processing time of drive search expressions now gets monitored, and... |
| CVE-2023-41707 | 2024-02-12 | Processing of user-defined mail search expressions is not limited. Availability... |
| CVE-2023-41708 | 2024-02-12 | References to the "app loader" functionality could contain redirects to... |
| CVE-2024-23512 | 2024-02-12 | WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection |
| CVE-2023-46615 | 2024-02-12 | WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection |
| CVE-2024-24935 | 2024-02-12 | WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24929 | 2024-02-12 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24887 | 2024-02-12 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24884 | 2024-02-12 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24875 | 2024-02-12 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1439 | 2024-02-12 | Inadequate access control vulnerability in Moodle |
| CVE-2024-1062 | 2024-02-12 | 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) |
| CVE-2023-6681 | 2024-02-12 | Jwcrypto: denail of service via specifically crafted jwe |
| CVE-2023-6501 | 2024-02-12 | Splashscreen <= 0.20 - Settings Update via CSRF |
| CVE-2024-0421 | 2024-02-12 | MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure |
| CVE-2024-0250 | 2024-02-12 | Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect |
| CVE-2023-7233 | 2024-02-12 | GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting |
| CVE-2024-0420 | 2024-02-12 | MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS |
| CVE-2023-6499 | 2024-02-12 | lasTunes <= 3.6.1 - Settings Update via CSRF |
| CVE-2024-0248 | 2024-02-12 | EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management |
| CVE-2024-0566 | 2024-02-12 | Smart Manager < 8.28.0 - Admin+ SQL Injection |
| CVE-2023-6591 | 2024-02-12 | Popup Box Pro < 20.9.0 - Admin+ Stored XSS |
| CVE-2023-6082 | 2024-02-12 | Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting |
| CVE-2023-6036 | 2024-02-12 | Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass |
| CVE-2023-6294 | 2024-02-12 | popup-builder < 4.2.6 - Admin+ SSRF & File Read |
| CVE-2023-6081 | 2024-02-12 | Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart |
| CVE-2022-38714 | 2024-02-12 | IBM DataStage on Cloud Pak for Data information disclosure |
| CVE-2022-34310 | 2024-02-12 | IBM CICS TX information disclosure |
| CVE-2024-0170 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2022-34311 | 2024-02-12 | IBM CICS TX session fixation |
| CVE-2024-0169 | 2024-02-12 | Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization... |
| CVE-2024-0168 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains a Command Injection... |
| CVE-2024-0167 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-0166 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-0165 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-0164 | 2024-02-12 | Dell Unity, versions prior to 5.4, contain an OS Command... |
| CVE-2024-22227 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-22228 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-22230 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains a Cross-site scripting... |
| CVE-2024-22224 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-22225 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2024-22226 | 2024-02-12 | Dell Unity, versions prior to 5.4, contain a path traversal... |
| CVE-2024-22221 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability.... |
| CVE-2024-22222 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2022-34309 | 2024-02-12 | IBM CICS TX information disclosure |
| CVE-2024-22223 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command... |
| CVE-2022-22506 | 2024-02-12 | IBM Robotic Process Automation information disclosure |
| CVE-2021-4437 | 2024-02-12 | dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos |
| CVE-2024-25110 | 2024-02-12 | Azure IoT Platform Device SDK Remote Code Execution Vulnerability |
| CVE-2024-25108 | 2024-02-12 | Insufficient authorization allowing elevated access to resources in pixelfed |
| CVE-2024-23833 | 2024-02-12 | OpenRefine JDBC Attack Vulnerability |
| CVE-2024-1459 | 2024-02-12 | Undertow: directory traversal vulnerability |
| CVE-2024-1250 | 2024-02-12 | Privilege Chaining in GitLab |
| CVE-2024-25112 | 2024-02-12 | Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2 |
| CVE-2024-24826 | 2024-02-12 | Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2 |
| CVE-2024-1454 | 2024-02-12 | Opensc: memory use after free in authentic driver when updating token info |
| CVE-2023-28018 | 2024-02-12 | HCL Connections s vulnerable to possible denial of service for certain users |
| CVE-2022-48623 | 2024-02-13 | The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses... |
| CVE-2023-26562 | 2024-02-13 | In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account... |
| CVE-2023-50808 | 2024-02-13 | Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based... |
| CVE-2023-38960 | 2024-02-13 | Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build... |
| CVE-2023-42374 | 2024-02-13 | An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a... |
| CVE-2023-45206 | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0,... |
| CVE-2023-45207 | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0,... |
| CVE-2023-48432 | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0,... |
| CVE-2023-49339 | 2024-02-13 | Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via... |
| CVE-2023-52059 | 2024-02-13 | A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers... |
| CVE-2023-52060 | 2024-02-13 | A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers... |
| CVE-2023-52431 | 2024-02-13 | The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to... |
| CVE-2024-22923 | 2024-02-13 | SQL injection vulnerability in adv radius v.2.2.5 allows a local... |
| CVE-2024-24142 | 2024-02-13 | Sourcecodester School Task Manager 1.0 allows SQL Injection via the... |
| CVE-2024-25407 | 2024-02-13 | SteVe v3.6.0 was discovered to use predictable transaction ID's when... |
| CVE-2024-22126 | 2024-02-13 | Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application) |
| CVE-2024-22128 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML |
| CVE-2024-22130 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI |
| CVE-2024-22131 | 2024-02-13 | Code Injection vulnerability in SAP ABA (Application Basis) |
| CVE-2024-22132 | 2024-02-13 | Code Injection vulnerability in SAP IDES Systems |
| CVE-2024-24739 | 2024-02-13 | Missing authorization check in SAP BAM (Bank Account Management) |
| CVE-2024-24740 | 2024-02-13 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel) |
| CVE-2024-24742 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) |
| CVE-2024-24743 | 2024-02-13 | XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures) |
| CVE-2023-47218 | 2024-02-13 | QTS, QuTS hero, QuTScloud |
| CVE-2024-25642 | 2024-02-13 | Improper Certificate Validation in SAP Cloud Connector |
| CVE-2023-50358 | 2024-02-13 | QTS, QuTS hero, QuTScloud |
| CVE-2024-25643 | 2024-02-13 | Missing authorization check in SAP Fiori app (My Overtime Requests) |