CVE List - 2024 / April
Showing 2301 - 2400 of 3605 CVEs for April 2024 (Page 24 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32311 | 2024-04-17 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. |
| CVE-2024-32312 | 2024-04-17 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. |
| CVE-2024-32313 | 2024-04-17 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. |
| CVE-2024-32314 | 2024-04-17 | Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. |
| CVE-2024-32315 | 2024-04-17 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. |
| CVE-2024-32316 | 2024-04-17 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. |
| CVE-2024-32317 | 2024-04-17 | Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. |
| CVE-2024-32318 | 2024-04-17 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. |
| CVE-2024-32320 | 2024-04-17 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. |
| CVE-2024-32337 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN... |
| CVE-2024-32338 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE... |
| CVE-2024-32339 | 2024-04-17 | Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of... |
| CVE-2024-32340 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE... |
| CVE-2024-32342 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink... |
| CVE-2024-32343 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content... |
| CVE-2024-32344 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter... |
| CVE-2024-32345 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter... |
| CVE-2024-32743 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE... |
| CVE-2024-32744 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS... |
| CVE-2024-32745 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION... |
| CVE-2024-32746 | 2024-04-17 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter... |
| CVE-2023-46060 | 2024-04-17 | A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component. |
| CVE-2024-30952 | 2024-04-17 | A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action. |
| CVE-2024-30981 | 2024-04-17 | SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL. |
| CVE-2024-30989 | 2024-04-17 | Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter. |
| CVE-2024-31031 | 2024-04-17 | An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. |
| CVE-2024-31578 | 2024-04-17 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
| CVE-2024-31580 | 2024-04-17 | PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-31581 | 2024-04-17 | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. |
| CVE-2024-31582 | 2024-04-17 | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of... |
| CVE-2024-31585 | 2024-04-17 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-32341 | 2024-04-17 | Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the... |
| CVE-2024-22354 | 2024-04-17 | IBM WebSphere Application Server XML external entity injection |
| CVE-2024-22329 | 2024-04-17 | IBM WebSphere Application Server server-side request forgery |
| CVE-2024-0868 | 2024-04-17 | coreActivity < 2.1 - Unauthenticated IP Spoofing |
| CVE-2024-1219 | 2024-04-17 | Easy Social Feed < 6.5.6 - Contributor+ Stored XSS |
| CVE-2024-2101 | 2024-04-17 | WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2024-2102 | 2024-04-17 | Salon booking system < 9.6.3 - Unauthenticated Stored XSS |
| CVE-2024-2118 | 2024-04-17 | Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings |
| CVE-2024-2309 | 2024-04-17 | WP Staging < 3.4.0, 5.4.0 (Pro Version) - Admin+ Stored XSS |
| CVE-2024-22440 | 2024-04-17 | HPE Compute Scale-up Server 3200 Server, Disclosure of Sensitive Information |
| CVE-2024-32532 | 2024-04-17 | WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability |
| CVE-2024-32525 | 2024-04-17 | WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability |
| CVE-2024-32524 | 2024-04-17 | WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2024-32522 | 2024-04-17 | WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability |
| CVE-2024-32520 | 2024-04-17 | WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability |
| CVE-2024-32519 | 2024-04-17 | WordPress GG Woo Feed for WooCommerce plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-32518 | 2024-04-17 | WordPress PeproDev Ultimate Invoice plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-32517 | 2024-04-17 | WordPress Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin <= 1.4.12 - Broken Access Control vulnerability |
| CVE-2024-32516 | 2024-04-17 | WordPress Multi Currency For WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2024-32515 | 2024-04-17 | WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability |
| CVE-2024-32509 | 2024-04-17 | WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability |
| CVE-2024-3832 | 2024-04-17 | Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-3833 | 2024-04-17 | Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-3834 | 2024-04-17 | Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-3837 | 2024-04-17 | Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2024-3838 | 2024-04-17 | Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app.... |
| CVE-2024-3839 | 2024-04-17 | Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium... |
| CVE-2024-3840 | 2024-04-17 | Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-3841 | 2024-04-17 | Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium... |
| CVE-2024-3843 | 2024-04-17 | Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-3844 | 2024-04-17 | Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) |
| CVE-2024-3845 | 2024-04-17 | Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-3846 | 2024-04-17 | Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-3847 | 2024-04-17 | Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-32514 | 2024-04-17 | WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability |
| CVE-2024-32513 | 2024-04-17 | WordPress Product Feed PRO for WooCommerce plugin <= 13.3.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-32506 | 2024-04-17 | WordPress Radio Player plugin <= 2.0.73 - Sensitive Data Exposure vulnerability |
| CVE-2024-32549 | 2024-04-17 | WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability |
| CVE-2024-32550 | 2024-04-17 | WordPress BMI Adult & Kid Calculator plugin <= 1.2.1 - CSRF to XSS vulnerability |
| CVE-2024-32548 | 2024-04-17 | WordPress What's New Generator plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32547 | 2024-04-17 | WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32546 | 2024-04-17 | WordPress Tax Rate Upload plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32545 | 2024-04-17 | WordPress Canva – Design beautiful blog graphics plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32544 | 2024-04-17 | WordPress Netgsm plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32543 | 2024-04-17 | WordPress MJ Update History plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32542 | 2024-04-17 | WordPress Bulk Block Converter plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32541 | 2024-04-17 | WordPress WP-Cufon plugin <= 1.6.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32540 | 2024-04-17 | WordPress Fixed HTML Toolbar plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32539 | 2024-04-17 | WordPress WP File Download Light plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-24856 | 2024-04-17 | NULL pointer deference in acpi_db_convert_to_package of Linux acpi module |
| CVE-2024-32538 | 2024-04-17 | WordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerability |
| CVE-2024-32536 | 2024-04-17 | WordPress WP TradingView plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32535 | 2024-04-17 | WordPress Access Category Password plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32534 | 2024-04-17 | WordPress Form Maker plugin <= 1.15.23 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32533 | 2024-04-17 | WordPress LH Add Media From Url plugin <= 1.22 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-25043 | 2024-04-17 | WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control |
| CVE-2023-36505 | 2024-04-17 | WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion |
| CVE-2023-44227 | 2024-04-17 | WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Arbitrary File Deletion |
| CVE-2024-32531 | 2024-04-17 | WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32530 | 2024-04-17 | WordPress Simple Testimonials Showcase plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32529 | 2024-04-17 | WordPress Yoga Schedule Momoyoga plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-52642 | 2024-04-17 | media: rc: bpf attach/detach requires write permission |
| CVE-2023-52643 | 2024-04-17 | iio: core: fix memleak in iio_device_register_sysfs |
| CVE-2024-26818 | 2024-04-17 | tools/rtla: Fix clang warning about mount_point var size |
| CVE-2024-26820 | 2024-04-17 | hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed |
| CVE-2024-26822 | 2024-04-17 | smb: client: set correct id, uid and cruid for multiuser automounts |
| CVE-2024-26823 | 2024-04-17 | irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems |
| CVE-2024-26824 | 2024-04-17 | crypto: algif_hash - Remove bogus SGL free on zero-length error path |
| CVE-2024-26825 | 2024-04-17 | nfc: nci: free rx_data_reassembly skb on NCI device cleanup |