CVE List - 2024 / April
Showing 3001 - 3100 of 3606 CVEs for April 2024 (Page 31 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32707 | 2024-04-24 | WordPress Image Slider plugin <= 1.1.125 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32702 | 2024-04-24 | WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32823 | 2024-04-24 | WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-32808 | 2024-04-24 | WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability |
| CVE-2024-32772 | 2024-04-24 | WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-32789 | 2024-04-24 | WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32785 | 2024-04-24 | WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32954 | 2024-04-24 | WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability |
| CVE-2022-45852 | 2024-04-24 | WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability |
| CVE-2023-23976 | 2024-04-24 | WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change |
| CVE-2023-23985 | 2024-04-24 | WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing |
| CVE-2024-28825 | 2024-04-24 | Brute-force protection ineffective for some login methods |
| CVE-2024-4111 | 2024-04-24 | Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow |
| CVE-2024-4112 | 2024-04-24 | Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow |
| CVE-2023-23989 | 2024-04-24 | WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection |
| CVE-2023-25785 | 2024-04-24 | WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability |
| CVE-2024-32872 | 2024-04-24 | Umbraco Workflow's Backoffice users can execute arbitrary SQL |
| CVE-2024-32958 | 2024-04-24 | WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability |
| CVE-2024-32947 | 2024-04-24 | WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32806 | 2024-04-24 | WordPress Headline Analyzer plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32795 | 2024-04-24 | WordPress WPCal.io <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32794 | 2024-04-24 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32793 | 2024-04-24 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32773 | 2024-04-24 | WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32728 | 2024-04-24 | WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4113 | 2024-04-24 | Tenda TX9 SetSysTimeCfg sub_42D4DC stack-based overflow |
| CVE-2024-4114 | 2024-04-24 | Tenda TX9 PowerSaveSet sub_42C014 stack-based overflow |
| CVE-2024-32699 | 2024-04-24 | WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32678 | 2024-04-24 | WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2024-32677 | 2024-04-24 | WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability |
| CVE-2024-32675 | 2024-04-24 | WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-4115 | 2024-04-24 | Tenda W15E AddDnsForward formAddDnsForward stack-based overflow |
| CVE-2024-32432 | 2024-04-24 | WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-32078 | 2024-04-24 | WordPress FV Player plugin <= 7.5.44.7212 - Unvalidated Redirects and Forwards vulnerability |
| CVE-2023-25790 | 2024-04-24 | WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection |
| CVE-2023-31090 | 2024-04-24 | WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability |
| CVE-2023-32127 | 2024-04-24 | WordPress Multi Rating plugin <= 5.0.6 - Unauth Arbitrary rating value change |
| CVE-2023-47504 | 2024-04-24 | WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability |
| CVE-2023-47774 | 2024-04-24 | WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability |
| CVE-2024-4116 | 2024-04-24 | Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow |
| CVE-2024-4117 | 2024-04-24 | Tenda W15E DelPortMapping formDelPortMapping stack-based overflow |
| CVE-2023-48763 | 2024-04-24 | WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability |
| CVE-2023-51405 | 2024-04-24 | WordPress BookingPress plugin <= 1.0.74 - Booking Price Manipulation vulnerability |
| CVE-2023-51425 | 2024-04-24 | WordPress Rencontre plugin <= 3.10.1 - Unauthenticated Account Takeover vulnerability |
| CVE-2023-51471 | 2024-04-24 | WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Arbitrary Options Update vulnerability |
| CVE-2024-4118 | 2024-04-24 | Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow |
| CVE-2024-3371 | 2024-04-24 | Insufficient validation of external input in Compass may enable MITM attacks |
| CVE-2023-51472 | 2024-04-24 | WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Account Takeover vulnerability |
| CVE-2024-23271 | 2024-04-24 | A logic issue was addressed with improved checks. This issue... |
| CVE-2024-23228 | 2024-04-24 | This issue was addressed through improved state management. This issue... |
| CVE-2024-27791 | 2024-04-24 | The issue was addressed with improved checks. This issue is... |
| CVE-2023-51477 | 2024-04-24 | WordPress BuddyBoss Theme theme <= 2.4.60 - Unauth. Arbitrary WordPress Settings Change vulnerability |
| CVE-2024-4119 | 2024-04-24 | Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow |
| CVE-2024-0151 | 2024-04-24 | Insufficient argument checking in Secure state Entry functions in software... |
| CVE-2024-4120 | 2024-04-24 | Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow |
| CVE-2024-4121 | 2024-04-24 | Tenda W15E formQOSRuleDel stack-based overflow |
| CVE-2024-4122 | 2024-04-24 | Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow |
| CVE-2024-20353 | 2024-04-24 | A vulnerability in the management and VPN web servers for... |
| CVE-2024-20359 | 2024-04-24 | A vulnerability in a legacy capability that allowed for the... |
| CVE-2024-4123 | 2024-04-24 | Tenda W15E SetPortMapping formSetPortMapping stack-based overflow |
| CVE-2024-4124 | 2024-04-24 | Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow |
| CVE-2024-4141 | 2024-04-24 | Out-of-bounds array write in Xpdf 4.05 due to incorrect bounds check |
| CVE-2024-4125 | 2024-04-24 | Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow |
| CVE-2024-32876 | 2024-04-24 | NewPipe has potential security vulnerability when importing settings |
| CVE-2024-4126 | 2024-04-24 | Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow |
| CVE-2024-4127 | 2024-04-24 | Tenda W15E guestWifiRuleRefresh stack-based overflow |
| CVE-2024-20358 | 2024-04-24 | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore... |
| CVE-2024-20356 | 2024-04-24 | A vulnerability in the web-based management interface of Cisco Integrated... |
| CVE-2024-20295 | 2024-04-24 | A vulnerability in the CLI of the Cisco Integrated Management... |
| CVE-2024-32879 | 2024-04-24 | social-auth-app-django Improper Handling of Case Sensitivity vulnerability |
| CVE-2024-20313 | 2024-04-24 | A vulnerability in the OSPF version 2 (OSPFv2) feature of... |
| CVE-2023-20248 | 2024-04-24 | A vulnerability in the web-based management interface of Cisco TelePresence... |
| CVE-2023-20249 | 2024-04-24 | A vulnerability in the web-based management interface of Cisco TelePresence... |
| CVE-2024-26923 | 2024-04-24 | af_unix: Fix garbage collector racing against connect() |
| CVE-2024-26924 | 2024-04-24 | netfilter: nft_set_pipapo: do not free live element |
| CVE-2024-26925 | 2024-04-24 | netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path |
| CVE-2024-29205 | 2024-04-24 | An Improper Check for Unusual or Exceptional Conditions vulnerability in... |
| CVE-2024-23527 | 2024-04-24 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche... |
| CVE-2024-26926 | 2024-04-24 | binder: check offset alignment in binder_get_object() |
| CVE-2024-29660 | 2024-04-25 | Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local... |
| CVE-2024-30890 | 2024-04-25 | Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker... |
| CVE-2024-30939 | 2024-04-25 | An issue discovered in Yealink VP59 Teams Editions with firmware... |
| CVE-2024-31574 | 2024-04-25 | Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local... |
| CVE-2024-31609 | 2024-04-25 | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers... |
| CVE-2024-31610 | 2024-04-25 | File Upload vulnerability in the function for employees to upload... |
| CVE-2024-31615 | 2024-04-25 | ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. |
| CVE-2024-32236 | 2024-04-25 | An issue in CmsEasy v.7.7 and before allows a remote... |
| CVE-2024-32324 | 2024-04-25 | Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400... |
| CVE-2024-33661 | 2024-04-25 | Portainer before 2.20.0 allows redirects when the target is not... |
| CVE-2024-33663 | 2024-04-25 | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys... |
| CVE-2024-33664 | 2024-04-25 | python-jose through 3.3.0 allows attackers to cause a denial of... |
| CVE-2024-32358 | 2024-04-25 | An issue in Jpress v.5.1.0 allows a remote attacker to... |
| CVE-2024-33247 | 2024-04-25 | Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL... |
| CVE-2024-4159 | 2024-04-25 | Protection mechanisms |
| CVE-2024-4161 | 2024-04-25 | Syslog traffic sent in clear-text |
| CVE-2024-2907 | 2024-04-25 | AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL |
| CVE-2023-6237 | 2024-04-25 | Excessive time spent checking invalid RSA public keys |
| CVE-2024-4173 | 2024-04-25 | SANnav versions exposes Kafka in the wan interface. |
| CVE-2024-3929 | 2024-04-25 | The Content Views – Post Grid & Filter, Recent Posts,... |
| CVE-2024-3988 | 2024-04-25 | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data... |