CVE List - 2024 / April
Showing 901 - 1000 of 3606 CVEs for April 2024 (Page 10 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-23190 | 2024-04-08 | Upsell shop information of an account can be manipulated to... |
| CVE-2024-23191 | 2024-04-08 | Upsell advertisement information of an account can be manipulated to... |
| CVE-2024-23192 | 2024-04-08 | RSS feeds that contain malicious data- attributes could be abused... |
| CVE-2023-52388 | 2024-04-08 | Permission control vulnerability in the clock module. Impact: Successful exploitation... |
| CVE-2023-52537 | 2024-04-08 | Vulnerability of package name verification being bypassed in the HwIms... |
| CVE-2023-52538 | 2024-04-08 | Vulnerability of package name verification being bypassed in the HwIms... |
| CVE-2023-52539 | 2024-04-08 | Permission verification vulnerability in the Settings module. Impact: Successful exploitation... |
| CVE-2023-52540 | 2024-04-08 | Vulnerability of improper authentication in the Iaware module. Impact: Successful... |
| CVE-2023-52541 | 2024-04-08 | Authentication vulnerability in the API for app pre-loading. Impact: Successful... |
| CVE-2023-52542 | 2024-04-08 | Permission verification vulnerability in the system module. Impact: Successful exploitation... |
| CVE-2023-52543 | 2024-04-08 | Permission verification vulnerability in the system module. Impact: Successful exploitation... |
| CVE-2023-52359 | 2024-04-08 | Vulnerability of permission verification in some APIs in the ActivityTaskManagerService... |
| CVE-2024-31357 | 2024-04-08 | WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-52544 | 2024-04-08 | Vulnerability of file path verification being bypassed in the email... |
| CVE-2023-52545 | 2024-04-08 | Vulnerability of undefined permissions in the Calendar app. Impact: Successful... |
| CVE-2023-52546 | 2024-04-08 | Vulnerability of package name verification being bypassed in the Calendar... |
| CVE-2023-52549 | 2024-04-08 | Vulnerability of data verification errors in the kernel module. Impact:... |
| CVE-2023-52550 | 2024-04-08 | Vulnerability of data verification errors in the kernel module. Impact:... |
| CVE-2023-52551 | 2024-04-08 | Vulnerability of data verification errors in the kernel module. Impact:... |
| CVE-2023-52552 | 2024-04-08 | Input verification vulnerability in the power module. Impact: Successful exploitation... |
| CVE-2024-31375 | 2024-04-08 | WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability |
| CVE-2023-52553 | 2024-04-08 | Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation... |
| CVE-2023-52554 | 2024-04-08 | Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation... |
| CVE-2023-52385 | 2024-04-08 | Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation... |
| CVE-2023-52386 | 2024-04-08 | Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation... |
| CVE-2023-52364 | 2024-04-08 | Vulnerability of input parameters being not strictly verified in the... |
| CVE-2024-27895 | 2024-04-08 | Vulnerability of permission control in the window module. Successful exploitation... |
| CVE-2024-27896 | 2024-04-08 | Input verification vulnerability in the log module. Impact: Successful exploitation... |
| CVE-2024-27897 | 2024-04-08 | Input verification vulnerability in the call module. Impact: Successful exploitation... |
| CVE-2024-26811 | 2024-04-08 | ksmbd: validate payload size in ipc response |
| CVE-2024-3438 | 2024-04-08 | SourceCodester Prison Management System login.php sql injection |
| CVE-2024-3439 | 2024-04-08 | SourceCodester Prison Management System login.php sql injection |
| CVE-2024-2834 | 2024-04-08 | OpenText ArcSight Management Center and ArcSight Platform Stored XSS |
| CVE-2011-10006 | 2024-04-08 | GamerZ WP-PostRatings wp-postratings.php cross site scripting |
| CVE-2014-125111 | 2024-04-08 | namithjawahar Wp-Insert cross site scripting |
| CVE-2024-2511 | 2024-04-08 | Unbounded memory growth with session handling in TLSv1.3 |
| CVE-2024-3440 | 2024-04-08 | SourceCodester Prison Management System edit_profile.php sql injection |
| CVE-2024-3441 | 2024-04-08 | SourceCodester Prison Management System edit-profile.php sql injection |
| CVE-2024-30269 | 2024-04-08 | DataEase has database configuration information exposure vulnerability |
| CVE-2024-31205 | 2024-04-08 | Saleor CSRF bypass in refreshToken mutation |
| CVE-2024-3442 | 2024-04-08 | SourceCodester Prison Management System delete_leave.php sql injection |
| CVE-2024-3443 | 2024-04-08 | SourceCodester Prison Management System apply_leave.php cross site scripting |
| CVE-2024-3444 | 2024-04-08 | Wangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted upload |
| CVE-2024-31221 | 2024-04-08 | Clients removed during unpairing process may regain access if Sunshine was not restarted |
| CVE-2024-31224 | 2024-04-08 | GPT Academic: Pickle deserializing cookies may pose RCE risk |
| CVE-2024-3445 | 2024-04-08 | SourceCodester Laundry Management System laporan_filter sql injection |
| CVE-2024-3455 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection |
| CVE-2024-31442 | 2024-04-08 | Redon-Hub has incorrect permissions on all admin related commands |
| CVE-2024-31447 | 2024-04-08 | Shopware has Improper Session Handling in store-api |
| CVE-2024-3456 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway config_Anticrack.php sql injection |
| CVE-2023-7164 | 2024-04-08 | BackWPup < 4.0.4 - Unauthenticated Backup Download |
| CVE-2024-3457 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection |
| CVE-2024-3458 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway add_ikev2.php sql injection |
| CVE-2024-3463 | 2024-04-08 | SourceCodester Laundry Management System edit cross site scripting |
| CVE-2024-3464 | 2024-04-08 | SourceCodester Laundry Management System Pelanggan.php laporan_filter sql injection |
| CVE-2024-3465 | 2024-04-08 | SourceCodester Laundry Management System Transaki.php laporan_filter sql injection |
| CVE-2024-3466 | 2024-04-08 | SourceCodester Laundry Management System Pengeluaran.php laporan_filter sql injection |
| CVE-2024-0082 | 2024-04-08 | CVE |
| CVE-2024-0083 | 2024-04-08 | CVE |
| CVE-2024-23584 | 2024-04-08 | HCL BigFix Asset Discovery is affected by a security vulnerability |
| CVE-2024-24245 | 2024-04-09 | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1... |
| CVE-2024-27665 | 2024-04-09 | Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via... |
| CVE-2024-31507 | 2024-04-09 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL... |
| CVE-2024-31544 | 2024-04-09 | A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management... |
| CVE-2024-31506 | 2024-04-09 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL... |
| CVE-2024-25646 | 2024-04-09 | Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence |
| CVE-2024-27898 | 2024-04-09 | Server-Side Request Forgery in SAP NetWeaver |
| CVE-2024-27899 | 2024-04-09 | Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine |
| CVE-2024-27901 | 2024-04-09 | Directory Traversal vulnerability in SAP Asset Accounting |
| CVE-2024-28167 | 2024-04-09 | Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data) |
| CVE-2024-30214 | 2024-04-09 | Cross-Site Scripting (XSS) vulnerability in SAP Business Connector |
| CVE-2024-30215 | 2024-04-09 | Cross-Site Scripting (XSS) vulnerability in SAP Business Connector |
| CVE-2024-30216 | 2024-04-09 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-2975 | 2024-04-09 | A race condition was identified through which privilege escalation was... |
| CVE-2024-30217 | 2024-04-09 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-30218 | 2024-04-09 | Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2024-27983 | 2024-04-09 | An attacker can make the Node.js HTTP/2 server completely unavailable... |
| CVE-2024-1664 | 2024-04-09 | Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS |
| CVE-2024-1233 | 2024-04-09 | Eap: wildfly-elytron has a ssrf security issue |
| CVE-2024-31365 | 2024-04-09 | WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31366 | 2024-04-09 | WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability |
| CVE-2024-31367 | 2024-04-09 | WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability |
| CVE-2024-31368 | 2024-04-09 | WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-1082 | 2024-04-09 | Welotec: Command injection vulnerability in TK500v1 router series |
| CVE-2023-1083 | 2024-04-09 | Welotec: improper access control in TK500v1 router series |
| CVE-2024-31369 | 2024-04-09 | WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-50821 | 2024-04-09 | A vulnerability has been identified in SIMATIC PCS 7 V9.1... |
| CVE-2024-26275 | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions <... |
| CVE-2024-26276 | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions <... |
| CVE-2024-26277 | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions <... |
| CVE-2024-30189 | 2024-04-09 | A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0)... |
| CVE-2024-30190 | 2024-04-09 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0),... |
| CVE-2024-30191 | 2024-04-09 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0),... |
| CVE-2024-31978 | 2024-04-09 | A vulnerability has been identified in SINEC NMS (All versions... |
| CVE-2024-31370 | 2024-04-09 | WordPress CodeisAwesome AIKit plugin <= 4.14.1 - Auth. SQL Injection vulnerability |
| CVE-2024-31860 | 2024-04-09 | Apache Zeppelin: Path traversal vulnerability |
| CVE-2021-28656 | 2024-04-09 | Apache Zeppelin: CSRF vulnerability in the Credentials page |
| CVE-2022-47894 | 2024-04-09 | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE |
| CVE-2024-31862 | 2024-04-09 | Apache Zeppelin: Denial of service with invalid notebook name |
| CVE-2024-3046 | 2024-04-09 | In Eclipse Kura LogServlet component included in versions 5.0.0 to... |