CVE List - 2024 / April
Showing 2601 - 2700 of 3606 CVEs for April 2024 (Page 27 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32592 | 2024-04-18 | WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32591 | 2024-04-18 | WordPress Backend Designer plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32590 | 2024-04-18 | WordPress Kattene plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32588 | 2024-04-18 | WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32587 | 2024-04-18 | WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-28076 | 2024-04-18 | SolarWinds Platform Arbitrary Open Redirection Vulnerability |
| CVE-2024-29001 | 2024-04-18 | SolarWinds Platform SWQL Injection Vulnerability |
| CVE-2024-29003 | 2024-04-18 | SolarWinds Platform Cross Site Scripting Vulnerability |
| CVE-2024-32586 | 2024-04-18 | WordPress Gutenberg Block Editor Toolkit plugin <= 1.40.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32585 | 2024-04-18 | WordPress Import Content in WordPress & WooCommerce with Excel plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32584 | 2024-04-18 | WordPress TeraWallet plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32583 | 2024-04-18 | WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32582 | 2024-04-18 | WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32581 | 2024-04-18 | WordPress Mortgage Calculators WP plugin <= 1.56 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32580 | 2024-04-18 | WordPress Master Slider plugin <= 3.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32579 | 2024-04-18 | WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32578 | 2024-04-18 | WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2833 | 2024-04-18 | The Jobs for WordPress plugin for WordPress is vulnerable to... |
| CVE-2024-32577 | 2024-04-18 | WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32576 | 2024-04-18 | WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32575 | 2024-04-18 | WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32574 | 2024-04-18 | WordPress WP Simple HTML Sitemap plugin <= 2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32573 | 2024-04-18 | WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32572 | 2024-04-18 | WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32571 | 2024-04-18 | WordPress WP Stripe Checkout plugin <= 1.2.2.41 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32570 | 2024-04-18 | WordPress Cornerstone plugin <= 0.8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-26921 | 2024-04-18 | inet: inet_defrag: prevent sk release while still in use |
| CVE-2024-32569 | 2024-04-18 | WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32568 | 2024-04-18 | WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32567 | 2024-04-18 | WordPress DirectoryPress plugin <= 3.6.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32566 | 2024-04-18 | WordPress WP Club Manager plugin <= 2.2.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32565 | 2024-04-18 | WordPress App Builder plugin <= 3.8.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32564 | 2024-04-18 | WordPress Post Grid Blocks and WordPress News Plugin – PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32563 | 2024-04-18 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32562 | 2024-04-18 | WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32561 | 2024-04-18 | WordPress Tagembed plugin <= 4.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32560 | 2024-04-18 | WordPress QR Code Composer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32559 | 2024-04-18 | WordPress WP 404 Auto Redirect to Similar Post plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32558 | 2024-04-18 | WordPress eCommerce Product Catalog plugin <= 3.3.32 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32556 | 2024-04-18 | WordPress HurryTimer plugin <=2.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32554 | 2024-04-18 | WordPress Knight Lab Timeline plugin <= 3.9.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32553 | 2024-04-18 | WordPress Superfly Menu plugin <= 5.0.25 - Auth. Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32600 | 2024-04-18 | WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability |
| CVE-2024-32552 | 2024-04-18 | WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32126 | 2024-04-18 | WordPress Navigation menu as dropdown Widget plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-49768 | 2024-04-18 | WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32602 | 2024-04-18 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability |
| CVE-2024-32551 | 2024-04-18 | WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability |
| CVE-2024-31229 | 2024-04-18 | WordPress Really Simple SSL plugin <= 7.2.3 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-32686 | 2024-04-18 | WordPress Backup Migration plugin <= 1.4.3 - Sensitive Data Exposure via Log vulnerability |
| CVE-2024-32689 | 2024-04-18 | WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2023-3675 | 2024-04-18 | Insufficient input validation when downloading certain file types. |
| CVE-2023-47843 | 2024-04-18 | WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Deletion |
| CVE-2024-3948 | 2024-04-18 | SourceCodester Home Clean Service System Photo student.add.php unrestricted upload |
| CVE-2023-50885 | 2024-04-18 | WordPress Store Locator WordPress Plugin <= 1.4.14 is vulnerable to Arbitrary File Deletion |
| CVE-2023-6897 | 2024-04-18 | The EAN for WooCommerce plugin for WordPress is vulnerable to... |
| CVE-2023-6892 | 2024-04-18 | The EAN for WooCommerce plugin for WordPress is vulnerable to... |
| CVE-2024-32475 | 2024-04-18 | Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes |
| CVE-2024-27306 | 2024-04-18 | aiohttp vulnerable to XSS on index pages for static file handling |
| CVE-2024-28185 | 2024-04-18 | Judge0 vulnerable to Sandbox Escape via Symbolic Link |
| CVE-2024-28189 | 2024-04-18 | Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link |
| CVE-2024-29021 | 2024-04-18 | SSRF into Sandbox Escape through Unsafe Default Configuration |
| CVE-2024-30257 | 2024-04-18 | 1Panel's password verification is suspected to have a timing attack vulnerability |
| CVE-2024-32466 | 2024-04-18 | Tolgee's API key scopes not checked when querying translation data |
| CVE-2024-2796 | 2024-04-18 | SSRF in Akana API Platform |
| CVE-2024-32470 | 2024-04-18 | Tolgee' API keys created by server admin users bypass the permission check |
| CVE-2024-24910 | 2024-04-18 | Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file |
| CVE-2024-32462 | 2024-04-18 | Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing |
| CVE-2024-23557 | 2024-04-18 | HCL Connections is vulnerable to a user enumeration vulnerability |
| CVE-2024-29986 | 2024-04-18 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-29987 | 2024-04-18 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2023-3758 | 2024-04-18 | Sssd: race condition during authorization leads to gpo policies functioning inconsistently |
| CVE-2024-20380 | 2024-04-18 | ClamAV HTML Parser Denial of Service Vulnerability |
| CVE-2024-32474 | 2024-04-18 | Sentry's superuser cleartext password leaked in logs |
| CVE-2024-32477 | 2024-04-18 | Race condition when flushing input stream leads to permission prompt bypass |
| CVE-2024-30107 | 2024-04-18 | HCL Connections is vulnerable to broken access control |
| CVE-2024-32473 | 2024-04-18 | Moby IPv6 enabled on IPv4-only network interfaces |
| CVE-2024-3741 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data |
| CVE-2024-22179 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data |
| CVE-2024-22186 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking |
| CVE-2024-21872 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking |
| CVE-2024-21846 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function |
| CVE-2024-1491 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function |
| CVE-2024-3742 | 2024-04-18 | Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information |
| CVE-2023-47435 | 2024-04-19 | An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows... |
| CVE-2023-49501 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker... |
| CVE-2023-49963 | 2024-04-19 | DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded... |
| CVE-2023-51791 | 2024-04-19 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2023-51792 | 2024-04-19 | Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker... |
| CVE-2023-51793 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2023-51795 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2023-51796 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2023-51797 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2023-51798 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2024-22640 | 2024-04-19 | TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial... |
| CVE-2024-22905 | 2024-04-19 | Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote... |
| CVE-2024-27752 | 2024-04-19 | Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a... |
| CVE-2024-30974 | 2024-04-19 | SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run... |
| CVE-2024-31546 | 2024-04-19 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-31547 | 2024-04-19 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection... |