CVE List - 2024 / April
Showing 1801 - 1900 of 3606 CVEs for April 2024 (Page 19 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-29842 | 2024-04-14 | Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values |
| CVE-2024-29843 | 2024-04-14 | Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration |
| CVE-2024-29844 | 2024-04-14 | Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions |
| CVE-2020-22539 | 2024-04-15 | An arbitrary file upload vulnerability in the Add Category function... |
| CVE-2020-22540 | 2024-04-15 | Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers... |
| CVE-2023-33806 | 2024-04-15 | Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119,... |
| CVE-2023-45503 | 2024-04-15 | SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote... |
| CVE-2024-24485 | 2024-04-15 | An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows... |
| CVE-2024-24486 | 2024-04-15 | An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows... |
| CVE-2024-24487 | 2024-04-15 | An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows... |
| CVE-2024-28556 | 2024-04-15 | SQL Injection vulnerability in Sourcecodester php task management system v1.0,... |
| CVE-2024-28557 | 2024-04-15 | SQL Injection vulnerability in Sourcecodester php task management system v1.0,... |
| CVE-2024-28558 | 2024-04-15 | SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0,... |
| CVE-2024-30567 | 2024-04-15 | An issue in JNT Telecom JNT Liftcom UMS V1.J Core... |
| CVE-2024-30656 | 2024-04-15 | An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to... |
| CVE-2024-30840 | 2024-04-15 | A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers... |
| CVE-2024-31648 | 2024-04-15 | Cross Site Scripting (XSS) in Insurance Management System v1.0, allows... |
| CVE-2024-31649 | 2024-04-15 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online... |
| CVE-2024-31650 | 2024-04-15 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online... |
| CVE-2024-31651 | 2024-04-15 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online... |
| CVE-2024-31652 | 2024-04-15 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online... |
| CVE-2024-32488 | 2024-04-15 | In Foxit PDF Reader and Editor before 2024.1, Local Privilege... |
| CVE-2024-32489 | 2024-04-15 | TCPDF before 6.7.4 mishandles calls that use HTML syntax. |
| CVE-2024-22014 | 2024-04-15 | An issue discovered in 360 Total Security Antivirus through 11.0.0.1061... |
| CVE-2024-28056 | 2024-04-15 | Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role... |
| CVE-2024-31497 | 2024-04-15 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce... |
| CVE-2024-3772 | 2024-04-15 | Regular expression denial of service in Pydantic < 2.4.0 |
| CVE-2024-3774 | 2024-04-15 | aEnrich Technology a+HRD - Exposure of Sensitive Data |
| CVE-2024-3775 | 2024-04-15 | aEnrich Technology a+HRD - Argument Injection |
| CVE-2024-3776 | 2024-04-15 | Netvision airPASS - Reflected XSS |
| CVE-2024-3767 | 2024-04-15 | PHPGurukul News Portal edit-post.php sql injection |
| CVE-2024-3777 | 2024-04-15 | Ai3 QbiBot - Broken Access Control |
| CVE-2024-3768 | 2024-04-15 | PHPGurukul/itsourcecode News Portal search.php sql injection |
| CVE-2024-3778 | 2024-04-15 | Ai3 QbiBot - Unrestricted File Upload |
| CVE-2024-3769 | 2024-04-15 | PHPGurukul Student Record System login.php sql injection |
| CVE-2024-1655 | 2024-04-15 | ASUS WiFi Router - OS Command Injection |
| CVE-2023-6067 | 2024-04-15 | WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS |
| CVE-2023-7201 | 2024-04-15 | Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload |
| CVE-2024-0399 | 2024-04-15 | WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection |
| CVE-2024-0902 | 2024-04-15 | Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title |
| CVE-2024-1204 | 2024-04-15 | Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure |
| CVE-2024-1306 | 2024-04-15 | Smart Forms < 2.6.94 - Edit Entries via CSRF |
| CVE-2024-1307 | 2024-04-15 | Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control |
| CVE-2024-1310 | 2024-04-15 | WooCommerce < 8.6 - Contributor+ Private/Draft Products Access |
| CVE-2024-1660 | 2024-04-15 | Top Bar < 3.0.5 - Admin+ Stored XSS |
| CVE-2024-1712 | 2024-04-15 | Carousel Slider < 2.2.7 - Editor+ Stored XSS |
| CVE-2024-1746 | 2024-04-15 | Testimonial Slider < 2.3.8 - Admin+ Stored XSS |
| CVE-2024-1754 | 2024-04-15 | NPS computy <= 2.7.5 - Admin+ Stored XSS |
| CVE-2024-1755 | 2024-04-15 | NPS computy <= 2.7.5 - Results Deletion via CSRF |
| CVE-2024-1846 | 2024-04-15 | Responsive Tabs < 4.0.7 - Contributor+ Stored XSS |
| CVE-2024-1849 | 2024-04-15 | WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection |
| CVE-2024-2739 | 2024-04-15 | Advance Search <= 1.1.6 - Shortcode Deletion via CSRF |
| CVE-2024-2836 | 2024-04-15 | Super Socializer < 7.13.64 - Editor+ Stored XSS |
| CVE-2024-2857 | 2024-04-15 | Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS |
| CVE-2024-2858 | 2024-04-15 | Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF |
| CVE-2024-3770 | 2024-04-15 | PHPGurukul Student Record System sql injection |
| CVE-2024-3771 | 2024-04-15 | PHPGurukul Student Record System edit-subject.php sql injection |
| CVE-2024-32453 | 2024-04-15 | WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32429 | 2024-04-15 | WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32428 | 2024-04-15 | WordPress MWW Disclaimer Buttons plugin <= 3.0.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32149 | 2024-04-15 | WordPress Jobs for WordPress plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32147 | 2024-04-15 | WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32145 | 2024-04-15 | WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability |
| CVE-2024-32140 | 2024-04-15 | WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32138 | 2024-04-15 | WordPress Short URL plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32133 | 2024-04-15 | WordPress EZ Form Calculator plugin <= 2.14.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32079 | 2024-04-15 | WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-52144 | 2024-04-15 | WordPress Product Feed Manager plugin <= 7.3.15 - Directory Traversal vulnerability |
| CVE-2024-32454 | 2024-04-15 | WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-32430 | 2024-04-15 | WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-32431 | 2024-04-15 | WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection |
| CVE-2024-32139 | 2024-04-15 | WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability |
| CVE-2024-32137 | 2024-04-15 | WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability |
| CVE-2024-32136 | 2024-04-15 | WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability |
| CVE-2024-32135 | 2024-04-15 | WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability |
| CVE-2024-32134 | 2024-04-15 | WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability |
| CVE-2024-32132 | 2024-04-15 | WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - SQL Injection vulnerability |
| CVE-2024-32128 | 2024-04-15 | WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-32127 | 2024-04-15 | WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability |
| CVE-2024-32125 | 2024-04-15 | WordPress BA Book Everything plugin <= 1.6.4 - Auth. SQL Injection vulnerability |
| CVE-2024-32098 | 2024-04-15 | WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability |
| CVE-2024-32087 | 2024-04-15 | WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability |
| CVE-2024-3505 | 2024-04-15 | JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users |
| CVE-2024-32082 | 2024-04-15 | WordPress Sync Post With Other Site plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-31093 | 2024-04-15 | WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability |
| CVE-2024-31086 | 2024-04-15 | WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability |
| CVE-2024-30545 | 2024-04-15 | WordPress Social Author Bio plugin <= 2.4 - Stored XSS via Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32452 | 2024-04-15 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32451 | 2024-04-15 | WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32450 | 2024-04-15 | WordPress WpTravelly plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32449 | 2024-04-15 | WordPress RestroPress plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32448 | 2024-04-15 | WordPress Ads.txt Admin plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3701 | 2024-04-15 | Improper Authentication in com.transsion.kolun.aiservice |
| CVE-2024-32447 | 2024-04-15 | WordPress AWP Classifieds plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32446 | 2024-04-15 | WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32445 | 2024-04-15 | WordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32443 | 2024-04-15 | WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32442 | 2024-04-15 | WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32441 | 2024-04-15 | WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32440 | 2024-04-15 | WordPress Asgaros Forum plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability |