CVE List - 2024 / April
Showing 1601 - 1700 of 3605 CVEs for April 2024 (Page 17 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-2966 | 2024-04-11 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and... |
| CVE-2024-20771 | 2024-04-11 | Bridge 2024 MOV File parsing memory corruption |
| CVE-2024-20798 | 2024-04-11 | Illustrator 2024 CDR File parsing Out of Bound Read Information disclosure vulnerability |
| CVE-2024-32080 | 2024-04-11 | WordPress Search Keyword Redirect plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-32228 | 2024-04-11 | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. |
| CVE-2024-20795 | 2024-04-11 | Animate has an arbitrary code execution vulnerability when parsing svg files |
| CVE-2024-20796 | 2024-04-11 | Adobe Animation SWF File Parsing Memory Corruption |
| CVE-2024-20794 | 2024-04-11 | Adobe Animate 2024 WAV File Parsing Null Pointer Dereference |
| CVE-2024-20797 | 2024-04-11 | Out-of-bounds access vulnerability in Adobe Animate that directly changes the rip when parsing FLA files. |
| CVE-2024-3343 | 2024-04-11 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions... |
| CVE-2024-3344 | 2024-04-11 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up... |
| CVE-2023-32295 | 2024-04-11 | WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-32112 | 2024-04-11 | WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31285 | 2024-04-11 | WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31937 | 2024-04-11 | WordPress TWIPLA (Visitor Analytics IO) plugin <= 1.2.0 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2024-31936 | 2024-04-11 | WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31935 | 2024-04-11 | WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31934 | 2024-04-11 | WordPress Link Whisper Free plugin <= 0.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31932 | 2024-04-11 | WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31931 | 2024-04-11 | WordPress Save as Image plugin by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31930 | 2024-04-11 | WordPress Save as PDF by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31929 | 2024-04-11 | WordPress Intagrate Lite plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31928 | 2024-04-11 | WordPress Top Bar plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31927 | 2024-04-11 | WordPress WP Login and Logout Redirect plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31926 | 2024-04-11 | WordPress Advanced Cron Manager – debug & control plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31925 | 2024-04-11 | WordPress F4 Improvements plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31387 | 2024-04-11 | WordPress Popup Likebox plugin <= 3.7.2 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2024-31361 | 2024-04-11 | WordPress bunny.net plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32083 | 2024-04-11 | WordPress Easy Logo plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32109 | 2024-04-11 | WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32108 | 2024-04-11 | WordPress Convert Post Types plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32107 | 2024-04-11 | WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32106 | 2024-04-11 | WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32105 | 2024-04-11 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-0881 | 2024-04-11 | Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access |
| CVE-2023-50949 | 2024-04-11 | IBM QRadar improper certificate validation |
| CVE-2024-30273 | 2024-04-11 | Adobe Illustrator 2024 PS file Parsing Stack based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-30272 | 2024-04-11 | Adobe Illustrator 2024 GIF file parsing Out-Of-Bound Write remote code execution vulnerabiity |
| CVE-2024-30271 | 2024-04-11 | Adobe Illustrator 2023 CC 27.7 Memory Corruption Out-Of-Bounds-Write Vulnerability III. |
| CVE-2023-5392 | 2024-04-11 | C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of... |
| CVE-2023-5393 | 2024-04-11 | Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent... |
| CVE-2023-5394 | 2024-04-11 | Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating... |
| CVE-2023-44853 | 2024-04-12 | \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. |
| CVE-2023-44854 | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web... |
| CVE-2023-44855 | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters... |
| CVE-2023-44856 | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters... |
| CVE-2023-44857 | 2024-04-12 | An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. |
| CVE-2024-22526 | 2024-04-12 | Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. |
| CVE-2024-22734 | 2024-04-12 | An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the... |
| CVE-2024-25545 | 2024-04-12 | An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. |
| CVE-2024-28718 | 2024-04-12 | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. |
| CVE-2024-29400 | 2024-04-12 | An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. |
| CVE-2024-30845 | 2024-04-12 | Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. |
| CVE-2024-30850 | 2024-04-12 | An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go |
| CVE-2024-31818 | 2024-04-12 | Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. |
| CVE-2024-31839 | 2024-04-12 | Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. |
| CVE-2020-8006 | 2024-04-12 | The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio... |
| CVE-2023-44852 | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web... |
| CVE-2023-49528 | 2024-04-12 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. |
| CVE-2024-29461 | 2024-04-12 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. |
| CVE-2024-30614 | 2024-04-12 | An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. |
| CVE-2024-3092 | 2024-04-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-2279 | 2024-04-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-6678 | 2024-04-12 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-6489 | 2024-04-12 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2024-22357 | 2024-04-12 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2023-50307 | 2024-04-12 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2024-2137 | 2024-04-12 | The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions... |
| CVE-2024-2801 | 2024-04-12 | The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization... |
| CVE-2023-45186 | 2024-04-12 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2024-27309 | 2024-04-12 | Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode |
| CVE-2024-3400 | 2024-04-12 | PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect |
| CVE-2024-31372 | 2024-04-12 | WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31371 | 2024-04-12 | WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3211 | 2024-04-12 | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3... |
| CVE-2024-3054 | 2024-04-12 | WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This... |
| CVE-2024-27261 | 2024-04-12 | IBM Storage Defender - Resiliency Service privilege escalation |
| CVE-2023-47714 | 2024-04-12 | IBM Sterling File Gateway cross-site scripting |
| CVE-2024-31364 | 2024-04-12 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31363 | 2024-04-12 | WordPress LifterLMS plugin <= 7.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31362 | 2024-04-12 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31360 | 2024-04-12 | WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31354 | 2024-04-12 | WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31305 | 2024-04-12 | WordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31303 | 2024-04-12 | WordPress Sign-up Sheets plugin <= 2.2.11.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31301 | 2024-04-12 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31293 | 2024-04-12 | WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31289 | 2024-04-12 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31279 | 2024-04-12 | WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31272 | 2024-04-12 | WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31271 | 2024-04-12 | WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability |
| CVE-2024-31269 | 2024-04-12 | WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31268 | 2024-04-12 | WordPress AppPresser plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31265 | 2024-04-12 | WordPress Sumo plugin <= 1.34 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31264 | 2024-04-12 | WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31263 | 2024-04-12 | WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31262 | 2024-04-12 | WordPress WooCommerce Checkout Field Editor (Checkout Manager) plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31251 | 2024-04-12 | WordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31250 | 2024-04-12 | WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31239 | 2024-04-12 | WordPress Nudgify Social Proof, Sales Popup & FOMO plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |