CVE List - 2024 / April
Showing 901 - 1000 of 3605 CVEs for April 2024 (Page 10 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-23192 | 2024-04-08 | RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised... |
| CVE-2023-52388 | 2024-04-08 | Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52537 | 2024-04-08 | Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52538 | 2024-04-08 | Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52539 | 2024-04-08 | Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52540 | 2024-04-08 | Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52541 | 2024-04-08 | Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52542 | 2024-04-08 | Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52543 | 2024-04-08 | Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52359 | 2024-04-08 | Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-31357 | 2024-04-08 | WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-52544 | 2024-04-08 | Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52545 | 2024-04-08 | Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52546 | 2024-04-08 | Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52549 | 2024-04-08 | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52550 | 2024-04-08 | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52551 | 2024-04-08 | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52552 | 2024-04-08 | Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-31375 | 2024-04-08 | WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability |
| CVE-2023-52553 | 2024-04-08 | Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52554 | 2024-04-08 | Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52385 | 2024-04-08 | Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52386 | 2024-04-08 | Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52364 | 2024-04-08 | Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write. |
| CVE-2024-27895 | 2024-04-08 | Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2024-27896 | 2024-04-08 | Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. |
| CVE-2024-27897 | 2024-04-08 | Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-26811 | 2024-04-08 | ksmbd: validate payload size in ipc response |
| CVE-2024-3438 | 2024-04-08 | SourceCodester Prison Management System login.php sql injection |
| CVE-2024-3439 | 2024-04-08 | SourceCodester Prison Management System login.php sql injection |
| CVE-2024-2834 | 2024-04-08 | OpenText ArcSight Management Center and ArcSight Platform Stored XSS |
| CVE-2011-10006 | 2024-04-08 | GamerZ WP-PostRatings wp-postratings.php cross site scripting |
| CVE-2014-125111 | 2024-04-08 | namithjawahar Wp-Insert cross site scripting |
| CVE-2024-2511 | 2024-04-08 | Unbounded memory growth with session handling in TLSv1.3 |
| CVE-2024-3440 | 2024-04-08 | SourceCodester Prison Management System edit_profile.php sql injection |
| CVE-2024-3441 | 2024-04-08 | SourceCodester Prison Management System edit-profile.php sql injection |
| CVE-2024-30269 | 2024-04-08 | DataEase has database configuration information exposure vulnerability |
| CVE-2024-31205 | 2024-04-08 | Saleor CSRF bypass in refreshToken mutation |
| CVE-2024-3442 | 2024-04-08 | SourceCodester Prison Management System delete_leave.php sql injection |
| CVE-2024-3443 | 2024-04-08 | SourceCodester Prison Management System apply_leave.php cross site scripting |
| CVE-2024-3444 | 2024-04-08 | Wangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted upload |
| CVE-2024-31221 | 2024-04-08 | Clients removed during unpairing process may regain access if Sunshine was not restarted |
| CVE-2024-31224 | 2024-04-08 | GPT Academic: Pickle deserializing cookies may pose RCE risk |
| CVE-2024-3445 | 2024-04-08 | SourceCodester Laundry Management System laporan_filter sql injection |
| CVE-2024-3455 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection |
| CVE-2024-31442 | 2024-04-08 | Redon-Hub has incorrect permissions on all admin related commands |
| CVE-2024-31447 | 2024-04-08 | Shopware has Improper Session Handling in store-api |
| CVE-2024-3456 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway config_Anticrack.php sql injection |
| CVE-2023-7164 | 2024-04-08 | BackWPup < 4.0.4 - Unauthenticated Backup Download |
| CVE-2024-3457 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection |
| CVE-2024-3458 | 2024-04-08 | Netentsec NS-ASG Application Security Gateway add_ikev2.php sql injection |
| CVE-2024-3463 | 2024-04-08 | SourceCodester Laundry Management System edit cross site scripting |
| CVE-2024-3464 | 2024-04-08 | SourceCodester Laundry Management System Pelanggan.php laporan_filter sql injection |
| CVE-2024-3465 | 2024-04-08 | SourceCodester Laundry Management System Transaki.php laporan_filter sql injection |
| CVE-2024-3466 | 2024-04-08 | SourceCodester Laundry Management System Pengeluaran.php laporan_filter sql injection |
| CVE-2024-0082 | 2024-04-08 | CVE |
| CVE-2024-0083 | 2024-04-08 | CVE |
| CVE-2024-23584 | 2024-04-08 | HCL BigFix Asset Discovery is affected by a security vulnerability |
| CVE-2024-24245 | 2024-04-09 | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. |
| CVE-2024-27665 | 2024-04-09 | Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. |
| CVE-2024-31507 | 2024-04-09 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php. |
| CVE-2024-31544 | 2024-04-09 | A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. |
| CVE-2024-31506 | 2024-04-09 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php. |
| CVE-2024-25646 | 2024-04-09 | Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence |
| CVE-2024-27898 | 2024-04-09 | Server-Side Request Forgery in SAP NetWeaver |
| CVE-2024-27899 | 2024-04-09 | Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine |
| CVE-2024-27901 | 2024-04-09 | Directory Traversal vulnerability in SAP Asset Accounting |
| CVE-2024-28167 | 2024-04-09 | Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data) |
| CVE-2024-30214 | 2024-04-09 | Cross-Site Scripting (XSS) vulnerability in SAP Business Connector |
| CVE-2024-30215 | 2024-04-09 | Cross-Site Scripting (XSS) vulnerability in SAP Business Connector |
| CVE-2024-30216 | 2024-04-09 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-2975 | 2024-04-09 | A race condition was identified through which privilege escalation was possible in certain configurations. |
| CVE-2024-30217 | 2024-04-09 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-30218 | 2024-04-09 | Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2024-27983 | 2024-04-09 | An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave... |
| CVE-2024-1664 | 2024-04-09 | Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS |
| CVE-2024-1233 | 2024-04-09 | Eap: wildfly-elytron has a ssrf security issue |
| CVE-2024-31365 | 2024-04-09 | WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31366 | 2024-04-09 | WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability |
| CVE-2024-31367 | 2024-04-09 | WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability |
| CVE-2024-31368 | 2024-04-09 | WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-1082 | 2024-04-09 | Welotec: Command injection vulnerability in TK500v1 router series |
| CVE-2023-1083 | 2024-04-09 | Welotec: improper access control in TK500v1 router series |
| CVE-2024-31369 | 2024-04-09 | WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-50821 | 2024-04-09 | A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime... |
| CVE-2024-26275 | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter... |
| CVE-2024-26276 | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter... |
| CVE-2024-26277 | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter... |
| CVE-2024-30189 | 2024-04-09 | A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions),... |
| CVE-2024-30190 | 2024-04-09 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12... |
| CVE-2024-30191 | 2024-04-09 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12... |
| CVE-2024-31978 | 2024-04-09 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path... |
| CVE-2024-31370 | 2024-04-09 | WordPress CodeisAwesome AIKit plugin <= 4.14.1 - Auth. SQL Injection vulnerability |
| CVE-2024-31860 | 2024-04-09 | Apache Zeppelin: Path traversal vulnerability |
| CVE-2021-28656 | 2024-04-09 | Apache Zeppelin: CSRF vulnerability in the Credentials page |
| CVE-2022-47894 | 2024-04-09 | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE |
| CVE-2024-31862 | 2024-04-09 | Apache Zeppelin: Denial of service with invalid notebook name |
| CVE-2024-3046 | 2024-04-09 | In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded... |
| CVE-2024-31863 | 2024-04-09 | Apache Zeppelin: Replacing other users notebook, bypassing any permissions |
| CVE-2024-2223 | 2024-04-09 | Incorrect Regular Expression in GravityZone Update Server (VA-11465) |