CVE List - 2024 / March
Showing 1501 - 1600 of 3299 CVEs for March 2024 (Page 16 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28069 | 2024-03-16 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A... |
| CVE-2024-28070 | 2024-03-16 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient... |
| CVE-2024-28639 | 2024-03-16 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. |
| CVE-2023-51407 | 2024-03-16 | WordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51521 | 2024-03-16 | WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51512 | 2024-03-16 | WordPress Product Table by WBW plugin <= 1.8.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51510 | 2024-03-16 | WordPress Export Media URLs plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51491 | 2024-03-16 | WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51489 | 2024-03-16 | WordPress Crowdsignal Polls & Ratings plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51487 | 2024-03-16 | WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51486 | 2024-03-16 | WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51474 | 2024-03-16 | WordPress TerraClassifieds plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability |
| CVE-2024-27197 | 2024-03-16 | WordPress BeePress plugin <= 6.9.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27195 | 2024-03-16 | WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability |
| CVE-2024-27194 | 2024-03-16 | WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability |
| CVE-2024-2308 | 2024-03-16 | The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due... |
| CVE-2024-2294 | 2024-03-16 | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the... |
| CVE-2024-1239 | 2024-03-16 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to... |
| CVE-2024-2042 | 2024-03-16 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input... |
| CVE-2023-6525 | 2024-03-16 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient... |
| CVE-2024-23523 | 2024-03-16 | WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability |
| CVE-2024-24845 | 2024-03-16 | WordPress Post Thumbnail Editor plugin <= 2.4.8 - Unauthenticated Sensitive Data Exposure vulnerability |
| CVE-2024-22259 | 2024-03-16 | CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report) |
| CVE-2024-1733 | 2024-03-16 | The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and... |
| CVE-2024-1685 | 2024-03-16 | The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl... |
| CVE-2024-1857 | 2024-03-16 | The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up... |
| CVE-2024-2515 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php cross site scripting |
| CVE-2024-2516 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php sql injection |
| CVE-2024-2517 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php sql injection |
| CVE-2024-2518 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php cross site scripting |
| CVE-2024-2519 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System navbar.php cross site scripting |
| CVE-2024-2520 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System bookdate.php sql injection |
| CVE-2024-2521 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System bookdate.php cross site scripting |
| CVE-2024-2522 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System booktime.php sql injection |
| CVE-2024-2523 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System booktime.php cross site scripting |
| CVE-2024-2524 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System receipt.php sql injection |
| CVE-2024-2525 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System receipt.php cross site scripting |
| CVE-2024-2526 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php cross site scripting |
| CVE-2024-2527 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php sql injection |
| CVE-2024-2528 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php sql injection |
| CVE-2024-2529 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php unrestricted upload |
| CVE-2024-2530 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php cross site scripting |
| CVE-2024-2531 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php unrestricted upload |
| CVE-2024-2532 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-users.php sql injection |
| CVE-2024-2533 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-users.php cross site scripting |
| CVE-2024-2534 | 2024-03-16 | MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection |
| CVE-2024-2535 | 2024-03-17 | MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php cross site scripting |
| CVE-2024-2546 | 2024-03-17 | Tenda AC18 fromSetWirelessRepeat stack-based overflow |
| CVE-2024-2547 | 2024-03-17 | Tenda AC18 R7WebsSecurityHandler stack-based overflow |
| CVE-2024-2553 | 2024-03-17 | SourceCodester Product Review Rating System Rate Product cross site scripting |
| CVE-2024-2554 | 2024-03-17 | SourceCodester Employee Task Management System update-employee.php sql injection |
| CVE-2024-2555 | 2024-03-17 | SourceCodester Employee Task Management System update-admin.php sql injection |
| CVE-2024-2556 | 2024-03-17 | SourceCodester Employee Task Management System attendance-info.php sql injection |
| CVE-2024-2557 | 2024-03-17 | kishor-23 Food Waste Management System admin.php improper authorization |
| CVE-2024-2558 | 2024-03-17 | Tenda AC18 execCommand formexeCommand stack-based overflow |
| CVE-2024-2559 | 2024-03-17 | Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery |
| CVE-2024-2560 | 2024-03-17 | Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery |
| CVE-2024-2561 | 2024-03-17 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload |
| CVE-2024-2562 | 2024-03-17 | PandaXGO PandaX role_menu.go InsertRole sql injection |
| CVE-2024-2563 | 2024-03-17 | PandaXGO PandaX upload.go DeleteImage path traversal |
| CVE-2024-2564 | 2024-03-17 | PandaXGO PandaX user.go ExportUser path traversal |
| CVE-2024-2565 | 2024-03-17 | PandaXGO PandaX File Extension upload.go unrestricted upload |
| CVE-2024-2566 | 2024-03-17 | Fujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injection |
| CVE-2024-25933 | 2024-03-17 | WordPress PeproDev Ultimate Invoice plugin <= 1.9.7 - Sensitive Data Exposure vulnerability |
| CVE-2024-24867 | 2024-03-17 | WordPress WP Stats Manager plugin <= 6.9.4 - Sensitive Data Exposure vulnerability |
| CVE-2024-25591 | 2024-03-17 | WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability |
| CVE-2024-25903 | 2024-03-17 | WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability |
| CVE-2024-27957 | 2024-03-17 | WordPress Pie Register plugin <= 3.8.3.1 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-27958 | 2024-03-17 | WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27959 | 2024-03-17 | WordPress APIExperts Square for WooCommerce plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27960 | 2024-03-17 | WordPress Email Subscription Popup plugin <= 1.2.20 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27961 | 2024-03-17 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2567 | 2024-03-17 | jurecapuder AndroidWeatherApp Backup File androidmanifest.xml backup |
| CVE-2024-2568 | 2024-03-17 | heyewei JFinalCMS Custom Data Page sql injection |
| CVE-2024-2569 | 2024-03-17 | SourceCodester Employee Task Management System admin-manage-user.php redirect |
| CVE-2024-23138 | 2024-03-17 | Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software |
| CVE-2024-23139 | 2024-03-17 | ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software |
| CVE-2021-47154 | 2024-03-18 | The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass... |
| CVE-2021-47155 | 2024-03-18 | The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is... |
| CVE-2021-47157 | 2024-03-18 | The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. |
| CVE-2022-47036 | 2024-03-18 | Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for... |
| CVE-2024-24539 | 2024-03-18 | FusionPBX before 5.2.0 does not validate a session. |
| CVE-2024-25655 | 2024-03-18 | Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords... |
| CVE-2024-25656 | 2024-03-18 | Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially... |
| CVE-2024-25657 | 2024-03-18 | An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. |
| CVE-2024-27757 | 2024-03-18 | flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." |
| CVE-2024-28537 | 2024-03-18 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. |
| CVE-2024-28547 | 2024-03-18 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. |
| CVE-2024-28550 | 2024-03-18 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. |
| CVE-2024-29151 | 2024-03-18 | Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. |
| CVE-2024-29154 | 2024-03-18 | danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. |
| CVE-2018-25099 | 2024-03-18 | In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. |
| CVE-2021-47156 | 2024-03-18 | The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that... |
| CVE-2022-47037 | 2024-03-18 | Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. |
| CVE-2023-52159 | 2024-03-18 | A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in... |
| CVE-2024-24230 | 2024-03-18 | Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in... |
| CVE-2024-25654 | 2024-03-18 | Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services,... |
| CVE-2024-28054 | 2024-03-18 | Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary... |
| CVE-2024-29156 | 2024-03-18 | In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage... |
| CVE-2024-2570 | 2024-03-18 | SourceCodester Employee Task Management System edit-task.php redirect |