VULNMAP - Security Vulnerabilities

CVE List - 2024 / February

Showing 1901 - 2000 of 2784 CVEs for February 2024 (Page 20 of 28)

CVE ID Date Title
CVE-2024-25905 2024-02-21 WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-0593 2024-02-21 The Simple Job Board plugin for WordPress is vulnerable to...
CVE-2024-1081 2024-02-21 The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress...
CVE-2024-25904 2024-02-21 WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-24876 2024-02-21 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-24872 2024-02-21 WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-24849 2024-02-21 WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-24843 2024-02-21 WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-24837 2024-02-21 Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins
CVE-2023-52440 2024-02-21 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
CVE-2023-52441 2024-02-21 ksmbd: fix out of bounds in init_smb2_rsp_hdr()
CVE-2023-52442 2024-02-21 ksmbd: validate session id and tree id in compound request
CVE-2024-24802 2024-02-21 WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-24798 2024-02-21 WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-7235 2024-02-21 The OpenVPN GUI installer before version 2.6.9 did not set...
CVE-2023-47795 2024-02-21 Stored cross-site scripting (XSS) vulnerability in the Document and Media...
CVE-2023-33843 2024-02-21 IBM InfoSphere Information Server cross-site scripting
CVE-2023-50955 2024-02-21 IBM InfoSphere Information Server information disclosure
CVE-2024-26582 2024-02-21 net: tls: fix use-after-free with partial reads and async decrypt
CVE-2024-26583 2024-02-21 tls: fix race between async notify and socket close
CVE-2024-26584 2024-02-21 net: tls: handle backlogging of crypto requests
CVE-2024-26585 2024-02-21 tls: fix race between tx work scheduling and socket close
CVE-2024-1708 2024-02-21 Improper limitation of a pathname to a restricted directory (“path traversal”)
CVE-2024-1700 2024-02-21 keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting
CVE-2024-1701 2024-02-21 keerti1924 PHP-MYSQL-User-Login-System edit.php access control
CVE-2024-1474 2024-02-21 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface
CVE-2024-1709 2024-02-21 Authentication bypass using an alternate path or channel
CVE-2023-46241 2024-02-21 Potential account take over due to unverified emails from Microsoft Identity Platform
CVE-2024-20325 2024-02-21 A vulnerability in the Live Data server of Cisco Unified...
CVE-2024-23346 2024-02-21 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
CVE-2024-25117 2024-02-21 php-svg-lib lacks path validation on font through SVG inline styles
CVE-2024-26130 2024-02-21 cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
CVE-2024-1702 2024-02-21 keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection
CVE-2024-26133 2024-02-21 EventStoreDB Projections Subsystem has potential password leak
CVE-2024-26138 2024-02-21 License information is public, exposing instance id and license holder details
CVE-2024-1714 2024-02-21 Access Request for Entitlement Values with Leading/Trailing Whitespace
CVE-2024-1703 2024-02-21 ZhongBangKeJi CRMEB openfile absolute path traversal
CVE-2024-26145 2024-02-21 Uninvited user is able to join and mark the attendance of the the private event
CVE-2024-1704 2024-02-21 ZhongBangKeJi CRMEB crud delete path traversal
CVE-2024-1705 2024-02-21 Shopwind Installation DefaultController.php actionCreate code injection
CVE-2024-1212 2024-02-21 LoadMaster Pre-Authenticated OS Command Injection
CVE-2024-1706 2024-02-21 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting
CVE-2024-22473 2024-02-21 Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices
CVE-2024-1707 2024-02-21 GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings cross site scripting
CVE-2023-6533 2024-02-21 Silicon Labs PC Controller Denial of Service Vulnerability
CVE-2023-6640 2024-02-21 Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
CVE-2024-23654 2024-02-21 discourse-ai admin-initiated SSRF when interacting with AI services
CVE-2024-25124 2024-02-21 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
CVE-2024-26147 2024-02-21 Helm's Missing YAML Content Leads To Panic
CVE-2024-26148 2024-02-21 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation
CVE-2023-3509 2024-02-21 Incorrect Authorization in GitLab
CVE-2024-0446 2024-02-21 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-0861 2024-02-21 Direct Request ('Forced Browsing') in GitLab
CVE-2024-1525 2024-02-21 Authentication Bypass Using an Alternate Path or Channel in GitLab
CVE-2024-1451 2024-02-21 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2024-0410 2024-02-21 Improper Enforcement of Behavioral Workflow in GitLab
CVE-2023-6477 2024-02-21 Incorrect Privilege Assignment in GitLab
CVE-2024-23120 2024-02-21 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2022-25377 2024-02-22 The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2...
CVE-2023-52160 2024-02-22 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication...
CVE-2023-52161 2024-02-22 The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet...
CVE-2024-22547 2024-02-22 WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).
CVE-2024-25251 2024-02-22 code-projects Agro-School Management System 1.0 is suffers from Incorrect Access...
CVE-2024-25369 2024-02-22 A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows...
CVE-2024-25385 2024-02-22 An issue in flvmeta v.1.2.2 allows a local attacker to...
CVE-2024-25423 2024-02-22 An issue in MAXON CINEMA 4D R2024.2.0 allows a local...
CVE-2024-25746 2024-02-22 Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with...
CVE-2024-25748 2024-02-22 A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9...
CVE-2024-25753 2024-02-22 Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with...
CVE-2024-25756 2024-02-22 A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0...
CVE-2024-25802 2024-02-22 SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add...
CVE-2024-25828 2024-02-22 cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.
CVE-2024-25850 2024-02-22 Netis WF2780 v2.1.40144 was discovered to contain a command injection...
CVE-2024-25851 2024-02-22 Netis WF2780 v2.1.40144 was discovered to contain a command injection...
CVE-2024-25873 2024-02-22 Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability...
CVE-2024-25874 2024-02-22 A cross-site scripting (XSS) vulnerability in the New/Edit Article module...
CVE-2024-25875 2024-02-22 A cross-site scripting (XSS) vulnerability in the Header module of...
CVE-2024-25876 2024-02-22 A cross-site scripting (XSS) vulnerability in the Header module of...
CVE-2024-26349 2024-02-22 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery...
CVE-2024-26351 2024-02-22 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery...
CVE-2024-26352 2024-02-22 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery...
CVE-2024-26445 2024-02-22 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery...
CVE-2024-26481 2024-02-22 Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS...
CVE-2024-26482 2024-02-22 An HTML injection vulnerability exists in the Edit Content Layout...
CVE-2024-26484 2024-02-22 A stored cross-site scripting (XSS) vulnerability in the Edit Content...
CVE-2024-26490 2024-02-22 A cross-site scripting (XSS) vulnerability in the Addon JD Simple...
CVE-2024-26491 2024-02-22 A cross-site scripting (XSS) vulnerability in the Addon JD Flusity...
CVE-2024-27283 2024-02-22 A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5....
CVE-2024-23094 2024-02-22 Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery...
CVE-2024-25801 2024-02-22 SKINsoft S-Museum 7.02.3 allows XSS via the filename of an...
CVE-2024-26350 2024-02-22 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery...
CVE-2024-26483 2024-02-22 An arbitrary file upload vulnerability in the Profile Image module...
CVE-2024-26489 2024-02-22 A cross-site scripting (XSS) vulnerability in the Addon JD Flusity...
CVE-2023-4895 2024-02-22 Missing Authorization in GitLab
CVE-2024-23121 2024-02-22 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-23122 2024-02-22 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-23123 2024-02-22 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-23124 2024-02-22 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-23125 2024-02-22 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-23126 2024-02-22 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software