CVE List - 2024 / February
Showing 2601 - 2700 of 2784 CVEs for February 2024 (Page 27 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-23807 | 2024-02-28 | Apache Xerces C++: Use-after-free on external DTD scan |
| CVE-2024-24705 | 2024-02-28 | WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24702 | 2024-02-28 | WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6917 | 2024-02-28 | Pcp: unsafe use of directories allows pcp to root privilege escalation |
| CVE-2024-25128 | 2024-02-28 | Flask-AppBuilder incorrect authentication when using auth type OpenID |
| CVE-2024-27083 | 2024-02-28 | Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) |
| CVE-2024-25065 | 2024-02-28 | Apache OFBiz: Path traversal allowing authentication bypass. |
| CVE-2024-23946 | 2024-02-28 | Apache OFBiz: Path traversal or file inclusion |
| CVE-2024-27284 | 2024-02-28 | cassandra-rs non-idiomatic use of iterators leads to use after free |
| CVE-2024-20321 | 2024-02-28 | A vulnerability in the External Border Gateway Protocol (eBGP) implementation... |
| CVE-2024-20267 | 2024-02-28 | A vulnerability with the handling of MPLS traffic for Cisco... |
| CVE-2024-20344 | 2024-02-28 | A vulnerability in system resource management in Cisco UCS 6400... |
| CVE-2024-24701 | 2024-02-28 | WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-20291 | 2024-02-28 | A vulnerability in the access control list (ACL) programming for... |
| CVE-2024-20294 | 2024-02-28 | A vulnerability in the Link Layer Discovery Protocol (LLDP) feature... |
| CVE-2024-23519 | 2024-02-28 | WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-21749 | 2024-02-28 | WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52226 | 2024-02-28 | WordPress Advanced Flamingo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-0560 | 2024-02-28 | Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions |
| CVE-2023-52223 | 2024-02-28 | WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51681 | 2024-02-28 | WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51683 | 2024-02-28 | WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1847 | 2024-02-28 | Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024 |
| CVE-2024-27103 | 2024-02-28 | Querybook Stored Cross-Site Scripting allows Privilege Elevation |
| CVE-2024-27948 | 2024-02-28 | WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51533 | 2024-02-28 | WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51692 | 2024-02-28 | WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control |
| CVE-2024-27285 | 2024-02-28 | YARD's default template vulnerable to Cross-site Scripting in generated frames.html |
| CVE-2024-1970 | 2024-02-28 | SourceCodester Online Learning System V2 index.php cross site scripting |
| CVE-2024-1971 | 2024-02-28 | Surya2Developer Online Shopping System POST Parameter login.php sql injection |
| CVE-2024-1972 | 2024-02-28 | SourceCodester Online Job Portal EditProfile.php cross site scripting |
| CVE-2023-25922 | 2024-02-28 | IBM Security Guardium Key Lifecycle Manager file upload |
| CVE-2023-25925 | 2024-02-28 | IBM Security Guardium Key Lifecycle Manager command injection |
| CVE-2023-5617 | 2024-02-28 | Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information |
| CVE-2024-21798 | 2024-02-28 | ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume... |
| CVE-2024-23910 | 2024-02-28 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers... |
| CVE-2024-25579 | 2024-02-28 | OS command injection vulnerability in ELECOM wireless LAN routers allows... |
| CVE-2024-26146 | 2024-02-28 | Possible Denial of Service Vulnerability in Rack Header Parsing |
| CVE-2024-25126 | 2024-02-28 | Rack ReDos in content type parsing (2nd degree polynomial) |
| CVE-2024-26141 | 2024-02-28 | Possible DoS Vulnerability with Range Header in Rack |
| CVE-2023-51800 | 2024-02-29 | Cross Site Scripting (XSS) vulnerability in School Fees Management System... |
| CVE-2023-51802 | 2024-02-29 | Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance... |
| CVE-2024-22871 | 2024-02-29 | An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an... |
| CVE-2024-24028 | 2024-02-29 | Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7... |
| CVE-2024-24110 | 2024-02-29 | SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to... |
| CVE-2024-24246 | 2024-02-29 | Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to... |
| CVE-2024-24520 | 2024-02-29 | An issue in Lepton CMS v.7.0.0 allows a local attacker... |
| CVE-2024-24525 | 2024-02-29 | An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows... |
| CVE-2024-25167 | 2024-02-29 | Cross Site Scripting vulnerability in eblog v1.0 allows a remote... |
| CVE-2024-25180 | 2024-02-29 | An issue discovered in pdfmake 0.2.9 allows remote attackers to... |
| CVE-2024-25239 | 2024-02-29 | SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows... |
| CVE-2024-25811 | 2024-02-29 | An access control issue in Dreamer CMS v4.0.1 allows attackers... |
| CVE-2024-27655 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow... |
| CVE-2024-27656 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow... |
| CVE-2024-27657 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow... |
| CVE-2024-27658 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in... |
| CVE-2024-27659 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in... |
| CVE-2024-27660 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences... |
| CVE-2024-27661 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in... |
| CVE-2024-27662 | 2024-02-29 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences... |
| CVE-2023-51801 | 2024-02-29 | SQL Injection vulnerability in the Simple Student Attendance System v.1.0... |
| CVE-2024-25291 | 2024-02-29 | Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading... |
| CVE-2024-25292 | 2024-02-29 | Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to... |
| CVE-2024-26548 | 2024-02-29 | An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote... |
| CVE-2023-38372 | 2024-02-29 | IBM Watson IoT Platform information disclosure |
| CVE-2024-1938 | 2024-02-29 | Type Confusion in V8 in Google Chrome prior to 122.0.6261.94... |
| CVE-2024-1939 | 2024-02-29 | Type Confusion in V8 in Google Chrome prior to 122.0.6261.94... |
| CVE-2023-25926 | 2024-02-29 | IBM Security Guardium Key Lifecycle Manager XML external entity injection |
| CVE-2023-25921 | 2024-02-29 | IBM Security Guardium Key Lifecycle Manager file upload |
| CVE-2023-27545 | 2024-02-29 | IBM Watson CloudPak for Data Data Stores information disclosure |
| CVE-2023-38367 | 2024-02-29 | IBM Cloud Pak for Automation authentication bypass |
| CVE-2024-0689 | 2024-02-29 | The Custom Field Suite plugin for WordPress is vulnerable to... |
| CVE-2021-39090 | 2024-02-29 | IBM Cloud Pak for Security information disclosure |
| CVE-2024-1468 | 2024-02-29 | The Avada | Website Builder For WordPress & WooCommerce theme... |
| CVE-2024-1341 | 2024-02-29 | The Advanced iFrame plugin for WordPress is vulnerable to Stored... |
| CVE-2023-51696 | 2024-02-29 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51528 | 2024-02-29 | WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51529 | 2024-02-29 | WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51530 | 2024-02-29 | WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51531 | 2024-02-29 | WordPress Thrive Automator Plugin <= 1.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1435 | 2024-02-29 | WordPress Tainacan Plugin <= 0.20.6 is vulnerable to Sensitive Data Exposure |
| CVE-2023-1841 | 2024-02-29 | Honeywell MPA2 Web Application XSS vulnerability |
| CVE-2024-1434 | 2024-02-29 | WordPress Media Alt Renamer Plugin 0.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1437 | 2024-02-29 | WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21752 | 2024-02-29 | WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6090 | 2024-02-29 | WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload |
| CVE-2023-47874 | 2024-02-29 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control |
| CVE-2024-1977 | 2024-02-29 | The Restaurant Solutions – Checklist plugin for WordPress is vulnerable... |
| CVE-2024-1976 | 2024-02-29 | The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site... |
| CVE-2023-50905 | 2024-02-29 | WordPress WP Activity Log Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23501 | 2024-02-29 | WordPress Ebook Store Plugin <= 5.788 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52475 | 2024-02-29 | Input: powermate - fix use-after-free in powermate_config_complete |
| CVE-2023-52476 | 2024-02-29 | perf/x86/lbr: Filter vsyscall addresses |
| CVE-2023-52477 | 2024-02-29 | usb: hub: Guard against accesses to uninitialized BOS descriptors |
| CVE-2023-52478 | 2024-02-29 | HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect |
| CVE-2023-52479 | 2024-02-29 | ksmbd: fix uaf in smb20_oplock_break_ack |
| CVE-2023-52480 | 2024-02-29 | ksmbd: fix race condition between session lookup and expire |
| CVE-2023-52481 | 2024-02-29 | arm64: errata: Add Cortex-A520 speculative unprivileged load workaround |
| CVE-2023-52482 | 2024-02-29 | x86/srso: Add SRSO mitigation for Hygon processors |
| CVE-2023-52483 | 2024-02-29 | mctp: perform route lookups under a RCU read-side lock |