CVE List - 2024 / April
Showing 2601 - 2700 of 3605 CVEs for April 2024 (Page 27 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32590 | 2024-04-18 | WordPress Kattene plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32588 | 2024-04-18 | WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32587 | 2024-04-18 | WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-28076 | 2024-04-18 | SolarWinds Platform Arbitrary Open Redirection Vulnerability |
| CVE-2024-29001 | 2024-04-18 | SolarWinds Platform SWQL Injection Vulnerability |
| CVE-2024-29003 | 2024-04-18 | SolarWinds Platform Cross Site Scripting Vulnerability |
| CVE-2024-32586 | 2024-04-18 | WordPress Gutenberg Block Editor Toolkit plugin <= 1.40.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32585 | 2024-04-18 | WordPress Import Content in WordPress & WooCommerce with Excel plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32584 | 2024-04-18 | WordPress TeraWallet plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32583 | 2024-04-18 | WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32582 | 2024-04-18 | WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32581 | 2024-04-18 | WordPress Mortgage Calculators WP plugin <= 1.56 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32580 | 2024-04-18 | WordPress Master Slider plugin <= 3.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32579 | 2024-04-18 | WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32578 | 2024-04-18 | WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2833 | 2024-04-18 | The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization... |
| CVE-2024-32577 | 2024-04-18 | WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32576 | 2024-04-18 | WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32575 | 2024-04-18 | WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32574 | 2024-04-18 | WordPress WP Simple HTML Sitemap plugin <= 2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32573 | 2024-04-18 | WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32572 | 2024-04-18 | WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32571 | 2024-04-18 | WordPress WP Stripe Checkout plugin <= 1.2.2.41 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32570 | 2024-04-18 | WordPress Cornerstone plugin <= 0.8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-26921 | 2024-04-18 | inet: inet_defrag: prevent sk release while still in use |
| CVE-2024-32569 | 2024-04-18 | WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32568 | 2024-04-18 | WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32567 | 2024-04-18 | WordPress DirectoryPress plugin <= 3.6.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32566 | 2024-04-18 | WordPress WP Club Manager plugin <= 2.2.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32565 | 2024-04-18 | WordPress App Builder plugin <= 3.8.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32564 | 2024-04-18 | WordPress Post Grid Blocks and WordPress News Plugin – PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32563 | 2024-04-18 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32562 | 2024-04-18 | WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32561 | 2024-04-18 | WordPress Tagembed plugin <= 4.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32560 | 2024-04-18 | WordPress QR Code Composer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32559 | 2024-04-18 | WordPress WP 404 Auto Redirect to Similar Post plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32558 | 2024-04-18 | WordPress eCommerce Product Catalog plugin <= 3.3.32 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32556 | 2024-04-18 | WordPress HurryTimer plugin <=2.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32554 | 2024-04-18 | WordPress Knight Lab Timeline plugin <= 3.9.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32553 | 2024-04-18 | WordPress Superfly Menu plugin <= 5.0.25 - Auth. Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32600 | 2024-04-18 | WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability |
| CVE-2024-32552 | 2024-04-18 | WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32126 | 2024-04-18 | WordPress Navigation menu as dropdown Widget plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-49768 | 2024-04-18 | WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32602 | 2024-04-18 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability |
| CVE-2024-32551 | 2024-04-18 | WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability |
| CVE-2024-31229 | 2024-04-18 | WordPress Really Simple SSL plugin <= 7.2.3 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-32686 | 2024-04-18 | WordPress Backup Migration plugin <= 1.4.3 - Sensitive Data Exposure via Log vulnerability |
| CVE-2024-32689 | 2024-04-18 | WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2023-3675 | 2024-04-18 | Insufficient input validation when downloading certain file types. |
| CVE-2023-47843 | 2024-04-18 | WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Deletion |
| CVE-2024-3948 | 2024-04-18 | SourceCodester Home Clean Service System Photo student.add.php unrestricted upload |
| CVE-2023-50885 | 2024-04-18 | WordPress Store Locator WordPress Plugin <= 1.4.14 is vulnerable to Arbitrary File Deletion |
| CVE-2023-6897 | 2024-04-18 | The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing... |
| CVE-2023-6892 | 2024-04-18 | The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input... |
| CVE-2024-32475 | 2024-04-18 | Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes |
| CVE-2024-27306 | 2024-04-18 | aiohttp vulnerable to XSS on index pages for static file handling |
| CVE-2024-28185 | 2024-04-18 | Judge0 vulnerable to Sandbox Escape via Symbolic Link |
| CVE-2024-28189 | 2024-04-18 | Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link |
| CVE-2024-29021 | 2024-04-18 | SSRF into Sandbox Escape through Unsafe Default Configuration |
| CVE-2024-30257 | 2024-04-18 | 1Panel's password verification is suspected to have a timing attack vulnerability |
| CVE-2024-32466 | 2024-04-18 | Tolgee's API key scopes not checked when querying translation data |
| CVE-2024-2796 | 2024-04-18 | SSRF in Akana API Platform |
| CVE-2024-32470 | 2024-04-18 | Tolgee' API keys created by server admin users bypass the permission check |
| CVE-2024-24910 | 2024-04-18 | LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile |
| CVE-2024-32462 | 2024-04-18 | Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing |
| CVE-2024-23557 | 2024-04-18 | HCL Connections is vulnerable to a user enumeration vulnerability |
| CVE-2024-29986 | 2024-04-18 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-29987 | 2024-04-18 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2023-3758 | 2024-04-18 | Sssd: race condition during authorization leads to gpo policies functioning inconsistently |
| CVE-2024-20380 | 2024-04-18 | ClamAV HTML Parser Denial of Service Vulnerability |
| CVE-2024-32474 | 2024-04-18 | Sentry's superuser cleartext password leaked in logs |
| CVE-2024-32477 | 2024-04-18 | Race condition when flushing input stream leads to permission prompt bypass |
| CVE-2024-30107 | 2024-04-18 | HCL Connections is vulnerable to broken access control |
| CVE-2024-32473 | 2024-04-18 | Moby IPv6 enabled on IPv4-only network interfaces |
| CVE-2024-3741 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data |
| CVE-2024-22179 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data |
| CVE-2024-22186 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking |
| CVE-2024-21872 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking |
| CVE-2024-21846 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function |
| CVE-2024-1491 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function |
| CVE-2024-3742 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information |
| CVE-2023-47435 | 2024-04-19 | An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages. |
| CVE-2023-49963 | 2024-04-19 | DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. |
| CVE-2024-22905 | 2024-04-19 | Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. |
| CVE-2024-27752 | 2024-04-19 | Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function. |
| CVE-2024-30974 | 2024-04-19 | SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter. |
| CVE-2024-31546 | 2024-04-19 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. |
| CVE-2024-31547 | 2024-04-19 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. |
| CVE-2024-31552 | 2024-04-19 | CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information. |
| CVE-2024-31584 | 2024-04-19 | Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. |
| CVE-2024-31587 | 2024-04-19 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. |
| CVE-2024-31744 | 2024-04-19 | In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. |
| CVE-2024-31841 | 2024-04-19 | An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. |
| CVE-2024-31846 | 2024-04-19 | An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CVE-2024-32166 | 2024-04-19 | Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation). |
| CVE-2024-32206 | 2024-04-19 | A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata... |
| CVE-2024-32391 | 2024-04-19 | Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. |
| CVE-2024-32392 | 2024-04-19 | Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component. |
| CVE-2024-32409 | 2024-04-19 | An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. |