CVE List - 2024 / March
Showing 2201 - 2300 of 3299 CVEs for March 2024 (Page 23 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28593 | 2024-03-22 | The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the... |
| CVE-2024-29271 | 2024-03-22 | Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. |
| CVE-2024-29272 | 2024-03-22 | Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. |
| CVE-2024-29273 | 2024-03-22 | There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. |
| CVE-2024-29275 | 2024-03-22 | SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. |
| CVE-2024-29338 | 2024-03-22 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. |
| CVE-2024-29366 | 2024-03-22 | A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. |
| CVE-2024-29385 | 2024-03-22 | DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. |
| CVE-2024-29499 | 2024-03-22 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. |
| CVE-2024-26557 | 2024-03-22 | Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. |
| CVE-2024-29865 | 2024-03-22 | Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. |
| CVE-2024-2777 | 2024-03-22 | Campcodes/PHPGurukul Online Marriage Registration System application-bwdates-reports-details.php sql injection |
| CVE-2024-2778 | 2024-03-22 | Campcodes Online Marriage Registration System search.php cross site scripting |
| CVE-2024-2779 | 2024-03-22 | Campcodes Online Marriage Registration System application-bwdates-reports-details.php cross site scripting |
| CVE-2024-2780 | 2024-03-22 | Campcodes Online Marriage Registration System admin-profile.php cross site scripting |
| CVE-2024-2080 | 2024-03-22 | The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode.... |
| CVE-2024-2500 | 2024-03-22 | The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and... |
| CVE-2024-2392 | 2024-03-22 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization... |
| CVE-2024-0957 | 2024-03-22 | The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to,... |
| CVE-2024-2805 | 2024-03-22 | Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow |
| CVE-2024-2806 | 2024-03-22 | Tenda AC15 addWifiMacFilter stack-based overflow |
| CVE-2024-2807 | 2024-03-22 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow |
| CVE-2024-2808 | 2024-03-22 | Tenda AC15 QuickIndex formQuickIndex stack-based overflow |
| CVE-2024-2809 | 2024-03-22 | Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow |
| CVE-2024-2810 | 2024-03-22 | Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow |
| CVE-2024-2811 | 2024-03-22 | Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow |
| CVE-2024-2812 | 2024-03-22 | Tenda AC15 WriteFacMac formWriteFacMac os command injection |
| CVE-2024-2813 | 2024-03-22 | Tenda AC15 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow |
| CVE-2024-2814 | 2024-03-22 | Tenda AC15 DhcpListClient fromDhcpListClient stack-based overflow |
| CVE-2024-2815 | 2024-03-22 | Tenda AC15 Cookie execCommand R7WebsSecurityHandler stack-based overflow |
| CVE-2024-2816 | 2024-03-22 | Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery |
| CVE-2024-2817 | 2024-03-22 | Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery |
| CVE-2024-0638 | 2024-03-22 | Privilege escalation in mk_oracle plugins |
| CVE-2024-1742 | 2024-03-22 | Information disclosure in mk_oracle Checkmk agent plugin |
| CVE-2024-28824 | 2024-03-22 | Privilege escalation in mk_informix plugin |
| CVE-2024-1848 | 2024-03-22 | Multiple vulnerabilities exist in file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024 |
| CVE-2024-29943 | 2024-03-22 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. |
| CVE-2024-29944 | 2024-03-22 | An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only,... |
| CVE-2024-2448 | 2024-03-22 | LoadMaster Command Injection Vulnerability |
| CVE-2024-2722 | 2024-03-22 | SQL injection vulnerability in the CIGESv2 system |
| CVE-2024-2723 | 2024-03-22 | SQL injection vulnerability in the CIGESv2 system |
| CVE-2024-2724 | 2024-03-22 | SQL injection vulnerability in the CIGESv2 system |
| CVE-2024-2725 | 2024-03-22 | Exposure of Sensitive Information vulnerability in the CIGESv2 system |
| CVE-2024-2449 | 2024-03-22 | LoadMaster Cross-Site Request Forgery (CSRF) |
| CVE-2024-2726 | 2024-03-22 | Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system |
| CVE-2024-2727 | 2024-03-22 | Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system |
| CVE-2024-2728 | 2024-03-22 | Information exposure vulnerability in the CIGESv2 system |
| CVE-2022-32753 | 2024-03-22 | IBM Security Verify Directory information disclosure |
| CVE-2022-32756 | 2024-03-22 | IBM Security Verify Directory information disclosure |
| CVE-2022-32751 | 2024-03-22 | IBM Security Verify Directory information disclosure |
| CVE-2022-32754 | 2024-03-22 | IBM Security Verify Directory cross-site scripting |
| CVE-2024-2227 | 2024-03-22 | IdentityIQ JavaServer Faces File Path Traversal Vulnerability |
| CVE-2024-2228 | 2024-03-22 | IdentityIQ Authorization of QuickLink Target Identities Vulnerability |
| CVE-2024-2820 | 2024-03-22 | DedeCMS baidunews.php cross-site request forgery |
| CVE-2024-2821 | 2024-03-22 | DedeCMS friendlink_edit.php cross-site request forgery |
| CVE-2023-23349 | 2024-03-22 | Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM... |
| CVE-2024-28861 | 2024-03-22 | Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder |
| CVE-2024-29042 | 2024-03-22 | Translate Cache Poisoning Vulnerability |
| CVE-2024-2822 | 2024-03-22 | DedeCMS vote_edit.php cross-site request forgery |
| CVE-2024-2823 | 2024-03-22 | DedeCMS mda_main.php cross-site request forgery |
| CVE-2024-29184 | 2024-03-22 | FreeScout Stored XSS to Privilege Escalation After CSP Bypass |
| CVE-2024-29185 | 2024-03-22 | FreeScout OS Command Injection vulnerability |
| CVE-2024-29186 | 2024-03-22 | Slow String Operations via MultiPart Requests in Event-Driven Functions |
| CVE-2023-4063 | 2024-03-22 | Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. |
| CVE-2024-2824 | 2024-03-22 | Matthias-Wandel jhead exif.c PrintFormatNumber heap-based overflow |
| CVE-2023-5685 | 2024-03-22 | Xnio: stackoverflowexception when the chain of notifier states becomes problematically big |
| CVE-2024-2825 | 2024-03-22 | lakernote EasyAdmin saveReportFile path traversal |
| CVE-2024-2826 | 2024-03-22 | lakernote EasyAdmin saveReportFile xml external entity reference |
| CVE-2024-2827 | 2024-03-22 | lakernote EasyAdmin saveReportFile server-side request forgery |
| CVE-2024-2828 | 2024-03-22 | lakernote EasyAdmin IndexController.java thumbnail server-side request forgery |
| CVE-2024-26247 | 2024-03-22 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2024-29057 | 2024-03-22 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-29190 | 2024-03-22 | MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns) |
| CVE-2024-29059 | 2024-03-22 | .NET Framework Information Disclosure Vulnerability |
| CVE-2024-23755 | 2024-03-23 | ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. |
| CVE-2024-24725 | 2024-03-23 | Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI. |
| CVE-2024-2025 | 2024-03-23 | The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of... |
| CVE-2024-1697 | 2024-03-23 | The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient... |
| CVE-2024-2131 | 2024-03-23 | The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due... |
| CVE-2024-2202 | 2024-03-23 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient... |
| CVE-2024-2688 | 2024-03-23 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-2468 | 2024-03-23 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-1049 | 2024-03-23 | The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due... |
| CVE-2024-2326 | 2024-03-23 | The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3.... |
| CVE-2024-2832 | 2024-03-23 | Campcodes Online Shopping System offersmail.php cross site scripting |
| CVE-2021-33633 | 2024-03-23 | Command Injection in aops-ceres |
| CVE-2024-24840 | 2024-03-23 | WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-24835 | 2024-03-23 | WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2024-24832 | 2024-03-23 | WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability |
| CVE-2024-2849 | 2024-03-23 | SourceCodester Simple File Manager unrestricted upload |
| CVE-2024-1603 | 2024-03-23 | confirmed |
| CVE-2024-30156 | 2024-03-24 | Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a... |
| CVE-2018-25100 | 2024-03-24 | The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar. |
| CVE-2020-36827 | 2024-03-24 | The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action. |
| CVE-2024-30161 | 2024-03-24 | In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.) |
| CVE-2024-2850 | 2024-03-24 | Tenda AC15 saveParentControlInfo stack-based overflow |
| CVE-2024-2851 | 2024-03-24 | Tenda AC15 setsambacfg formSetSambaConf os command injection |
| CVE-2024-2852 | 2024-03-24 | Tenda AC15 saveParentControlInfo stack-based overflow |
| CVE-2024-2853 | 2024-03-24 | Tenda AC10U setsambacfg formSetSambaConf os command injection |
| CVE-2024-2854 | 2024-03-24 | Tenda AC18 setsambacfg formSetSambaConf os command injection |