CVE List - 2024 / February
Showing 701 - 800 of 2784 CVEs for February 2024 (Page 8 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-24216 | 2024-02-08 | Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. |
| CVE-2024-24321 | 2024-02-08 | An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. |
| CVE-2024-24350 | 2024-02-08 | File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. |
| CVE-2024-24393 | 2024-02-08 | File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. |
| CVE-2024-24494 | 2024-02-08 | Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in... |
| CVE-2024-24495 | 2024-02-08 | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. |
| CVE-2024-25191 | 2024-02-08 | php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
| CVE-2024-22394 | 2024-02-08 | An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version... |
| CVE-2023-47798 | 2024-02-08 | Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions,... |
| CVE-2024-25144 | 2024-02-08 | The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and... |
| CVE-2023-5665 | 2024-02-08 | Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-25146 | 2024-02-08 | Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses... |
| CVE-2024-25148 | 2024-02-08 | In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL... |
| CVE-2024-0511 | 2024-02-08 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect... |
| CVE-2024-1207 | 2024-02-08 | The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the... |
| CVE-2024-0965 | 2024-02-08 | The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible... |
| CVE-2024-23452 | 2024-02-08 | Apache bRPC: HTTP request smuggling vulnerability |
| CVE-2024-22464 | 2024-02-08 | Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could... |
| CVE-2023-6515 | 2024-02-08 | IDOR in Mia Technology's Mia-Med |
| CVE-2024-24886 | 2024-02-08 | WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24885 | 2024-02-08 | WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24881 | 2024-02-08 | WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6564 | 2024-02-08 | Incorrect Authorization in GitLab |
| CVE-2023-6517 | 2024-02-08 | Seeing the SMS Verification Code in Mia Technology's Mia-Med |
| CVE-2023-6518 | 2024-02-08 | Password Disclosure in Mia Technology's Mia-Med |
| CVE-2023-6519 | 2024-02-08 | Seeing admin password hash value in Mia Technology's Mia-Med |
| CVE-2024-24880 | 2024-02-08 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24879 | 2024-02-08 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1312 | 2024-02-08 | Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu |
| CVE-2024-24878 | 2024-02-08 | WordPress Portugal CTT Tracking for WooCommerce Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-7169 | 2024-02-08 | Impersonate vendor signed Powershell scripts |
| CVE-2024-0985 | 2024-02-08 | PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL |
| CVE-2024-1149 | 2024-02-08 | Improper validation of update packages |
| CVE-2024-24877 | 2024-02-08 | WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1150 | 2024-02-08 | Improper validation of update packages |
| CVE-2024-24871 | 2024-02-08 | WordPress Blocksy Theme <= 2.0.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24836 | 2024-02-08 | WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24834 | 2024-02-08 | WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1329 | 2024-02-08 | Nomad Vulnerable to Arbitrary Write Through Symlink Attack |
| CVE-2024-0242 | 2024-02-08 | Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub |
| CVE-2023-51630 | 2024-02-08 | Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability |
| CVE-2024-25107 | 2024-02-08 | Cross-Site Scripting in WikiDiscover |
| CVE-2024-25106 | 2024-02-08 | OpenObserve Unauthorized Access Vulnerability in Users API |
| CVE-2024-24830 | 2024-02-08 | OpenObserve Privilege Escalation Vulnerability in Users API |
| CVE-2024-24825 | 2024-02-08 | TokenManager not checking permissions on cached tokens in DIRAC |
| CVE-2024-24829 | 2024-02-08 | SSRF in Sentry via Phabricator integration |
| CVE-2024-24821 | 2024-02-08 | Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer |
| CVE-2024-24308 | 2024-02-09 | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. |
| CVE-2024-25306 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". |
| CVE-2024-25313 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. |
| CVE-2024-25316 | 2024-02-09 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. |
| CVE-2024-25448 | 2024-02-09 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. |
| CVE-2024-25452 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. |
| CVE-2024-25674 | 2024-02-09 | An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. |
| CVE-2023-31506 | 2024-02-09 | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. |
| CVE-2023-39683 | 2024-02-09 | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in... |
| CVE-2023-46350 | 2024-02-09 | SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the... |
| CVE-2023-50026 | 2024-02-09 | SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method... |
| CVE-2024-23749 | 2024-02-09 | KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system... |
| CVE-2024-25003 | 2024-02-09 | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite... |
| CVE-2024-25004 | 2024-02-09 | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an... |
| CVE-2024-25302 | 2024-02-09 | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. |
| CVE-2024-25304 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php." |
| CVE-2024-25305 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. |
| CVE-2024-25307 | 2024-02-09 | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." |
| CVE-2024-25308 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. |
| CVE-2024-25309 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. |
| CVE-2024-25310 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." |
| CVE-2024-25312 | 2024-02-09 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." |
| CVE-2024-25314 | 2024-02-09 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. |
| CVE-2024-25315 | 2024-02-09 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. |
| CVE-2024-25318 | 2024-02-09 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. |
| CVE-2024-25442 | 2024-02-09 | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. |
| CVE-2024-25443 | 2024-02-09 | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. |
| CVE-2024-25445 | 2024-02-09 | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. |
| CVE-2024-25446 | 2024-02-09 | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. |
| CVE-2024-25447 | 2024-02-09 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. |
| CVE-2024-25450 | 2024-02-09 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). |
| CVE-2024-25451 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. |
| CVE-2024-25453 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. |
| CVE-2024-25454 | 2024-02-09 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. |
| CVE-2024-25675 | 2024-02-09 | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. |
| CVE-2024-25677 | 2024-02-09 | In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other... |
| CVE-2024-25678 | 2024-02-09 | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. |
| CVE-2024-25679 | 2024-02-09 | In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the... |
| CVE-2024-24820 | 2024-02-09 | Icinga Director configuration is susceptible to Cross-Site Request Forgery |
| CVE-2024-24819 | 2024-02-09 | icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF |
| CVE-2024-23639 | 2024-02-09 | micronaut-core management endpoints vulnerable to drive-by localhost attack |
| CVE-2024-22318 | 2024-02-09 | IBM i Access Client Solutions information disclosure |
| CVE-2023-45187 | 2024-02-09 | IBM Engineering Lifecycle Optimization - Publishing session fixation |
| CVE-2024-1353 | 2024-02-09 | PHPEMS index.api.php index deserialization |
| CVE-2023-45190 | 2024-02-09 | IBM Engineering Lifecycle Optimization HTTP header injection |
| CVE-2023-45191 | 2024-02-09 | IBM Engineering Lifecycle Optimization information disclosure |
| CVE-2024-22332 | 2024-02-09 | IBM Integration Bus for z/OS denial of service |
| CVE-2023-32341 | 2024-02-09 | IBM Sterling B2B Integrator denial of service |
| CVE-2023-42016 | 2024-02-09 | IBM Sterling B2B Integrator information disclosure |
| CVE-2023-51761 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication |
| CVE-2023-49716 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection |
| CVE-2023-46687 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection |
| CVE-2023-43609 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization |