CVE List - 2024 / February
Showing 1901 - 2000 of 2784 CVEs for February 2024 (Page 20 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-0593 | 2024-02-21 | The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including,... |
| CVE-2024-1081 | 2024-02-21 | The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due... |
| CVE-2024-25904 | 2024-02-21 | WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24876 | 2024-02-21 | WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24872 | 2024-02-21 | WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24849 | 2024-02-21 | WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24843 | 2024-02-21 | WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24837 | 2024-02-21 | Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins |
| CVE-2023-52440 | 2024-02-21 | ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() |
| CVE-2023-52441 | 2024-02-21 | ksmbd: fix out of bounds in init_smb2_rsp_hdr() |
| CVE-2023-52442 | 2024-02-21 | ksmbd: validate session id and tree id in compound request |
| CVE-2024-24802 | 2024-02-21 | WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24798 | 2024-02-21 | WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-7235 | 2024-02-21 | The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows... |
| CVE-2023-47795 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92... |
| CVE-2023-33843 | 2024-02-21 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-50955 | 2024-02-21 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-26582 | 2024-02-21 | net: tls: fix use-after-free with partial reads and async decrypt |
| CVE-2024-26583 | 2024-02-21 | tls: fix race between async notify and socket close |
| CVE-2024-26584 | 2024-02-21 | net: tls: handle backlogging of crypto requests |
| CVE-2024-26585 | 2024-02-21 | tls: fix race between tx work scheduling and socket close |
| CVE-2024-1708 | 2024-02-21 | Improper limitation of a pathname to a restricted directory (“path traversal”) |
| CVE-2024-1700 | 2024-02-21 | keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting |
| CVE-2024-1701 | 2024-02-21 | keerti1924 PHP-MYSQL-User-Login-System edit.php access control |
| CVE-2024-1474 | 2024-02-21 | WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface |
| CVE-2024-1709 | 2024-02-21 | Authentication bypass using an alternate path or channel |
| CVE-2023-46241 | 2024-02-21 | Potential account take over due to unverified emails from Microsoft Identity Platform |
| CVE-2024-20325 | 2024-02-21 | A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an... |
| CVE-2024-23346 | 2024-02-21 | pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string |
| CVE-2024-25117 | 2024-02-21 | php-svg-lib lacks path validation on font through SVG inline styles |
| CVE-2024-26130 | 2024-02-21 | cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override |
| CVE-2024-1702 | 2024-02-21 | keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection |
| CVE-2024-26133 | 2024-02-21 | EventStoreDB Projections Subsystem has potential password leak |
| CVE-2024-26138 | 2024-02-21 | License information is public, exposing instance id and license holder details |
| CVE-2024-1714 | 2024-02-21 | Access Request for Entitlement Values with Leading/Trailing Whitespace |
| CVE-2024-1703 | 2024-02-21 | ZhongBangKeJi CRMEB openfile absolute path traversal |
| CVE-2024-26145 | 2024-02-21 | Uninvited user is able to join and mark the attendance of the the private event |
| CVE-2024-1704 | 2024-02-21 | ZhongBangKeJi CRMEB crud delete path traversal |
| CVE-2024-1705 | 2024-02-21 | Shopwind Installation DefaultController.php actionCreate code injection |
| CVE-2024-1212 | 2024-02-21 | LoadMaster Pre-Authenticated OS Command Injection |
| CVE-2024-1706 | 2024-02-21 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting |
| CVE-2024-22473 | 2024-02-21 | Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices |
| CVE-2024-1707 | 2024-02-21 | GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings cross site scripting |
| CVE-2023-6533 | 2024-02-21 | Silicon Labs PC Controller Denial of Service Vulnerability |
| CVE-2023-6640 | 2024-02-21 | Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability |
| CVE-2024-23654 | 2024-02-21 | discourse-ai admin-initiated SSRF when interacting with AI services |
| CVE-2024-25124 | 2024-02-21 | Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials |
| CVE-2024-26147 | 2024-02-21 | Helm's Missing YAML Content Leads To Panic |
| CVE-2024-26148 | 2024-02-21 | Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation |
| CVE-2023-3509 | 2024-02-21 | Incorrect Authorization in GitLab |
| CVE-2024-0446 | 2024-02-21 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-0861 | 2024-02-21 | Direct Request ('Forced Browsing') in GitLab |
| CVE-2024-1525 | 2024-02-21 | Authentication Bypass Using an Alternate Path or Channel in GitLab |
| CVE-2024-1451 | 2024-02-21 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-0410 | 2024-02-21 | Improper Enforcement of Behavioral Workflow in GitLab |
| CVE-2023-6477 | 2024-02-21 | Incorrect Privilege Assignment in GitLab |
| CVE-2024-23120 | 2024-02-21 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2022-25377 | 2024-02-22 | The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist... |
| CVE-2024-22547 | 2024-02-22 | WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2024-25251 | 2024-02-22 | code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control. |
| CVE-2024-25369 | 2024-02-22 | A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. |
| CVE-2024-25385 | 2024-02-22 | An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close. |
| CVE-2024-25423 | 2024-02-22 | An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file. |
| CVE-2024-25746 | 2024-02-22 | Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function. |
| CVE-2024-25748 | 2024-02-22 | A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function. |
| CVE-2024-25753 | 2024-02-22 | Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function. |
| CVE-2024-25756 | 2024-02-22 | A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function. |
| CVE-2024-25802 | 2024-02-22 | SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content. |
| CVE-2024-25828 | 2024-02-22 | cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. |
| CVE-2024-25850 | 2024-02-22 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter |
| CVE-2024-25851 | 2024-02-22 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. |
| CVE-2024-25873 | 2024-02-22 | Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted... |
| CVE-2024-25874 | 2024-02-22 | A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-25875 | 2024-02-22 | A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle... |
| CVE-2024-25876 | 2024-02-22 | A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title... |
| CVE-2024-26349 | 2024-02-22 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php |
| CVE-2024-26351 | 2024-02-22 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php |
| CVE-2024-26352 | 2024-02-22 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php |
| CVE-2024-26445 | 2024-02-22 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php |
| CVE-2024-26481 | 2024-02-22 | Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. |
| CVE-2024-26482 | 2024-02-22 | An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as... |
| CVE-2024-26484 | 2024-02-22 | A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2024-26490 | 2024-02-22 | A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-26491 | 2024-02-22 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2024-27283 | 2024-02-22 | A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. |
| CVE-2023-52160 | 2024-02-22 | The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication,... |
| CVE-2023-52161 | 2024-02-22 | The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete... |
| CVE-2024-23094 | 2024-02-22 | Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php |
| CVE-2024-25801 | 2024-02-22 | SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file. |
| CVE-2024-26350 | 2024-02-22 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php |
| CVE-2024-26483 | 2024-02-22 | An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. |
| CVE-2024-26489 | 2024-02-22 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2023-4895 | 2024-02-22 | Missing Authorization in GitLab |
| CVE-2024-23121 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-23122 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-23123 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-23124 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-23125 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-23126 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |
| CVE-2024-23127 | 2024-02-22 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software |