CVE List - 2024 / February
Showing 1701 - 1800 of 2784 CVEs for February 2024 (Page 18 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-23305 | 2024-02-20 | An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code... |
| CVE-2024-22097 | 2024-02-20 | A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code... |
| CVE-2024-1470 | 2024-02-20 | Elevation of Privilege attack on NetIQ Client login extension |
| CVE-2024-21726 | 2024-02-20 | [20240205] - Core - Inadequate content filtering within the filter code |
| CVE-2024-21722 | 2024-02-20 | [20240201] - Core - Insufficient session expiration in MFA management views |
| CVE-2024-21724 | 2024-02-20 | [20240203] - Core - XSS in media selection fields |
| CVE-2024-21725 | 2024-02-20 | [20240204] - Core - XSS in mail address outputs |
| CVE-2024-21723 | 2024-02-20 | [20240202] - Core - Open redirect in installation application |
| CVE-2023-47634 | 2024-02-20 | Decidim has race condition in Endorsements |
| CVE-2023-47635 | 2024-02-20 | Decidim vulnerable to possible CSRF attack at questionnaire templates preview |
| CVE-2024-22054 | 2024-02-20 | A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi... |
| CVE-2024-0794 | 2024-02-20 | Certain LaserJet Pro, HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow, Potential Remote Code Execution |
| CVE-2023-48220 | 2024-02-20 | Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period |
| CVE-2023-51447 | 2024-02-20 | Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads |
| CVE-2024-24763 | 2024-02-20 | JumpServer Open Redirect Vulnerability |
| CVE-2024-22245 | 2024-02-20 | Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin |
| CVE-2024-22250 | 2024-02-20 | Session Hijack Vulnerability in Deprecated EAP Browser Plugin |
| CVE-2024-25630 | 2024-02-20 | Cilium has unencrypted ingress/health traffic when using Wireguard transparent encryption |
| CVE-2024-21682 | 2024-02-20 | This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that... |
| CVE-2024-21678 | 2024-02-20 | This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to... |
| CVE-2023-52434 | 2024-02-20 | smb: client: fix potential OOBs in smb2_parse_contexts() |
| CVE-2024-25631 | 2024-02-20 | Unencrypted traffic between pods when using Wireguard and an external kvstore |
| CVE-2024-26131 | 2024-02-20 | Element Android Intent Redirection |
| CVE-2023-37495 | 2024-02-20 | HCL Domino is susceptible to a weak cryptography vulnerability |
| CVE-2023-6881 | 2024-02-20 | fs: fuse: buffer overflow vulnerability in the Zephyr FS |
| CVE-2023-52435 | 2024-02-20 | net: prevent mss overflow in skb_segment() |
| CVE-2024-26132 | 2024-02-20 | Element Android can be asked to share internal files. |
| CVE-2023-52436 | 2024-02-20 | f2fs: explicitly null-terminate the xattr list |
| CVE-2023-52438 | 2024-02-20 | binder: fix use-after-free in shinker's callback |
| CVE-2023-52439 | 2024-02-20 | uio: Fix use-after-free in uio_open |
| CVE-2024-0407 | 2024-02-20 | Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Information Disclosure |
| CVE-2023-6247 | 2024-02-20 | The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing. |
| CVE-2024-0616 | 2024-02-20 | The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it... |
| CVE-2024-1334 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect... |
| CVE-2024-0792 | 2024-02-20 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to... |
| CVE-2024-1242 | 2024-02-20 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient... |
| CVE-2024-0602 | 2024-02-20 | The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to... |
| CVE-2024-1390 | 2024-02-20 | The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the... |
| CVE-2024-1447 | 2024-02-20 | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient... |
| CVE-2024-0983 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up... |
| CVE-2024-1318 | 2024-02-20 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing... |
| CVE-2024-1448 | 2024-02-20 | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due... |
| CVE-2023-6806 | 2024-02-20 | The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input... |
| CVE-2024-1128 | 2024-02-20 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient... |
| CVE-2024-0442 | 2024-02-20 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient... |
| CVE-2024-0438 | 2024-02-20 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including,... |
| CVE-2024-0379 | 2024-02-20 | The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This... |
| CVE-2024-1339 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect... |
| CVE-2023-6923 | 2024-02-20 | The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due... |
| CVE-2023-6565 | 2024-02-20 | The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for... |
| CVE-2024-1337 | 2024-02-20 | The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and... |
| CVE-2024-1340 | 2024-02-20 | The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions... |
| CVE-2024-1091 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up... |
| CVE-2024-0513 | 2024-02-20 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect... |
| CVE-2024-0620 | 2024-02-20 | The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for... |
| CVE-2024-1236 | 2024-02-20 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter... |
| CVE-2024-1044 | 2024-02-20 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to,... |
| CVE-2024-0506 | 2024-02-20 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all... |
| CVE-2024-1475 | 2024-02-20 | The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible... |
| CVE-2024-1492 | 2024-02-20 | The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and... |
| CVE-2024-1570 | 2024-02-20 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password... |
| CVE-2024-1425 | 2024-02-20 | The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... |
| CVE-2024-1519 | 2024-02-20 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter... |
| CVE-2024-1277 | 2024-02-20 | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output... |
| CVE-2024-1338 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect... |
| CVE-2024-1349 | 2024-02-20 | The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... |
| CVE-2024-1411 | 2024-02-20 | The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15... |
| CVE-2024-1472 | 2024-02-20 | The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers... |
| CVE-2024-1408 | 2024-02-20 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box... |
| CVE-2024-1235 | 2024-02-20 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient... |
| CVE-2024-1282 | 2024-02-20 | The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including,... |
| CVE-2024-1217 | 2024-02-20 | The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the... |
| CVE-2024-1496 | 2024-02-20 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient... |
| CVE-2024-1586 | 2024-02-20 | The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26... |
| CVE-2024-1089 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up... |
| CVE-2024-0621 | 2024-02-20 | The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization... |
| CVE-2024-0978 | 2024-02-20 | The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for... |
| CVE-2024-0515 | 2024-02-20 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect... |
| CVE-2024-1070 | 2024-02-20 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization... |
| CVE-2024-1322 | 2024-02-20 | The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard'... |
| CVE-2024-0656 | 2024-02-20 | The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in... |
| CVE-2024-1288 | 2024-02-20 | The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in... |
| CVE-2024-1276 | 2024-02-20 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in... |
| CVE-2024-0514 | 2024-02-20 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect... |
| CVE-2024-1206 | 2024-02-20 | The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the... |
| CVE-2024-0512 | 2024-02-20 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect... |
| CVE-2024-1335 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect... |
| CVE-2024-0702 | 2024-02-20 | The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in... |
| CVE-2024-1054 | 2024-02-20 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input... |
| CVE-2024-1445 | 2024-02-20 | The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.8 due to insufficient input... |
| CVE-2024-0590 | 2024-02-20 | The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id()... |
| CVE-2024-0658 | 2024-02-20 | The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including,... |
| CVE-2024-1336 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect... |
| CVE-2024-0984 | 2024-02-20 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up... |
| CVE-2024-1389 | 2024-02-20 | The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the... |
| CVE-2024-1317 | 2024-02-20 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all... |
| CVE-2024-0821 | 2024-02-20 | The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to,... |
| CVE-2024-0604 | 2024-02-20 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient... |
| CVE-2024-0516 | 2024-02-20 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up... |
| CVE-2024-0838 | 2024-02-20 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and... |