CVE List - 2024 / March
Showing 2401 - 2500 of 3299 CVEs for March 2024 (Page 25 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-25039 | 2024-03-25 | WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2024-2865 | 2024-03-25 | SQLi in Mergen Soft Quality Management System |
| CVE-2024-25002 | 2024-03-25 | Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. |
| CVE-2024-28183 | 2024-03-25 | Anti Rollback bypass with physical access and TOCTOU attack |
| CVE-2023-45824 | 2024-03-25 | OroPlatform's pinned entity creation form shows pages of other users |
| CVE-2023-48296 | 2024-03-25 | OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID |
| CVE-2024-27299 | 2024-03-25 | phpMyFAQ SQL Injection at "Save News" |
| CVE-2024-27300 | 2024-03-25 | phpMyFAQ Stored XSS at user email |
| CVE-2024-28105 | 2024-03-25 | phpMyFAQ's File Upload Bypass at Category Image Leads to RCE |
| CVE-2024-28106 | 2024-03-25 | phpMyFAQ Stored XSS at FAQ News Content |
| CVE-2024-28107 | 2024-03-25 | phpMyFAQ SQL injections at insertentry & saveentry |
| CVE-2024-28108 | 2024-03-25 | phpMyFAQ Stored HTML Injection at contentLink |
| CVE-2024-28850 | 2024-03-25 | WP Crontrol possible RCE when combined with a pre-condition |
| CVE-2024-28243 | 2024-03-25 | KaTeX's maxExpand bypassed by \edef |
| CVE-2024-28244 | 2024-03-25 | KaTeX's maxExpand bypassed by Unicode sub/superscripts |
| CVE-2024-28245 | 2024-03-25 | KaTeX's \includegraphics does not escape filename |
| CVE-2024-28246 | 2024-03-25 | KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols |
| CVE-2024-29025 | 2024-03-25 | Netty HttpPostRequestDecoder can OOM |
| CVE-2024-2425 | 2024-03-25 | Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527 |
| CVE-2024-2426 | 2024-03-25 | Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527 |
| CVE-2024-29041 | 2024-03-25 | Express.js Open Redirect in malformed URLs |
| CVE-2024-2427 | 2024-03-25 | Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527 |
| CVE-2024-29179 | 2024-03-25 | phpMyFAQ Stored Cross-site Scripting at File Attachments |
| CVE-2024-21914 | 2024-03-25 | Rockwell Automation - FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections |
| CVE-2024-1973 | 2024-03-25 | Elevation of privileges vulnerability |
| CVE-2024-2873 | 2024-03-25 | User authentication bypass in wolfSSH server |
| CVE-2024-0901 | 2024-03-25 | SEGV and out of bounds memory read from malicious packet |
| CVE-2017-20190 | 2024-03-26 | Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third... |
| CVE-2023-50702 | 2024-03-26 | Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary... |
| CVE-2023-50894 | 2024-03-26 | In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information. |
| CVE-2023-51146 | 2024-03-26 | Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action. |
| CVE-2023-51147 | 2024-03-26 | Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action. |
| CVE-2023-51148 | 2024-03-26 | An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component. |
| CVE-2024-23722 | 2024-03-26 | In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart.... |
| CVE-2024-25421 | 2024-03-26 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. |
| CVE-2024-26577 | 2024-03-26 | VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. |
| CVE-2024-27521 | 2024-03-26 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete... |
| CVE-2024-28093 | 2024-03-26 | The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. |
| CVE-2024-28442 | 2024-03-26 | Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. |
| CVE-2024-28545 | 2024-03-26 | Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. |
| CVE-2024-28551 | 2024-03-26 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. |
| CVE-2024-29401 | 2024-03-26 | xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. |
| CVE-2024-29684 | 2024-03-26 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. |
| CVE-2023-50895 | 2024-03-26 | In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code. |
| CVE-2024-25420 | 2024-03-26 | An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. |
| CVE-2024-29644 | 2024-03-26 | Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. |
| CVE-2024-2732 | 2024-03-26 | The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization... |
| CVE-2024-29189 | 2024-03-26 | ansys-geometry-core OS Command Injection vulnerability |
| CVE-2024-29195 | 2024-03-26 | Azure C SDK Integer Wraparound Vulnerability |
| CVE-2024-29196 | 2024-03-26 | phpMyFAQ Path Traversal in Attachments |
| CVE-2024-0866 | 2024-03-26 | The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible... |
| CVE-2024-29199 | 2024-03-26 | Unauthenticated views may expose information to anonymous users |
| CVE-2024-2170 | 2024-03-26 | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1... |
| CVE-2023-7232 | 2024-03-26 | Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure |
| CVE-2024-1745 | 2024-03-26 | Testimonial Slider < 2.3.7 - Author+ Settings Update |
| CVE-2024-2303 | 2024-03-26 | The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization... |
| CVE-2024-2888 | 2024-03-26 | WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2889 | 2024-03-26 | WordPress WP-Lister Lite for Amazon plugin <= 2.6.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-6175 | 2024-03-26 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark |
| CVE-2023-51416 | 2024-03-26 | WordPress EnvíaloSimple plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-49839 | 2024-03-26 | Reflected Cross-Site Scripting vulnerability in multiple WordPress components by KlbTheme |
| CVE-2023-49838 | 2024-03-26 | Cross-Site Request Forgery (CSRF) vulnerability in multiple themes by KlbTheme |
| CVE-2023-45771 | 2024-03-26 | WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-7251 | 2024-03-26 | WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-33322 | 2024-03-26 | WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-32237 | 2024-03-26 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes |
| CVE-2023-23991 | 2024-03-26 | WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection |
| CVE-2024-24805 | 2024-03-26 | WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-28131 | 2024-03-26 | EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the... |
| CVE-2024-26018 | 2024-03-26 | Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the... |
| CVE-2024-28033 | 2024-03-26 | OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web... |
| CVE-2024-28034 | 2024-03-26 | Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note... |
| CVE-2024-28048 | 2024-03-26 | OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note... |
| CVE-2024-2904 | 2024-03-26 | WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-28126 | 2024-03-26 | Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note... |
| CVE-2024-24799 | 2024-03-26 | WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2024-24719 | 2024-03-26 | WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability |
| CVE-2024-24718 | 2024-03-26 | WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability |
| CVE-2024-24711 | 2024-03-26 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2024-23520 | 2024-03-26 | WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-30231 | 2024-03-26 | WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability |
| CVE-2024-30232 | 2024-03-26 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30233 | 2024-03-26 | WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability |
| CVE-2024-30234 | 2024-03-26 | WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-30235 | 2024-03-26 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2024-2906 | 2024-03-26 | WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-22156 | 2024-03-26 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2023-52214 | 2024-03-26 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2024-1933 | 2024-03-26 | Improper symlink resolution in TeamViewer Remote client for macOS |
| CVE-2024-29203 | 2024-03-26 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes |
| CVE-2024-29881 | 2024-03-26 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements |
| CVE-2024-29883 | 2024-03-26 | CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor |
| CVE-2024-2891 | 2024-03-26 | Tenda AC7 QuickIndex formQuickIndex stack-based overflow |
| CVE-2023-47150 | 2024-03-26 | IBM Common Cryptographic Architecture denial of service |
| CVE-2024-1455 | 2024-03-26 | Billion Laughs Attack leading to DoS in langchain-ai/langchain |
| CVE-2023-33855 | 2024-03-26 | IBM Common Cryptographic Architecture information disclosure |
| CVE-2024-22356 | 2024-03-26 | IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure |
| CVE-2023-41969 | 2024-03-26 | ZSATrayManager Arbitrary File Deletion |
| CVE-2023-41972 | 2024-03-26 | Revert password check incorrect type validation |
| CVE-2023-41973 | 2024-03-26 | Lack of input santization on Zscaler Client Connector enables arbitrary code execution |