CVE List - 2024 / March
Showing 1 - 100 of 3299 CVEs for March 2024 (Page 1 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-49539 | 2024-03-01 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2023-49540 | 2024-03-01 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2023-49543 | 2024-03-01 | Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. |
| CVE-2023-49544 | 2024-03-01 | A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. |
| CVE-2023-49545 | 2024-03-01 | A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. |
| CVE-2023-52555 | 2024-03-01 | In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection. |
| CVE-2024-22891 | 2024-03-01 | Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. |
| CVE-2024-24511 | 2024-03-01 | Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. |
| CVE-2024-24512 | 2024-03-01 | Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. |
| CVE-2024-25293 | 2024-03-01 | mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. |
| CVE-2024-25386 | 2024-03-01 | Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. |
| CVE-2024-25434 | 2024-03-01 | A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. |
| CVE-2024-25438 | 2024-03-01 | A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input... |
| CVE-2024-27355 | 2024-03-01 | An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be... |
| CVE-2024-27497 | 2024-03-01 | Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. |
| CVE-2024-27559 | 2024-03-01 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php |
| CVE-2024-27567 | 2024-03-01 | LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-27568 | 2024-03-01 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-27569 | 2024-03-01 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-27571 | 2024-03-01 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-27572 | 2024-03-01 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-27689 | 2024-03-01 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. |
| CVE-2024-27734 | 2024-03-01 | A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. |
| CVE-2024-27744 | 2024-03-01 | Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. |
| CVE-2024-27746 | 2024-03-01 | SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component. |
| CVE-2024-27747 | 2024-03-01 | File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. |
| CVE-2023-46951 | 2024-03-01 | Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function. |
| CVE-2024-25436 | 2024-03-01 | A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input... |
| CVE-2024-27354 | 2024-03-01 | An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause... |
| CVE-2024-27499 | 2024-03-01 | Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. |
| CVE-2024-27558 | 2024-03-01 | Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings. |
| CVE-2024-27570 | 2024-03-01 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-27743 | 2024-03-01 | Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component. |
| CVE-2024-2022 | 2024-03-01 | Netentsec NS-ASG Application Security Gateway list_ipAddressPolicy.php sql injection |
| CVE-2024-1941 | 2024-03-01 | Delta Electronics CNCSoft-B Stack-based Buffer Overflow |
| CVE-2024-22100 | 2024-03-01 | MicroDicom DICOM Heap-based Buffer Overflow |
| CVE-2024-25578 | 2024-03-01 | MicroDicom DICOM Viewer Out-of-Bounds Write |
| CVE-2023-28525 | 2024-03-01 | IBM Engineering Requirements Management cross-site scripting |
| CVE-2023-50305 | 2024-03-01 | IBM Engineering Requirements Management information disclosure |
| CVE-2023-28949 | 2024-03-01 | IBM Engineering Requirements Management cross-site request forgery |
| CVE-2023-50324 | 2024-03-01 | IBM Cognos Command Center information disclosure |
| CVE-2023-47716 | 2024-03-01 | IBM FileNet Content Manager privilege escalation |
| CVE-2023-38366 | 2024-03-01 | IBM FileNet Content Manager directory traversal |
| CVE-2023-50312 | 2024-03-01 | IBM WebSphere Application Server Liberty information disclosure |
| CVE-2024-1859 | 2024-03-01 | The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted... |
| CVE-2024-27949 | 2024-03-01 | WordPress Sirv Plugin <= 7.2.0 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2024-27950 | 2024-03-01 | WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control |
| CVE-2024-25552 | 2024-03-01 | Wiesemann & Theis: Multiple products prone to unquoted search path |
| CVE-2024-0692 | 2024-03-01 | SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| CVE-2024-25091 | 2024-03-01 | Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If... |
| CVE-2024-25972 | 2024-03-01 | Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected... |
| CVE-2024-1120 | 2024-03-01 | The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data... |
| CVE-2024-2058 | 2024-03-01 | SourceCodester Petrol Pump Management Software product.php unrestricted upload |
| CVE-2024-22458 | 2024-03-01 | Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of... |
| CVE-2024-22457 | 2024-03-01 | Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation... |
| CVE-2024-26280 | 2024-03-01 | Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs) |
| CVE-2024-2078 | 2024-03-01 | Cross-Site Scripting vulnerability in HelpDeskZ |
| CVE-2024-2057 | 2024-03-01 | LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery |
| CVE-2024-2059 | 2024-03-01 | SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload |
| CVE-2024-2060 | 2024-03-01 | SourceCodester Petrol Pump Management Software login_crud.php sql injection |
| CVE-2024-2061 | 2024-03-01 | SourceCodester Petrol Pump Management Software edit_supplier.php sql injection |
| CVE-2023-48674 | 2024-03-01 | Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to... |
| CVE-2023-39254 | 2024-03-01 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run... |
| CVE-2024-24900 | 2024-03-01 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added... |
| CVE-2024-2062 | 2024-03-01 | SourceCodester Petrol Pump Management Software edit_categories.php sql injection |
| CVE-2024-2063 | 2024-03-01 | SourceCodester Petrol Pump Management Software profile_crud.php cross site scripting |
| CVE-2024-24906 | 2024-03-01 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading... |
| CVE-2024-24907 | 2024-03-01 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability,... |
| CVE-2024-24905 | 2024-03-01 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage... |
| CVE-2024-24904 | 2024-03-01 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage... |
| CVE-2024-24903 | 2024-03-01 | Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading... |
| CVE-2024-2064 | 2024-03-01 | rahman SelectCours Template CacheController.java getCacheNames injection |
| CVE-2024-0967 | 2024-03-01 | OpenText / Micro Focus ArcSight Enterprise Security Manager Remote Vulnerability |
| CVE-2024-2065 | 2024-03-01 | SourceCodester Barangay Population Monitoring System update-resident.php cross site scripting |
| CVE-2024-2066 | 2024-03-01 | SourceCodester Computer Inventory System add-computer.php cross site scripting |
| CVE-2023-50378 | 2024-03-01 | Apache Ambari: Various XSS problems |
| CVE-2024-2067 | 2024-03-01 | SourceCodester Computer Inventory System delete-computer.php sql injection |
| CVE-2024-2068 | 2024-03-01 | SourceCodester Computer Inventory System update-computer.php cross site scripting |
| CVE-2024-2069 | 2024-03-01 | SourceCodester FAQ Management System delete-faq.php sql injection |
| CVE-2024-27295 | 2024-03-01 | Directus MySQL accent insensitive email matching |
| CVE-2024-27140 | 2024-03-01 | Apache Archiva: reflected XSS |
| CVE-2024-27139 | 2024-03-01 | Apache Archiva: incorrect authentication potentially leading to account takeover |
| CVE-2024-27138 | 2024-03-01 | Apache Archiva: disabling user registration is not effective |
| CVE-2024-27296 | 2024-03-01 | Directus version number disclosure |
| CVE-2024-1624 | 2024-03-01 | OS Command Injection vulnerability affecting documentation server on certain Releases of 3DEXPERIENCE, SIMULIA Abaqus, SIMULIA Isight and CATIA Composer |
| CVE-2024-2070 | 2024-03-01 | SourceCodester FAQ Management System add-faq.php cross site scripting |
| CVE-2023-52556 | 2024-03-01 | OpenBSD 7.4 pf state race condition kernel crash |
| CVE-2023-52557 | 2024-03-01 | OpenBSD 7.3 invalid l2tp message npppd crash |
| CVE-2024-2071 | 2024-03-01 | SourceCodester FAQ Management System Update FAQ cross site scripting |
| CVE-2023-52558 | 2024-03-01 | OpenBSD 7.4 and 7.3 m_split() network buffer kernel crash |
| CVE-2024-2072 | 2024-03-01 | SourceCodester Flashcard Quiz App update-flashcard.php cross site scripting |
| CVE-2024-2073 | 2024-03-01 | SourceCodester Block Inserter for Dynamic Content view_post.php sql injection |
| CVE-2024-2074 | 2024-03-01 | Mini-Tmall 1 sql injection |
| CVE-2024-27298 | 2024-03-01 | Parse Server literalizeRegexPart SQL Injection |
| CVE-2024-2075 | 2024-03-01 | SourceCodester Daily Habit Tracker update-tracker.php cross site scripting |
| CVE-2024-2076 | 2024-03-01 | CodeAstro House Rental Management System tenant.php missing authentication |
| CVE-2024-2077 | 2024-03-01 | SourceCodester Simple Online Bidding System index.php sql injection |
| CVE-2024-1453 | 2024-03-01 | Santesoft Sante DICOM Viewer Pro Out-of-Bounds Read |
| CVE-2024-1174 | 2024-03-01 | Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate... |
| CVE-2023-7244 | 2024-03-01 | Ethercat Zeek Plugin Out-of-bounds Write |