CVE List - 2024 / February
Showing 701 - 800 of 2784 CVEs for February 2024 (Page 8 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-24026 | 2024-02-08 | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and... |
| CVE-2024-24091 | 2024-02-08 | Yealink Meeting Server before v26.0.0.66 was discovered to contain an... |
| CVE-2024-24113 | 2024-02-08 | xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability,... |
| CVE-2024-24216 | 2024-02-08 | Zentao v18.0 to v18.10 was discovered to contain a remote... |
| CVE-2024-24350 | 2024-02-08 | File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and... |
| CVE-2024-24393 | 2024-02-08 | File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote... |
| CVE-2024-24494 | 2024-02-08 | Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows... |
| CVE-2024-24495 | 2024-02-08 | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0... |
| CVE-2024-22394 | 2024-02-08 | An improper authentication vulnerability has been identified in SonicWall SonicOS... |
| CVE-2023-47798 | 2024-02-08 | Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older... |
| CVE-2024-25144 | 2024-02-08 | The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and... |
| CVE-2023-5665 | 2024-02-08 | Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-25146 | 2024-02-08 | Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and... |
| CVE-2024-25148 | 2024-02-08 | In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions,... |
| CVE-2024-0511 | 2024-02-08 | The Royal Elementor Addons and Templates plugin for WordPress is... |
| CVE-2024-1207 | 2024-02-08 | The WP Booking Calendar plugin for WordPress is vulnerable to... |
| CVE-2024-0965 | 2024-02-08 | The Simple Page Access Restriction plugin for WordPress is vulnerable... |
| CVE-2024-23452 | 2024-02-08 | Apache bRPC: HTTP request smuggling vulnerability |
| CVE-2024-22464 | 2024-02-08 | Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all... |
| CVE-2023-6515 | 2024-02-08 | IDOR in Mia Technology's Mia-Med |
| CVE-2024-24886 | 2024-02-08 | WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24885 | 2024-02-08 | WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24881 | 2024-02-08 | WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6564 | 2024-02-08 | Incorrect Authorization in GitLab |
| CVE-2023-6517 | 2024-02-08 | Seeing the SMS Verification Code in Mia Technology's Mia-Med |
| CVE-2023-6518 | 2024-02-08 | Password Disclosure in Mia Technology's Mia-Med |
| CVE-2023-6519 | 2024-02-08 | Seeing admin password hash value in Mia Technology's Mia-Med |
| CVE-2024-24880 | 2024-02-08 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24879 | 2024-02-08 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1312 | 2024-02-08 | Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu |
| CVE-2024-24878 | 2024-02-08 | WordPress Portugal CTT Tracking for WooCommerce Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-7169 | 2024-02-08 | Impersonate vendor signed Powershell scripts |
| CVE-2024-0985 | 2024-02-08 | PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL |
| CVE-2024-1149 | 2024-02-08 | Improper validation of update packages |
| CVE-2024-24877 | 2024-02-08 | WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1150 | 2024-02-08 | Improper validation of update packages |
| CVE-2024-24871 | 2024-02-08 | WordPress Blocksy Theme <= 2.0.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24836 | 2024-02-08 | WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24834 | 2024-02-08 | WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1329 | 2024-02-08 | Nomad Vulnerable to Arbitrary Write Through Symlink Attack |
| CVE-2024-0242 | 2024-02-08 | Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub |
| CVE-2023-51630 | 2024-02-08 | Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability |
| CVE-2024-25107 | 2024-02-08 | Cross-Site Scripting in WikiDiscover |
| CVE-2024-25106 | 2024-02-08 | OpenObserve Unauthorized Access Vulnerability in Users API |
| CVE-2024-24830 | 2024-02-08 | OpenObserve Privilege Escalation Vulnerability in Users API |
| CVE-2024-24825 | 2024-02-08 | TokenManager not checking permissions on cached tokens in DIRAC |
| CVE-2024-24829 | 2024-02-08 | SSRF in Sentry via Phabricator integration |
| CVE-2024-24821 | 2024-02-08 | Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer |
| CVE-2023-31506 | 2024-02-09 | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and... |
| CVE-2023-46350 | 2024-02-09 | SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search"... |
| CVE-2024-24308 | 2024-02-09 | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions... |
| CVE-2024-25306 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via... |
| CVE-2024-25307 | 2024-02-09 | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via... |
| CVE-2024-25308 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via... |
| CVE-2024-25309 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via... |
| CVE-2024-25310 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via... |
| CVE-2024-25312 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via... |
| CVE-2024-25313 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via... |
| CVE-2024-25316 | 2024-02-09 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the... |
| CVE-2024-25318 | 2024-02-09 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the... |
| CVE-2024-25442 | 2024-02-09 | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows... |
| CVE-2024-25445 | 2024-02-09 | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads... |
| CVE-2024-25446 | 2024-02-09 | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows... |
| CVE-2024-25448 | 2024-02-09 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows... |
| CVE-2024-25450 | 2024-02-09 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the... |
| CVE-2024-25451 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via... |
| CVE-2024-25452 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via... |
| CVE-2024-25453 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference... |
| CVE-2024-25674 | 2024-02-09 | An issue was discovered in MISP before 2.4.184. Organisation logo... |
| CVE-2024-25675 | 2024-02-09 | An issue was discovered in MISP before 2.4.184. A client... |
| CVE-2024-25677 | 2024-02-09 | In Min before 1.31.0, local files are not correctly treated... |
| CVE-2024-25678 | 2024-02-09 | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is... |
| CVE-2024-25679 | 2024-02-09 | In PQUIC before 5bde5bb, retention of unused initial encryption keys... |
| CVE-2023-39683 | 2024-02-09 | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before... |
| CVE-2023-50026 | 2024-02-09 | SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro)... |
| CVE-2024-23749 | 2024-02-09 | KiTTY versions 0.76.1.13 and before is vulnerable to command injection... |
| CVE-2024-25003 | 2024-02-09 | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based... |
| CVE-2024-25004 | 2024-02-09 | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based... |
| CVE-2024-25302 | 2024-02-09 | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via... |
| CVE-2024-25304 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via... |
| CVE-2024-25305 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via... |
| CVE-2024-25314 | 2024-02-09 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the... |
| CVE-2024-25315 | 2024-02-09 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the... |
| CVE-2024-25443 | 2024-02-09 | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows... |
| CVE-2024-25447 | 2024-02-09 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows... |
| CVE-2024-25454 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference... |
| CVE-2024-24820 | 2024-02-09 | Icinga Director configuration is susceptible to Cross-Site Request Forgery |
| CVE-2024-24819 | 2024-02-09 | icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF |
| CVE-2024-23639 | 2024-02-09 | micronaut-core management endpoints vulnerable to drive-by localhost attack |
| CVE-2024-22318 | 2024-02-09 | IBM i Access Client Solutions information disclosure |
| CVE-2023-45187 | 2024-02-09 | IBM Engineering Lifecycle Optimization - Publishing session fixation |
| CVE-2024-1353 | 2024-02-09 | PHPEMS index.api.php index deserialization |
| CVE-2023-45190 | 2024-02-09 | IBM Engineering Lifecycle Optimization HTTP header injection |
| CVE-2023-45191 | 2024-02-09 | IBM Engineering Lifecycle Optimization information disclosure |
| CVE-2024-22332 | 2024-02-09 | IBM Integration Bus for z/OS denial of service |
| CVE-2023-32341 | 2024-02-09 | IBM Sterling B2B Integrator denial of service |
| CVE-2023-42016 | 2024-02-09 | IBM Sterling B2B Integrator information disclosure |
| CVE-2023-51761 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication |
| CVE-2023-49716 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection |
| CVE-2023-46687 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection |