CVE List - 2024 / March
Showing 2901 - 3000 of 3299 CVEs for March 2024 (Page 30 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-30606 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. |
| CVE-2024-30607 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. |
| CVE-2024-30612 | 2024-03-28 | Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. |
| CVE-2024-31062 | 2024-03-28 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. |
| CVE-2024-31063 | 2024-03-28 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. |
| CVE-2024-31064 | 2024-03-28 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. |
| CVE-2024-31065 | 2024-03-28 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. |
| CVE-2021-31156 | 2024-03-28 | Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. |
| CVE-2023-33528 | 2024-03-28 | halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-50969 | 2024-03-28 | Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. |
| CVE-2024-28456 | 2024-03-28 | Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. |
| CVE-2024-30584 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. |
| CVE-2024-30593 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. |
| CVE-2024-30602 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. |
| CVE-2024-31061 | 2024-03-28 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. |
| CVE-2024-3011 | 2024-03-28 | Tenda FH1205 QuickIndex formQuickIndex stack-based overflow |
| CVE-2024-3012 | 2024-03-28 | Tenda FH1205 GetParentControlInfo stack-based overflow |
| CVE-2024-3013 | 2024-03-28 | Teledyne FLIR AX8 User Registration test_login.php improper authorization |
| CVE-2024-28005 | 2024-03-28 | Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N,... |
| CVE-2024-28006 | 2024-03-28 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28007 | 2024-03-28 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28008 | 2024-03-28 | Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28009 | 2024-03-28 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28010 | 2024-03-28 | Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP,... |
| CVE-2024-28011 | 2024-03-28 | Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28012 | 2024-03-28 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28016 | 2024-03-28 | Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,... |
| CVE-2024-28015 | 2024-03-28 | Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N,... |
| CVE-2024-28014 | 2024-03-28 | Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP,... |
| CVE-2024-28013 | 2024-03-28 | Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP,... |
| CVE-2024-3014 | 2024-03-28 | SourceCodester Simple Subscription Website Actions.php sql injection |
| CVE-2024-3015 | 2024-03-28 | SourceCodester Simple Subscription Website manage_plan.php sql injection |
| CVE-2024-3024 | 2024-03-28 | appneta tcpreplay get.c get_layer4_v6 heap-based overflow |
| CVE-2024-2111 | 2024-03-28 | The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including,... |
| CVE-2024-1770 | 2024-03-28 | The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function.... |
| CVE-2024-2110 | 2024-03-28 | The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to... |
| CVE-2024-2091 | 2024-03-28 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization... |
| CVE-2024-30245 | 2024-03-28 | WordPress DecaLog plugin <= 3.9.0 - SQL Injection vulnerability |
| CVE-2024-30244 | 2024-03-28 | WordPress Church Admin plugin <= 4.0.27 - SQL Injection via shortcode vulnerability |
| CVE-2024-30243 | 2024-03-28 | WordPress Tooltips plugin < 9.4.5 - Auth. SQL Injection vulnerability |
| CVE-2024-30242 | 2024-03-28 | WordPress Contact Form to Any API plugin <= 1.1.8 - Auth. SQL Injection vulnerability |
| CVE-2024-30241 | 2024-03-28 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.1 - Contributor+ SQL Injection vulnerability |
| CVE-2024-30240 | 2024-03-28 | WordPress Calendarista plugin <= 15.5.7 - SQL Injection vulnerability |
| CVE-2024-30239 | 2024-03-28 | WordPress Zoho Campaigns plugin <= 2.0.6 - SQL Injection vulnerability |
| CVE-2024-30237 | 2024-03-28 | WordPress Slider by Supsystic plugin <= 1.8.10 - SQL Injection vulnerability |
| CVE-2024-30236 | 2024-03-28 | WordPress Contest Gallery plugin <= 21.3.4 - SQL Injection vulnerability |
| CVE-2024-30230 | 2024-03-28 | WordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerability |
| CVE-2024-30229 | 2024-03-28 | WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability |
| CVE-2024-30228 | 2024-03-28 | WordPress Hercules Core plugin <= 6.4 - Auth. PHP Object Injection vulnerability |
| CVE-2024-30227 | 2024-03-28 | WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability |
| CVE-2024-30226 | 2024-03-28 | WordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-0672 | 2024-03-28 | Pz-LinkCard <= 2.5.1 - Reflected XSS |
| CVE-2024-0673 | 2024-03-28 | Pz-LinkCard <= 2.5.1 - Admin+ Stored XSS |
| CVE-2024-0677 | 2024-03-28 | Pz-LinkCard <= 2.5.1 - Contributor+ SSRF |
| CVE-2024-30225 | 2024-03-28 | WordPress WP Migrate plugin <= 2.6.10 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-30224 | 2024-03-28 | WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-30223 | 2024-03-28 | WordPress ARMember plugin <= 4.0.26 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-30222 | 2024-03-28 | WordPress ARMember plugin <= 4.0.26 - PHP Object Injection vulnerability |
| CVE-2024-30221 | 2024-03-28 | WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability |
| CVE-2024-30200 | 2024-03-28 | WordPress BEAR plugin <= 1.1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29100 | 2024-03-28 | WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability |
| CVE-2024-29090 | 2024-03-28 | WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-28004 | 2024-03-28 | WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability |
| CVE-2024-28003 | 2024-03-28 | WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2024-23500 | 2024-03-28 | WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-39313 | 2024-03-28 | WordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-36679 | 2024-03-28 | WordPress Spectra plugin <= 2.6.6 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-34370 | 2024-03-28 | Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins |
| CVE-2024-29227 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to... |
| CVE-2023-23649 | 2024-03-28 | WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability |
| CVE-2024-29228 | 2024-03-28 | Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2024-2890 | 2024-03-28 | WordPress Tumult Hype Animations plugin <= 1.9.12 - Arbitrary File Upload vulnerability |
| CVE-2024-25923 | 2024-03-28 | WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-29229 | 2024-03-28 | Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2024-29230 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to... |
| CVE-2024-29231 | 2024-03-28 | Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service... |
| CVE-2024-29232 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to... |
| CVE-2024-29233 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to... |
| CVE-2024-29234 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to... |
| CVE-2024-29235 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to... |
| CVE-2024-29236 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to... |
| CVE-2024-29237 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to... |
| CVE-2024-29238 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to... |
| CVE-2024-29239 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to... |
| CVE-2024-29240 | 2024-03-28 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors. |
| CVE-2024-29241 | 2024-03-28 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot... |
| CVE-2024-22138 | 2024-03-28 | WordPress Seraphinite Accelerator plugin <= 2.20.47 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2023-50374 | 2024-03-28 | WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-52234 | 2024-03-28 | WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability |
| CVE-2023-52231 | 2024-03-28 | WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability |
| CVE-2024-25924 | 2024-03-28 | WordPress WP Testimonials plugin <= 1.4.3 - Auth. SQL Injection vulnerability |
| CVE-2023-39309 | 2024-03-28 | WordPress Avada Builder plugin <= 3.11.1 - Auth. SQL Injection vulnerability |
| CVE-2024-28002 | 2024-03-28 | WordPress Cornerstone plugin <= 0.8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-28001 | 2024-03-28 | WordPress Favicon Rotator plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27999 | 2024-03-28 | WordPress Preview E-mails for WooCommerce plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25599 | 2024-03-28 | WordPress Seriously Simple Podcasting plugin <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2022-45850 | 2024-03-28 | WordPress Image Map Pro premium plugin < 5.6.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) |
| CVE-2024-2818 | 2024-03-28 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-6371 | 2024-03-28 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-52628 | 2024-03-28 | netfilter: nftables: exthdr: fix 4-byte stack OOB write |