CVE List - 2024 / April
Showing 1701 - 1800 of 3606 CVEs for April 2024 (Page 18 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31250 | 2024-04-12 | WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31239 | 2024-04-12 | WordPress Nudgify Social Proof, Sales Popup & FOMO plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3685 | 2024-04-12 | DedeCMS stepselect_main.php sql injection |
| CVE-2024-31238 | 2024-04-12 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31235 | 2024-04-12 | WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40211 | 2024-04-12 | WordPress GiveWP plugin <= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability |
| CVE-2023-51409 | 2024-04-12 | WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-2397 | 2024-04-12 | infinite loop in the PPP printer of tcpdump |
| CVE-2024-3686 | 2024-04-12 | DedeCMS update_guide.php path traversal |
| CVE-2024-3704 | 2024-04-12 | SQL Injection vulnerability in OpenGnsys |
| CVE-2024-3705 | 2024-04-12 | Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys |
| CVE-2024-3706 | 2024-04-12 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenGnsys |
| CVE-2024-3707 | 2024-04-12 | Exposure of Information Through Directory Listing vulnerability in OpenGnsys |
| CVE-2024-3687 | 2024-04-12 | bihell Dice Comment cross site scripting |
| CVE-2024-3688 | 2024-04-12 | Xiamen Four-Faith RMP Router Management Platform sql injection |
| CVE-2024-3689 | 2024-04-12 | Zhejiang Land Zongheng Network Technology O2OA information disclosure |
| CVE-2023-52211 | 2024-04-12 | WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-51499 | 2024-04-12 | WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2023-51515 | 2024-04-12 | WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability |
| CVE-2024-21590 | 2024-04-12 | Junos OS Evolved: Packets which are not destined to the device can reach the RE |
| CVE-2024-21593 | 2024-04-12 | Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash |
| CVE-2024-21598 | 2024-04-12 | Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash |
| CVE-2024-21605 | 2024-04-12 | Junos OS: SRX 300 Series: Specific link local traffic causes a control plane overload |
| CVE-2024-21609 | 2024-04-12 | Junos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated iked will crash due to a memory leak |
| CVE-2024-21610 | 2024-04-12 | Junos OS: If in a scaled CoS scenario information on CoS state is gathered mgd processes get stuck |
| CVE-2024-21615 | 2024-04-12 | Junos OS and Junos OS Evolved: A low-privileged user can access confidential information |
| CVE-2024-21618 | 2024-04-12 | Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes |
| CVE-2024-30381 | 2024-04-12 | Paragon Active Assurance: probe_serviced exposes internal objects to local users |
| CVE-2024-3690 | 2024-04-12 | PHPGurukul Small CRM Change Password sql injection |
| CVE-2024-31391 | 2024-04-12 | Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials |
| CVE-2024-30410 | 2024-04-12 | Junos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term. |
| CVE-2024-30409 | 2024-04-12 | Junos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS). |
| CVE-2024-30407 | 2024-04-12 | [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks |
| CVE-2024-30406 | 2024-04-12 | Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials |
| CVE-2024-30405 | 2024-04-12 | Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service |
| CVE-2024-30395 | 2024-04-12 | Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash |
| CVE-2024-30394 | 2024-04-12 | Junos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash |
| CVE-2024-30392 | 2024-04-12 | Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs |
| CVE-2024-30388 | 2024-04-12 | Junos OS: QFX5000 Series and EX Series: Specific malformed LACP packets will cause flaps |
| CVE-2024-30210 | 2024-04-12 | IOSIX IO-1020 Micro ELD Use of Default Credentials |
| CVE-2024-31069 | 2024-04-12 | IOSIX IO-1020 Micro ELD Use of Default Credentials |
| CVE-2024-30387 | 2024-04-12 | Junos OS: ACX5448 & ACX710: Due to interface flaps the PFE process can crash |
| CVE-2024-28878 | 2024-04-12 | IOSIX IO-1020 Micro ELD Download of Code Without Integrity Check |
| CVE-2024-30382 | 2024-04-12 | Junos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configured |
| CVE-2024-30384 | 2024-04-12 | Junos OS: EX4300 Series: If a specific CLI command is issued PFE crashes will occur |
| CVE-2024-30386 | 2024-04-12 | Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash |
| CVE-2024-30389 | 2024-04-12 | Junos OS: EX4300 Series: Firewall filter not blocking egress traffic |
| CVE-2024-30390 | 2024-04-12 | Junos OS Evolved: Connection limits is not being enforced while the resp. rate limit is being enforced |
| CVE-2024-30391 | 2024-04-12 | Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed |
| CVE-2024-30397 | 2024-04-12 | Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process |
| CVE-2024-30398 | 2024-04-12 | Junos OS: SRX4600 Series - A high amount of specific traffic causes packet drops and an eventual PFE crash |
| CVE-2024-30401 | 2024-04-12 | Junos OS: MX Series and EX9200-15C: Stack-based buffer overflow in aftman |
| CVE-2024-30402 | 2024-04-12 | Junos OS and Junos OS Evolved: The l2ald crashes on receiving telemetry messages from a specific subscription |
| CVE-2024-30403 | 2024-04-12 | Junos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashes |
| CVE-2024-3691 | 2024-04-12 | PHPGurukul Small CRM Registration Page sql injection |
| CVE-2024-3695 | 2024-04-12 | SourceCodester Computer Laboratory Management System Users.php cross site scripting |
| CVE-2024-3696 | 2024-04-12 | Campcodes House Rental Management System view_payment.php sql injection |
| CVE-2024-22359 | 2024-04-12 | IBM UrbanCode Deploy cross-site scripting |
| CVE-2024-3697 | 2024-04-12 | Campcodes House Rental Management System manage_tenant.php sql injection |
| CVE-2024-22334 | 2024-04-12 | IBM UrbanCode Deploy improper privilege control |
| CVE-2024-22339 | 2024-04-12 | IBM UrbanCode Deploy information disclosure |
| CVE-2024-22358 | 2024-04-12 | IBM UrbanCode Deploy session fixation |
| CVE-2024-0157 | 2024-04-12 | Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session... |
| CVE-2024-3698 | 2024-04-12 | Campcodes House Rental Management System manage_payment.php sql injection |
| CVE-2024-32000 | 2024-04-12 | Truncated content of messages can be leaked from matrix-appservice-irc |
| CVE-2024-32003 | 2024-04-12 | Dusk plugin may allow unfettered user authentication in misconfigured installs |
| CVE-2024-32019 | 2024-04-12 | ndsudo: local privilege escalation via untrusted search path |
| CVE-2024-32005 | 2024-04-12 | Local File Inclusion in NiceGUI leaflet component |
| CVE-2024-29023 | 2024-04-12 | Session Hijacking via token exposure on the session page in Xibo CMS |
| CVE-2024-29022 | 2024-04-12 | Session Hijacking via XSS attack in header and session grid in Xibo CMS |
| CVE-2024-28869 | 2024-04-12 | Possible denial of service vulnerability with Content-length header in Traefik |
| CVE-2024-31462 | 2024-04-12 | Limited file write in Stable-diffusion-webui - GHSL-2024-010 |
| CVE-2024-32028 | 2024-04-12 | Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore |
| CVE-2024-32487 | 2024-04-13 | less through 653 allows OS command execution via a newline... |
| CVE-2024-1957 | 2024-04-13 | The GiveWP – Donation Plugin and Fundraising Platform plugin for... |
| CVE-2024-3027 | 2024-04-13 | The Smart Slider 3 plugin for WordPress is vulnerable to... |
| CVE-2024-2583 | 2024-04-13 | Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS |
| CVE-2023-6494 | 2024-04-13 | The WPC Smart Quick View for WooCommerce plugin for WordPress... |
| CVE-2024-3662 | 2024-04-13 | The WPZOOM Social Feed Widget & Block plugin for WordPress... |
| CVE-2024-3719 | 2024-04-13 | Campcodes House Rental Management System ajax.php sql injection |
| CVE-2024-26817 | 2024-04-13 | amdkfd: use calloc instead of kzalloc to avoid integer overflow |
| CVE-2024-3720 | 2024-04-13 | Tianwell Fire Intelligent Command Platform API Interface page sql injection |
| CVE-2024-3721 | 2024-04-13 | TBK DVR-4104/DVR-4216 os command injection |
| CVE-2024-3735 | 2024-04-13 | Smart Office Main.aspx weak password |
| CVE-2024-3736 | 2024-04-13 | cym1102 nginxWebUI upload unrestricted upload |
| CVE-2024-3737 | 2024-04-13 | cym1102 nginxWebUI addOver findCountByQuery path traversal |
| CVE-2024-3738 | 2024-04-13 | cym1102 nginxWebUI saveCmd handlePath certificate validation |
| CVE-2024-3739 | 2024-04-13 | cym1102 nginxWebUI upload os command injection |
| CVE-2024-3740 | 2024-04-13 | cym1102 nginxWebUI reload exec deserialization |
| CVE-2024-3762 | 2024-04-14 | Emlog Pro Whisper Page twitter.php cross site scripting |
| CVE-2024-3763 | 2024-04-14 | Emlog Pro Post Tag tag.php cross site scripting |
| CVE-2024-3764 | 2024-04-14 | Tuya SDK MQTT Packet denial of service |
| CVE-2024-3765 | 2024-04-14 | Xiongmai AHB7804R-MH-V2 Sofia Service access control |
| CVE-2024-3766 | 2024-04-14 | slowlyo OwlAdmin Image File Upload upload_image cross site scripting |
| CVE-2024-29836 | 2024-04-14 | Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover |
| CVE-2024-29837 | 2024-04-14 | Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections |
| CVE-2024-29838 | 2024-04-14 | Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash |
| CVE-2024-29839 | 2024-04-14 | Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values. |
| CVE-2024-29840 | 2024-04-14 | Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values |
| CVE-2024-29841 | 2024-04-14 | Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values |