CVE List - 2024 / April
Showing 3201 - 3300 of 3605 CVEs for April 2024 (Page 33 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-33667 | 2024-04-26 | An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which... |
| CVE-2024-33668 | 2024-04-26 | An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload... |
| CVE-2024-33669 | 2024-04-26 | An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This... |
| CVE-2024-33670 | 2024-04-26 | Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not... |
| CVE-2024-33671 | 2024-04-26 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. |
| CVE-2024-33672 | 2024-04-26 | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. |
| CVE-2024-33673 | 2024-04-26 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. |
| CVE-2024-22632 | 2024-04-26 | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST... |
| CVE-2024-30804 | 2024-04-26 | An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. |
| CVE-2024-4163 | 2024-04-26 | Privilege Escalation on Skylab IIoT Gateway (IGX) |
| CVE-2024-3154 | 2024-04-26 | Cri-o: arbitrary command injection via pod annotation |
| CVE-2024-0905 | 2024-04-26 | Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting |
| CVE-2024-2159 | 2024-04-26 | Sassy Social Share < 3.3.61 - Contributor+ Stored XSS |
| CVE-2024-2310 | 2024-04-26 | WP Google Review Slider < 13.6 - Admin+ Stored XSS |
| CVE-2024-2429 | 2024-04-26 | Salon booking system <= 9.6.5 - Settings Update via CSRF |
| CVE-2024-2439 | 2024-04-26 | Salon booking system <= 9.6.5 - Editor+ Stored XSS |
| CVE-2024-2603 | 2024-04-26 | Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings |
| CVE-2024-2837 | 2024-04-26 | WP Chat App < 3.6.4 - Admin+ Stored XSS |
| CVE-2024-2908 | 2024-04-26 | Call Now Button < 1.4.7 - Admin+ Stored XSS |
| CVE-2024-3048 | 2024-04-26 | Bannerlid <= 1.1.0 - Reflected XSS |
| CVE-2024-3058 | 2024-04-26 | ENL Newsletter <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-3059 | 2024-04-26 | ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF |
| CVE-2024-3060 | 2024-04-26 | ENL Newsletter <= 1.0.1 - Admin+ SQL Injection |
| CVE-2024-3075 | 2024-04-26 | MM-email2image <= 0.2.5 - Contributor+ Stored XSS |
| CVE-2024-3188 | 2024-04-26 | Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS |
| CVE-2024-4056 | 2024-04-26 | Denial of service condition in M-Files Server |
| CVE-2023-6095 | 2024-04-26 | Remote Code Execution without authentication using memory overflow |
| CVE-2024-33651 | 2024-04-26 | WordPress MF Gig Calendar plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33650 | 2024-04-26 | WordPress Serious Slider plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33638 | 2024-04-26 | WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-6096 | 2024-04-26 | using a inappropriate encryption logic |
| CVE-2024-33598 | 2024-04-26 | WordPress Annual Archive plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33639 | 2024-04-26 | WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33642 | 2024-04-26 | WordPress Advanced Post List plugin <= 0.5.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-6116 | 2024-04-26 | Remote Code Execution without authentication using stack overflow |
| CVE-2024-3890 | 2024-04-26 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input... |
| CVE-2024-3678 | 2024-04-26 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for... |
| CVE-2024-2920 | 2024-04-26 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a... |
| CVE-2024-22091 | 2024-04-26 | Excessive resource consumption due to lack to request path size limits |
| CVE-2024-32046 | 2024-04-26 | Detailed error discloses full file path with dev mode off |
| CVE-2024-4182 | 2024-04-26 | Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash... |
| CVE-2024-4183 | 2024-04-26 | Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the... |
| CVE-2024-4195 | 2024-04-26 | Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team... |
| CVE-2024-4198 | 2024-04-26 | Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via... |
| CVE-2024-3962 | 2024-04-26 | The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up... |
| CVE-2024-1789 | 2024-04-26 | The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and... |
| CVE-2024-3682 | 2024-04-26 | The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3,... |
| CVE-2024-0740 | 2024-04-26 | Eclipse Target Management <= 4.5.500 Command Injection |
| CVE-2024-33683 | 2024-04-26 | WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33682 | 2024-04-26 | WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33680 | 2024-04-26 | WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33679 | 2024-04-26 | WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33678 | 2024-04-26 | WordPress ClickCease Click Fraud Protection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33677 | 2024-04-26 | WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32957 | 2024-04-26 | WordPress Page Builder: Live Composer plugin <= 1.5.38 - Broken Access Control vulnerability |
| CVE-2024-32829 | 2024-04-26 | WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability |
| CVE-2024-32828 | 2024-04-26 | WordPress Table Rate Shipping Method for WooCommerce by Flexible Shipping plugin <= 4.24.15 - Broken Access Control vulnerability |
| CVE-2024-32826 | 2024-04-26 | WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability |
| CVE-2024-32822 | 2024-04-26 | WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2023-52646 | 2024-04-26 | aio: fix mremap after fork null-deref |
| CVE-2024-33697 | 2024-04-26 | WordPress CF7 File Download plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33696 | 2024-04-26 | WordPress WordPress Ad Widget plugin <= 2.20.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33695 | 2024-04-26 | WordPress Fan Page Widget by ThemeNcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33694 | 2024-04-26 | WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33693 | 2024-04-26 | WordPress Meks Smart Social Widget plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33692 | 2024-04-26 | WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33691 | 2024-04-26 | WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability |
| CVE-2024-33690 | 2024-04-26 | WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33689 | 2024-04-26 | WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33688 | 2024-04-26 | WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4234 | 2024-04-26 | WordPress Filterable Portfolio plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-3076 | 2024-04-26 | MM-email2image <= 0.2.5 - Stored XSS via CSRF |
| CVE-2022-40975 | 2024-04-26 | WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2024-32766 | 2024-04-26 | QTS, QuTS hero, QuTScloud |
| CVE-2024-32764 | 2024-04-26 | myQNAPcloud Link |
| CVE-2024-27124 | 2024-04-26 | QTS, QuTS hero, QuTScloud |
| CVE-2024-21905 | 2024-04-26 | QTS, QuTS hero, QuTScloud |
| CVE-2023-51365 | 2024-04-26 | QTS, QuTS hero, QuTScloud |
| CVE-2023-51364 | 2024-04-26 | QTS, QuTS hero, QuTScloud |
| CVE-2023-50364 | 2024-04-26 | QTS, QuTS hero |
| CVE-2023-50363 | 2024-04-26 | QTS, QuTS hero |
| CVE-2023-50362 | 2024-04-26 | QTS, QuTS hero |
| CVE-2023-50361 | 2024-04-26 | QTS, QuTS hero |
| CVE-2023-47222 | 2024-04-26 | Media Streaming add-on |
| CVE-2023-41291 | 2024-04-26 | QuFirewall |
| CVE-2023-41290 | 2024-04-26 | QuFirewall |
| CVE-2024-32476 | 2024-04-26 | Denial of Service via malicious jqPathExpressions in ignoreDifferences |
| CVE-2023-42955 | 2024-04-26 | Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been... |
| CVE-2024-27790 | 2024-04-26 | Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by... |
| CVE-2024-32730 | 2024-04-26 | Missing authorization check in SAP Enable Now Manager |
| CVE-2024-32880 | 2024-04-26 | pyLoad allows upload to arbitrary folder lead to RCE |
| CVE-2024-4235 | 2024-04-26 | Netgear DG834Gv5 Web Management Interface cleartext storage |
| CVE-2024-4236 | 2024-04-26 | Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow |
| CVE-2024-32884 | 2024-04-26 | gix-transport indirect code execution via malicious username |
| CVE-2024-4237 | 2024-04-26 | Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow |
| CVE-2022-48611 | 2024-04-26 | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. |
| CVE-2024-4238 | 2024-04-26 | Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-4239 | 2024-04-26 | Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow |
| CVE-2024-4240 | 2024-04-26 | Tenda W9 formQosManageDouble_user stack-based overflow |
| CVE-2024-32878 | 2024-04-26 | Use of Uninitialized Variable Vulnerability in llama.cpp |