CVE List - 2024 / February
Showing 901 - 1000 of 2784 CVEs for February 2024 (Page 10 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-24927 | 2024-02-12 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24889 | 2024-02-12 | WordPress All 404 Pages Redirect to Homepage Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51403 | 2024-02-12 | WordPress Restaurant Reservations Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51370 | 2024-02-12 | WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50875 | 2024-02-12 | WordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47526 | 2024-02-12 | WordPress Chartify Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-25100 | 2024-02-12 | WordPress Coupon Referral Program plugin < 1.8.4 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-24926 | 2024-02-12 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection |
| CVE-2024-24797 | 2024-02-12 | WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection |
| CVE-2024-24796 | 2024-02-12 | WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection |
| CVE-2024-23513 | 2024-02-12 | WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection |
| CVE-2023-41703 | 2024-02-12 | User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the... |
| CVE-2023-41704 | 2024-02-12 | Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when... |
| CVE-2023-41705 | 2024-02-12 | Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases.... |
| CVE-2023-41706 | 2024-02-12 | Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due... |
| CVE-2023-41707 | 2024-02-12 | Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases.... |
| CVE-2023-41708 | 2024-02-12 | References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided... |
| CVE-2024-23512 | 2024-02-12 | WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection |
| CVE-2023-46615 | 2024-02-12 | WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection |
| CVE-2024-24935 | 2024-02-12 | WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24929 | 2024-02-12 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24887 | 2024-02-12 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24884 | 2024-02-12 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24875 | 2024-02-12 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-1439 | 2024-02-12 | Inadequate access control vulnerability in Moodle |
| CVE-2024-1062 | 2024-02-12 | 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) |
| CVE-2023-6681 | 2024-02-12 | Jwcrypto: denail of service via specifically crafted jwe |
| CVE-2023-6501 | 2024-02-12 | Splashscreen <= 0.20 - Settings Update via CSRF |
| CVE-2024-0421 | 2024-02-12 | MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure |
| CVE-2024-0250 | 2024-02-12 | Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect |
| CVE-2023-7233 | 2024-02-12 | GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting |
| CVE-2024-0420 | 2024-02-12 | MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS |
| CVE-2023-6499 | 2024-02-12 | lasTunes <= 3.6.1 - Settings Update via CSRF |
| CVE-2024-0248 | 2024-02-12 | EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management |
| CVE-2024-0566 | 2024-02-12 | Smart Manager < 8.28.0 - Admin+ SQL Injection |
| CVE-2023-6591 | 2024-02-12 | Popup Box Pro < 20.9.0 - Admin+ Stored XSS |
| CVE-2023-6082 | 2024-02-12 | Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting |
| CVE-2023-6036 | 2024-02-12 | Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass |
| CVE-2023-6294 | 2024-02-12 | popup-builder < 4.2.6 - Admin+ SSRF & File Read |
| CVE-2023-6081 | 2024-02-12 | Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart |
| CVE-2022-38714 | 2024-02-12 | IBM DataStage on Cloud Pak for Data information disclosure |
| CVE-2022-34310 | 2024-02-12 | IBM CICS TX information disclosure |
| CVE-2024-0170 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute... |
| CVE-2022-34311 | 2024-02-12 | IBM CICS TX session fixation |
| CVE-2024-0169 | 2024-02-12 | Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this... |
| CVE-2024-0168 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating... |
| CVE-2024-0167 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite... |
| CVE-2024-0166 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary... |
| CVE-2024-0165 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating... |
| CVE-2024-0164 | 2024-02-12 | Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary... |
| CVE-2024-22227 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands... |
| CVE-2024-22228 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute... |
| CVE-2024-22230 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out... |
| CVE-2024-22224 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute... |
| CVE-2024-22225 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating... |
| CVE-2024-22226 | 2024-02-12 | Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the... |
| CVE-2024-22221 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information. |
| CVE-2024-22222 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to... |
| CVE-2022-34309 | 2024-02-12 | IBM CICS TX information disclosure |
| CVE-2024-22223 | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to... |
| CVE-2022-22506 | 2024-02-12 | IBM Robotic Process Automation information disclosure |
| CVE-2021-4437 | 2024-02-12 | dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos |
| CVE-2024-25110 | 2024-02-12 | Azure IoT Platform Device SDK Remote Code Execution Vulnerability |
| CVE-2024-25108 | 2024-02-12 | Insufficient authorization allowing elevated access to resources in pixelfed |
| CVE-2024-23833 | 2024-02-12 | OpenRefine JDBC Attack Vulnerability |
| CVE-2024-1459 | 2024-02-12 | Undertow: directory traversal vulnerability |
| CVE-2024-1250 | 2024-02-12 | Privilege Chaining in GitLab |
| CVE-2024-25112 | 2024-02-12 | Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2 |
| CVE-2024-24826 | 2024-02-12 | Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2 |
| CVE-2024-1454 | 2024-02-12 | Opensc: memory use after free in authentic driver when updating token info |
| CVE-2023-28018 | 2024-02-12 | HCL Connections s vulnerable to possible denial of service for certain users |
| CVE-2022-48623 | 2024-02-13 | The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. |
| CVE-2023-26562 | 2024-02-13 | In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. |
| CVE-2023-50808 | 2024-02-13 | Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. |
| CVE-2023-38960 | 2024-02-13 | Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory. |
| CVE-2023-42374 | 2024-02-13 | An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui... |
| CVE-2023-45206 | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to... |
| CVE-2023-45207 | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in... |
| CVE-2023-48432 | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint)... |
| CVE-2023-49339 | 2024-02-13 | Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. |
| CVE-2023-52059 | 2024-02-13 | A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. |
| CVE-2023-52060 | 2024-02-13 | A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request. |
| CVE-2023-52431 | 2024-02-13 | The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). |
| CVE-2024-22923 | 2024-02-13 | SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. |
| CVE-2024-24142 | 2024-02-13 | Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. |
| CVE-2024-25407 | 2024-02-13 | SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted... |
| CVE-2024-22126 | 2024-02-13 | Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application) |
| CVE-2024-22128 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML |
| CVE-2024-22130 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI |
| CVE-2024-22131 | 2024-02-13 | Code Injection vulnerability in SAP ABA (Application Basis) |
| CVE-2024-22132 | 2024-02-13 | Code Injection vulnerability in SAP IDES Systems |
| CVE-2024-24739 | 2024-02-13 | Missing authorization check in SAP BAM (Bank Account Management) |
| CVE-2024-24740 | 2024-02-13 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel) |
| CVE-2024-24742 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) |
| CVE-2024-24743 | 2024-02-13 | XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures) |
| CVE-2023-47218 | 2024-02-13 | QTS, QuTS hero, QuTScloud |
| CVE-2024-25642 | 2024-02-13 | Improper Certificate Validation in SAP Cloud Connector |
| CVE-2023-50358 | 2024-02-13 | QTS, QuTS hero, QuTScloud |
| CVE-2024-25643 | 2024-02-13 | Missing authorization check in SAP Fiori app (My Overtime Requests) |
| CVE-2024-22129 | 2024-02-13 | Cross-Site Scripting (XSS) vulnerability in SAP Companion |