CVE List - 2024 / February
Showing 601 - 700 of 2784 CVEs for February 2024 (Page 7 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-38995 | 2024-02-07 | An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain... |
| CVE-2024-23769 | 2024-02-07 | Improper privilege control for the named pipe in Samsung Magician... |
| CVE-2024-24019 | 2024-02-07 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior... |
| CVE-2024-24131 | 2024-02-07 | SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting... |
| CVE-2024-24186 | 2024-02-07 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow... |
| CVE-2024-24311 | 2024-02-07 | Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap... |
| CVE-2024-24488 | 2024-02-07 | An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a... |
| CVE-2024-1265 | 2024-02-07 | CodeAstro University Management System Attendance Management att_add.php cross site scripting |
| CVE-2024-1266 | 2024-02-07 | CodeAstro University Management System Student Registration Form st_reg.php cross site scripting |
| CVE-2024-22021 | 2024-02-07 | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a... |
| CVE-2024-22022 | 2024-02-07 | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has... |
| CVE-2024-1267 | 2024-02-07 | CodeAstro Restaurant POS System create_account.php cross site scripting |
| CVE-2024-1268 | 2024-02-07 | CodeAstro Restaurant POS System update_product.php unrestricted upload |
| CVE-2024-1269 | 2024-02-07 | SourceCodester Product Management System supplier.php cross site scripting |
| CVE-2024-24810 | 2024-02-07 | WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges |
| CVE-2023-6388 | 2024-02-07 | Suite CRM v7.14.2 - SSRF |
| CVE-2024-0849 | 2024-02-07 | Leanote 2.7.0 - Local File Read |
| CVE-2024-23446 | 2024-02-07 | Kibana Broken Access Control issue |
| CVE-2024-23447 | 2024-02-07 | Elastic Network Drive Connector Improper Access Control |
| CVE-2024-0256 | 2024-02-07 | The Starbox plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-1055 | 2024-02-07 | The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)... |
| CVE-2024-0628 | 2024-02-07 | The WP RSS Aggregator plugin for WordPress is vulnerable to... |
| CVE-2024-1037 | 2024-02-07 | The All-In-One Security (AIOS) – Security and Firewall plugin for... |
| CVE-2024-0977 | 2024-02-07 | The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal... |
| CVE-2024-1079 | 2024-02-07 | The Quiz Maker plugin for WordPress is vulnerable to unauthorized... |
| CVE-2024-1078 | 2024-02-07 | The Quiz Maker plugin for WordPress is vulnerable to unauthorized... |
| CVE-2023-51437 | 2024-02-07 | Apache Pulsar: Timing attack in SASL token signature verification |
| CVE-2024-1110 | 2024-02-07 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to... |
| CVE-2024-1109 | 2024-02-07 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to... |
| CVE-2024-1118 | 2024-02-07 | The Podlove Subscribe button plugin for WordPress is vulnerable to... |
| CVE-2023-39196 | 2024-02-07 | Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints |
| CVE-2024-25143 | 2024-02-07 | The Document and Media widget In Liferay Portal 7.2.0 through... |
| CVE-2024-24771 | 2024-02-07 | Open Forms potential multi-factor authentication bypass |
| CVE-2024-24811 | 2024-02-07 | Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution |
| CVE-2024-25145 | 2024-02-07 | Stored cross-site scripting (XSS) vulnerability in the Portal Search module's... |
| CVE-2024-24812 | 2024-02-07 | Frappe Authenticated Reflected Cross site scripting (XSS) in portal pages |
| CVE-2024-24815 | 2024-02-07 | CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection |
| CVE-2024-22012 | 2024-02-07 | there is a possible out of bounds write due to... |
| CVE-2023-32328 | 2024-02-07 | IBM Security Verify Access information disclosure |
| CVE-2023-32330 | 2024-02-07 | IBM Security Verify Access man in the middle |
| CVE-2023-43017 | 2024-02-07 | IBM Security Verify Access man in the middle |
| CVE-2023-31002 | 2024-02-07 | IBM Security Access Manager Container information disclosure |
| CVE-2023-38369 | 2024-02-07 | IBM Security Access Manager Container information disclosure |
| CVE-2024-20252 | 2024-02-07 | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video... |
| CVE-2024-20254 | 2024-02-07 | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video... |
| CVE-2024-20255 | 2024-02-07 | A vulnerability in the SOAP API of Cisco Expressway Series... |
| CVE-2024-20290 | 2024-02-07 | A vulnerability in the OLE2 file format parser of ClamAV... |
| CVE-2023-47700 | 2024-02-07 | IBM Storage Virtualize improper certificate validation |
| CVE-2024-23806 | 2024-02-07 | HID Global Reader Configuration Cards Improper Authorization |
| CVE-2024-24706 | 2024-02-07 | WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24816 | 2024-02-07 | Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature |
| CVE-2024-24563 | 2024-02-07 | Vyper array negative index vulnerability |
| CVE-2024-24822 | 2024-02-07 | Pimcore Admin Classic Bundle permissions are not getting checked when working with tags |
| CVE-2024-24823 | 2024-02-07 | graylog2-server Session Fixation vulnerability through cookie injection |
| CVE-2024-24824 | 2024-02-07 | graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request |
| CVE-2023-6356 | 2024-02-07 | Kernel: null pointer dereference in nvmet_tcp_build_iovec |
| CVE-2023-6535 | 2024-02-07 | Kernel: null pointer dereference in nvmet_tcp_execute_request |
| CVE-2023-6536 | 2024-02-07 | Kernel: null pointer dereference in __nvmet_req_complete |
| CVE-2024-23448 | 2024-02-07 | APM Server Insertion of Sensitive Information into Log File |
| CVE-2024-24806 | 2024-02-07 | Improper Domain Lookup that potentially leads to SSRF attacks in libuv |
| CVE-2024-1066 | 2024-02-07 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-6840 | 2024-02-07 | Missing Authorization in GitLab |
| CVE-2023-6736 | 2024-02-07 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-25365 | 2024-02-08 | Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows... |
| CVE-2023-27001 | 2024-02-08 | An issue discovered in Egerie Risk Manager v4.0.5 allows attackers... |
| CVE-2023-40262 | 2024-02-08 | An issue was discovered in Atos Unify OpenScape Voice Trace... |
| CVE-2023-40264 | 2024-02-08 | An issue was discovered in Atos Unify OpenScape Voice Trace... |
| CVE-2023-47020 | 2024-02-08 | Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler... |
| CVE-2023-47131 | 2024-02-08 | The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive... |
| CVE-2023-47132 | 2024-02-08 | An issue discovered in N-able N-central before 2023.6 and earlier... |
| CVE-2023-48974 | 2024-02-08 | Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61... |
| CVE-2023-49101 | 2024-02-08 | WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and... |
| CVE-2023-50061 | 2024-02-08 | PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is... |
| CVE-2024-22836 | 2024-02-08 | An OS command injection vulnerability exists in Akaunting v3.1.3 and... |
| CVE-2024-24017 | 2024-02-08 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior... |
| CVE-2024-24021 | 2024-02-08 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior.... |
| CVE-2024-24023 | 2024-02-08 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior.... |
| CVE-2024-24024 | 2024-02-08 | An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and... |
| CVE-2024-24025 | 2024-02-08 | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and... |
| CVE-2024-24034 | 2024-02-08 | Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect... |
| CVE-2024-24115 | 2024-02-08 | A stored cross-site scripting (XSS) vulnerability in the Edit Page... |
| CVE-2024-24202 | 2024-02-08 | An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community... |
| CVE-2024-24213 | 2024-02-08 | Supabase PostgreSQL v15.1 was discovered to contain a SQL injection... |
| CVE-2024-24215 | 2024-02-08 | An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web... |
| CVE-2024-24321 | 2024-02-08 | An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker... |
| CVE-2024-24496 | 2024-02-08 | An issue in Daily Habit Tracker v.1.0 allows a remote... |
| CVE-2024-25189 | 2024-02-08 | libjwt 1.15.3 uses strcmp (which is not constant time) to... |
| CVE-2024-25190 | 2024-02-08 | l8w8jwt 2.2.1 uses memcmp (which is not constant time) to... |
| CVE-2024-25191 | 2024-02-08 | php-jwt 1.0.0 uses strcmp (which is not constant time) to... |
| CVE-2023-40263 | 2024-02-08 | An issue was discovered in Atos Unify OpenScape Voice Trace... |
| CVE-2023-40265 | 2024-02-08 | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant... |
| CVE-2023-40266 | 2024-02-08 | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant... |
| CVE-2023-42282 | 2024-02-08 | The ip package before 1.1.9 for Node.js might allow SSRF... |
| CVE-2024-22795 | 2024-02-08 | Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local... |
| CVE-2024-23660 | 2024-02-08 | The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f,... |
| CVE-2024-23756 | 2024-02-08 | The HTTP PUT and DELETE methods are enabled in the... |
| CVE-2024-23764 | 2024-02-08 | Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure... |
| CVE-2024-24003 | 2024-02-08 | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo... |
| CVE-2024-24014 | 2024-02-08 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior... |
| CVE-2024-24018 | 2024-02-08 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior... |