CVE List - 2024 / April
Showing 2801 - 2900 of 3605 CVEs for April 2024 (Page 29 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-4020 | 2024-04-20 | Tenda FH1206 addressNat fromAddressNat buffer overflow |
| CVE-2024-4021 | 2024-04-21 | Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure |
| CVE-2024-4022 | 2024-04-21 | Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure |
| CVE-2024-29217 | 2024-04-21 | Apache Answer: XSS vulnerability when changing personal website |
| CVE-2024-29733 | 2024-04-21 | Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context |
| CVE-2015-10132 | 2024-04-21 | Thimo Grauerholz WP-Spreadplugin spreadplugin.php cross site scripting |
| CVE-2022-34560 | 2024-04-22 | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. |
| CVE-2022-34561 | 2024-04-22 | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter. |
| CVE-2022-34562 | 2024-04-22 | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. |
| CVE-2022-35503 | 2024-04-22 | Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF)... |
| CVE-2022-46897 | 2024-04-22 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it... |
| CVE-2023-38290 | 2024-04-22 | Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13'... |
| CVE-2023-38291 | 2024-04-22 | An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and... |
| CVE-2023-38292 | 2024-04-22 | Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform... |
| CVE-2023-38293 | 2024-04-22 | Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps... |
| CVE-2023-38294 | 2024-04-22 | Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode='7', versionName='1.8.0(220310_1027)') that allows local third-party apps to... |
| CVE-2023-38295 | 2024-04-22 | Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The... |
| CVE-2023-38296 | 2024-04-22 | Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device... |
| CVE-2023-38298 | 2024-04-22 | Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the... |
| CVE-2023-38299 | 2024-04-22 | Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any... |
| CVE-2023-38300 | 2024-04-22 | A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device... |
| CVE-2023-38301 | 2024-04-22 | An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G,... |
| CVE-2024-22807 | 2024-04-22 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer... |
| CVE-2024-22808 | 2024-04-22 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC... |
| CVE-2024-22809 | 2024-04-22 | Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information. |
| CVE-2024-22813 | 2024-04-22 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the... |
| CVE-2024-22815 | 2024-04-22 | An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. |
| CVE-2024-22856 | 2024-04-22 | A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB... |
| CVE-2024-27574 | 2024-04-22 | SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. |
| CVE-2024-28436 | 2024-04-22 | Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter... |
| CVE-2024-28699 | 2024-04-22 | A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. |
| CVE-2024-28717 | 2024-04-22 | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. |
| CVE-2024-28722 | 2024-04-22 | Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint |
| CVE-2024-29368 | 2024-04-22 | An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage... |
| CVE-2024-29376 | 2024-04-22 | Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. |
| CVE-2024-29661 | 2024-04-22 | A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. |
| CVE-2024-30799 | 2024-04-22 | An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function. |
| CVE-2024-31036 | 2024-04-22 | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. |
| CVE-2024-31545 | 2024-04-22 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. |
| CVE-2024-32238 | 2024-04-22 | H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. |
| CVE-2024-32368 | 2024-04-22 | Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE)... |
| CVE-2024-32394 | 2024-04-22 | An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request. |
| CVE-2024-32399 | 2024-04-22 | Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. |
| CVE-2024-32407 | 2024-04-22 | An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. |
| CVE-2024-32418 | 2024-04-22 | An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. |
| CVE-2023-38297 | 2024-04-22 | An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a... |
| CVE-2023-38302 | 2024-04-22 | A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any... |
| CVE-2024-22811 | 2024-04-22 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC... |
| CVE-2024-31666 | 2024-04-22 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. |
| CVE-2024-32405 | 2024-04-22 | Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. |
| CVE-2018-25101 | 2024-04-22 | l2c2technologies Koha opac-MARCdetail.pl cross site scripting |
| CVE-2023-7252 | 2024-04-22 | Tickera < 3.5.2.5 - Ticket leakage through IDOR |
| CVE-2024-32690 | 2024-04-22 | WordPress RSS Feed Widget plugin <= 2.9.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32694 | 2024-04-22 | WordPress 3D FlipBook, PDF Viewer, PDF Embedder plugin <= 3.62 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32695 | 2024-04-22 | WordPress Language Switcher for Transposh plugin <= 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32696 | 2024-04-22 | WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32697 | 2024-04-22 | WordPress HelloAsso plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32698 | 2024-04-22 | WordPress Happy Addons for Elementor plugin <= 3.10.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32693 | 2024-04-22 | WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32691 | 2024-04-22 | WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability |
| CVE-2024-32688 | 2024-04-22 | WordPress MyRewards plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-32687 | 2024-04-22 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability |
| CVE-2024-32684 | 2024-04-22 | WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability |
| CVE-2024-32682 | 2024-04-22 | WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-32681 | 2024-04-22 | WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-4026 | 2024-04-22 | Cross-Site Scripting in the Holded application |
| CVE-2024-3645 | 2024-04-22 | The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to... |
| CVE-2024-27347 | 2024-04-22 | Apache HugeGraph-Hubble: SSRF in Hubble connection page |
| CVE-2024-27348 | 2024-04-22 | Apache HugeGraph-Server: Command execution in gremlin |
| CVE-2024-27349 | 2024-04-22 | Apache HugeGraph-Server: Bypass whitelist in Auth mode |
| CVE-2024-4040 | 2024-04-22 | Unauthenticated arbitrary file read and remote code execution in CrushFTP |
| CVE-2024-32039 | 2024-04-22 | FreeRDP Integer overflow & OutOfBound Write in clear_decompress_residual_data |
| CVE-2024-32040 | 2024-04-22 | FreeRDP vulnerable to integer underflow in nsc_rle_decode |
| CVE-2024-32041 | 2024-04-22 | FreeRDP OutOfBound Read in zgfx_decompress_segment |
| CVE-2024-32458 | 2024-04-22 | FreeRDP Out-Of-Bounds Read in planar_skip_plane_rle |
| CVE-2024-32459 | 2024-04-22 | FreeRDP Out-Of-Bounds Read in ncrush_decompress |
| CVE-2024-32460 | 2024-04-22 | FreeRDP Out-Of-Bounds Read in interleaved_decompress |
| CVE-2024-32461 | 2024-04-22 | LibreNMS vulnerable to time-based SQL injection that leads to database extraction |
| CVE-2024-32479 | 2024-04-22 | LibreNMS's Improper Sanitization on Service template name leads to Stored XSS |
| CVE-2024-32480 | 2024-04-22 | LibreNMS's Time-Based Blind SQL injection leads to database extraction |
| CVE-2024-32653 | 2024-04-22 | Insufficient input filtering of "package name" allows command execution in the device with shell privileges |
| CVE-2024-32656 | 2024-04-22 | Ant Media Server vulnerable to local privilege escalation |
| CVE-2024-32657 | 2024-04-22 | Hydra has persistent XSS vulnerability serving HTML build outputs |
| CVE-2024-3177 | 2024-04-22 | Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin |
| CVE-2023-48183 | 2024-04-23 | QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval. |
| CVE-2023-48184 | 2024-04-23 | QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. |
| CVE-2024-28627 | 2024-04-23 | An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. |
| CVE-2024-30800 | 2024-04-23 | PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. |
| CVE-2024-30886 | 2024-04-23 | A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url... |
| CVE-2024-31616 | 2024-04-23 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. |
| CVE-2024-31804 | 2024-04-23 | An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. |
| CVE-2024-32258 | 2024-04-23 | The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. |
| CVE-2024-33211 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. |
| CVE-2024-33212 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. |
| CVE-2024-33213 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. |
| CVE-2024-33214 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. |
| CVE-2024-33215 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. |
| CVE-2024-33217 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. |
| CVE-2024-3293 | 2024-04-23 | The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to... |
| CVE-2024-2760 | 2024-04-23 | Bkav Home v7816, build 2403161130 - Kernel Memory Leak |