CVE List - 2024 / April
Showing 601 - 700 of 3605 CVEs for April 2024 (Page 7 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28787 | 2024-04-04 | IBM Security Verify Access information disclosure |
| CVE-2024-25692 | 2024-04-04 | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS |
| CVE-2024-25708 | 2024-04-04 | Persistent XSS when creating new application using Web App Builder |
| CVE-2024-25690 | 2024-04-04 | HTML injection in ArcGIS Web AppBuilder |
| CVE-2024-25697 | 2024-04-04 | Stored XSS in Portal for ArcGIS |
| CVE-2024-25696 | 2024-04-04 | Stored XSS in Portal for ArcGIS |
| CVE-2024-25695 | 2024-04-04 | concatenated errors resulting in cross site scripting and frame injection issues. |
| CVE-2024-25693 | 2024-04-04 | Portal for ArcGIS has a directory traversal vulnerability. |
| CVE-2024-25698 | 2024-04-04 | Reflected XSS in Portal for ArcGIS |
| CVE-2024-25700 | 2024-04-04 | Persistent XSS in URL added to a shared map |
| CVE-2024-25709 | 2024-04-04 | Self-XSS style in move item dialog |
| CVE-2024-2660 | 2024-04-04 | Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses |
| CVE-2024-25706 | 2024-04-04 | HTMLi at createFolder Content Injection |
| CVE-2024-25705 | 2024-04-04 | Cross site scripting issue in embed widget |
| CVE-2024-25699 | 2024-04-04 | Portal for ArcGIS has an invalid authentication vulnerability |
| CVE-2024-29192 | 2024-04-04 | GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability |
| CVE-2024-25007 | 2024-04-04 | Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability |
| CVE-2024-29193 | 2024-04-04 | GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability |
| CVE-2024-30249 | 2024-04-04 | Cloudburst Network DoS in RakNet connection handling |
| CVE-2024-30252 | 2024-04-04 | GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015` |
| CVE-2024-30254 | 2024-04-04 | Directory traversal allowing overwriting arbitrary files |
| CVE-2023-38709 | 2024-04-04 | Apache HTTP Server: HTTP response splitting |
| CVE-2024-24795 | 2024-04-04 | Apache HTTP Server: HTTP Response Splitting in multiple modules |
| CVE-2024-27316 | 2024-04-04 | Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames |
| CVE-2024-30255 | 2024-04-04 | HTTP/2: CPU exhaustion due to CONTINUATION frame flood |
| CVE-2024-22023 | 2024-04-04 | An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests... |
| CVE-2024-22052 | 2024-04-04 | A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash... |
| CVE-2024-22053 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the... |
| CVE-2024-30264 | 2024-04-04 | typebot.io: `GHSL-2024-040` |
| CVE-2024-30270 | 2024-04-04 | mailcow Path Traversal and Arbitrary Code Execution Vulnerability |
| CVE-2024-3311 | 2024-04-04 | Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal |
| CVE-2023-45288 | 2024-04-04 | HTTP/2 CONTINUATION flood in net/http |
| CVE-2024-31204 | 2024-04-04 | mailcow Cross-site Scripting Vulnerability via Exception Handler |
| CVE-2024-3314 | 2024-04-04 | SourceCodester Computer Laboratory Management System Users.php sql injection |
| CVE-2024-3315 | 2024-04-04 | SourceCodester Computer Laboratory Management System user.php sql injection |
| CVE-2024-3316 | 2024-04-04 | SourceCodester Computer Laboratory Management System view_category.php sql injection |
| CVE-2024-29981 | 2024-04-04 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-29049 | 2024-04-04 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| CVE-2024-31206 | 2024-04-04 | Use of Unencrypted HTTP Request in dectalk-tts |
| CVE-2024-21894 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the... |
| CVE-2024-27981 | 2024-04-04 | A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials... |
| CVE-2024-31210 | 2024-04-04 | PHP file upload bypass via Plugin installer |
| CVE-2024-31211 | 2024-04-04 | Remote Code Execution in `WP_HTML_Token` |
| CVE-2024-31212 | 2024-04-04 | SQL injection in index_chart_data action |
| CVE-2024-22363 | 2024-04-05 | SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). |
| CVE-2024-26329 | 2024-04-05 | Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function. |
| CVE-2024-29672 | 2024-04-05 | Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt. |
| CVE-2024-29863 | 2024-04-05 | A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause... |
| CVE-2024-30849 | 2024-04-05 | Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. |
| CVE-2024-30891 | 2024-04-05 | A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. |
| CVE-2024-31852 | 2024-04-05 | LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in... |
| CVE-2023-49965 | 2024-04-05 | SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page. |
| CVE-2023-52235 | 2024-04-05 | SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack. |
| CVE-2024-27448 | 2024-04-05 | MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. |
| CVE-2024-28065 | 2024-04-05 | In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. |
| CVE-2024-30977 | 2024-04-05 | An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. |
| CVE-2024-3320 | 2024-04-05 | SourceCodester eLearning System cross site scripting |
| CVE-2024-3321 | 2024-04-05 | SourceCodester eLearning System Maintenance Module cross site scripting |
| CVE-2023-5973 | 2024-04-05 | Truncated port name |
| CVE-2024-2509 | 2024-04-05 | Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS |
| CVE-2024-3217 | 2024-04-05 | The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping... |
| CVE-2024-2115 | 2024-04-05 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect... |
| CVE-2024-21848 | 2024-04-05 | Users maintain access to active call after being removed from a channel |
| CVE-2024-28949 | 2024-04-05 | DoS via a large number of User Preferences |
| CVE-2024-29221 | 2024-04-05 | Invite ID available to team admins even without the "Add Members" permission |
| CVE-2024-26810 | 2024-04-05 | vfio/pci: Lock external INTx masking ops |
| CVE-2024-26812 | 2024-04-05 | vfio/pci: Create persistent INTx handler |
| CVE-2024-26813 | 2024-04-05 | vfio/platform: Create persistent IRQ handlers |
| CVE-2024-26814 | 2024-04-05 | vfio/fsl-mc: Block calling interrupt handler without trigger |
| CVE-2024-27437 | 2024-04-05 | vfio/pci: Disable auto-enable of exclusive INTx IRQ |
| CVE-2024-2447 | 2024-04-05 | Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker... |
| CVE-2023-6522 | 2024-04-05 | Information Disclosure in ExtremePacs's Extreme XDS |
| CVE-2023-6523 | 2024-04-05 | IDOR in ExtremePacs's Extreme XDS |
| CVE-2024-31083 | 2024-04-05 | Xorg-x11-server: use-after-free in procrenderaddglyphs |
| CVE-2023-5692 | 2024-04-05 | WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a... |
| CVE-2024-2499 | 2024-04-05 | The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to... |
| CVE-2024-2380 | 2024-04-05 | XSS in graph rendering |
| CVE-2024-31213 | 2024-04-05 | InstantCMS Open Redirect vulnerability |
| CVE-2024-31218 | 2024-04-05 | Missing Authentication for Critical Function in Webhood backend |
| CVE-2024-31220 | 2024-04-05 | Sunshine vulnerable to remote unauthenticated arbitrary file read |
| CVE-2023-48426 | 2024-04-05 | Chromecast Bootloader & Kernel-level code-execution including compromise of user-data |
| CVE-2024-3346 | 2024-04-05 | Byzoro Smart S80 webmailattach.php os command injection |
| CVE-2024-3347 | 2024-04-05 | SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection |
| CVE-2024-3348 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-3349 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System login.php sql injection |
| CVE-2024-3350 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-31848 | 2024-04-05 | A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to... |
| CVE-2024-31849 | 2024-04-05 | A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain... |
| CVE-2024-31850 | 2024-04-05 | A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain... |
| CVE-2024-31851 | 2024-04-05 | A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain... |
| CVE-2023-31028 | 2024-04-05 | NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this... |
| CVE-2024-0072 | 2024-04-05 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file.... |
| CVE-2024-0076 | 2024-04-05 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file.... |
| CVE-2024-0080 | 2024-04-05 | NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this... |
| CVE-2024-3351 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-22004 | 2024-04-05 | Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read |
| CVE-2024-0081 | 2024-04-05 | NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may... |
| CVE-2024-3352 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-3353 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-2312 | 2024-04-05 | GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and... |