CVE List - 2024 / April
Showing 3001 - 3100 of 3605 CVEs for April 2024 (Page 31 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32823 | 2024-04-24 | WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-32808 | 2024-04-24 | WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability |
| CVE-2024-32772 | 2024-04-24 | WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-32789 | 2024-04-24 | WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32785 | 2024-04-24 | WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32954 | 2024-04-24 | WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability |
| CVE-2022-45852 | 2024-04-24 | WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability |
| CVE-2023-23976 | 2024-04-24 | WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change |
| CVE-2023-23985 | 2024-04-24 | WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing |
| CVE-2024-28825 | 2024-04-24 | Brute-force protection ineffective for some login methods |
| CVE-2024-4111 | 2024-04-24 | Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow |
| CVE-2024-4112 | 2024-04-24 | Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow |
| CVE-2023-23989 | 2024-04-24 | WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection |
| CVE-2023-25785 | 2024-04-24 | WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability |
| CVE-2024-32872 | 2024-04-24 | Umbraco Workflow's Backoffice users can execute arbitrary SQL |
| CVE-2024-32958 | 2024-04-24 | WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability |
| CVE-2024-32947 | 2024-04-24 | WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32806 | 2024-04-24 | WordPress Headline Analyzer plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32795 | 2024-04-24 | WordPress WPCal.io <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32794 | 2024-04-24 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32793 | 2024-04-24 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32773 | 2024-04-24 | WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32728 | 2024-04-24 | WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4113 | 2024-04-24 | Tenda TX9 SetSysTimeCfg sub_42D4DC stack-based overflow |
| CVE-2024-4114 | 2024-04-24 | Tenda TX9 PowerSaveSet sub_42C014 stack-based overflow |
| CVE-2024-32699 | 2024-04-24 | WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32678 | 2024-04-24 | WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2024-32677 | 2024-04-24 | WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability |
| CVE-2024-32675 | 2024-04-24 | WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-4115 | 2024-04-24 | Tenda W15E AddDnsForward formAddDnsForward stack-based overflow |
| CVE-2024-32432 | 2024-04-24 | WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-32078 | 2024-04-24 | WordPress FV Player plugin <= 7.5.44.7212 - Unvalidated Redirects and Forwards vulnerability |
| CVE-2023-25790 | 2024-04-24 | WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection |
| CVE-2023-31090 | 2024-04-24 | WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability |
| CVE-2023-32127 | 2024-04-24 | WordPress Multi Rating plugin <= 5.0.6 - Unauth Arbitrary rating value change |
| CVE-2023-47504 | 2024-04-24 | WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability |
| CVE-2023-47774 | 2024-04-24 | WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability |
| CVE-2024-4116 | 2024-04-24 | Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow |
| CVE-2024-4117 | 2024-04-24 | Tenda W15E DelPortMapping formDelPortMapping stack-based overflow |
| CVE-2023-48763 | 2024-04-24 | WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability |
| CVE-2023-51405 | 2024-04-24 | WordPress BookingPress plugin <= 1.0.74 - Booking Price Manipulation vulnerability |
| CVE-2023-51425 | 2024-04-24 | WordPress Rencontre plugin <= 3.10.1 - Unauthenticated Account Takeover vulnerability |
| CVE-2023-51471 | 2024-04-24 | WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Arbitrary Options Update vulnerability |
| CVE-2024-4118 | 2024-04-24 | Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow |
| CVE-2024-3371 | 2024-04-24 | Insufficient validation of external input in Compass may enable MITM attacks |
| CVE-2023-51472 | 2024-04-24 | WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Account Takeover vulnerability |
| CVE-2024-23271 | 2024-04-24 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website... |
| CVE-2024-23228 | 2024-04-24 | This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. |
| CVE-2024-27791 | 2024-04-24 | The issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, tvOS 17.3, macOS Ventura 13.6.4, iOS 16.7.5 and iPadOS 16.7.5, macOS Monterey 12.7.3,... |
| CVE-2023-51477 | 2024-04-24 | WordPress BuddyBoss Theme theme <= 2.4.60 - Unauth. Arbitrary WordPress Settings Change vulnerability |
| CVE-2024-4119 | 2024-04-24 | Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow |
| CVE-2024-0151 | 2024-04-24 | Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development... |
| CVE-2024-4120 | 2024-04-24 | Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow |
| CVE-2024-4121 | 2024-04-24 | Tenda W15E formQOSRuleDel stack-based overflow |
| CVE-2024-4122 | 2024-04-24 | Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow |
| CVE-2024-20353 | 2024-04-24 | A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to... |
| CVE-2024-20359 | 2024-04-24 | A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco... |
| CVE-2024-4123 | 2024-04-24 | Tenda W15E SetPortMapping formSetPortMapping stack-based overflow |
| CVE-2024-4124 | 2024-04-24 | Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow |
| CVE-2024-4141 | 2024-04-24 | Out-of-bounds array write in Xpdf 4.05 due to incorrect bounds check |
| CVE-2024-4125 | 2024-04-24 | Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow |
| CVE-2024-32876 | 2024-04-24 | NewPipe has potential security vulnerability when importing settings |
| CVE-2024-4126 | 2024-04-24 | Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow |
| CVE-2024-4127 | 2024-04-24 | Tenda W15E guestWifiRuleRefresh stack-based overflow |
| CVE-2024-20358 | 2024-04-24 | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local... |
| CVE-2024-20356 | 2024-04-24 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected... |
| CVE-2024-20295 | 2024-04-24 | A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate... |
| CVE-2024-32879 | 2024-04-24 | social-auth-app-django Improper Handling of Case Sensitivity vulnerability |
| CVE-2024-20313 | 2024-04-24 | A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in... |
| CVE-2023-20248 | 2024-04-24 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2023-20249 | 2024-04-24 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2024-26923 | 2024-04-24 | af_unix: Fix garbage collector racing against connect() |
| CVE-2024-26924 | 2024-04-24 | netfilter: nft_set_pipapo: do not free live element |
| CVE-2024-26925 | 2024-04-24 | netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path |
| CVE-2024-29205 | 2024-04-24 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker... |
| CVE-2024-23527 | 2024-04-24 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. |
| CVE-2024-26926 | 2024-04-24 | binder: check offset alignment in binder_get_object() |
| CVE-2024-29660 | 2024-04-25 | Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. |
| CVE-2024-30890 | 2024-04-25 | Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. |
| CVE-2024-30939 | 2024-04-25 | An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset... |
| CVE-2024-31574 | 2024-04-25 | Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script |
| CVE-2024-31609 | 2024-04-25 | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. |
| CVE-2024-31610 | 2024-04-25 | File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. |
| CVE-2024-31615 | 2024-04-25 | ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. |
| CVE-2024-32236 | 2024-04-25 | An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. |
| CVE-2024-32324 | 2024-04-25 | Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. |
| CVE-2024-33661 | 2024-04-25 | Portainer before 2.20.0 allows redirects when the target is not index.yaml. |
| CVE-2024-33663 | 2024-04-25 | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. |
| CVE-2024-33664 | 2024-04-25 | python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka... |
| CVE-2024-32358 | 2024-04-25 | An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. |
| CVE-2024-33247 | 2024-04-25 | Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. |
| CVE-2024-4159 | 2024-04-25 | Protection mechanisms |
| CVE-2024-4161 | 2024-04-25 | Syslog traffic sent in clear-text |
| CVE-2024-2907 | 2024-04-25 | AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL |
| CVE-2023-6237 | 2024-04-25 | Excessive time spent checking invalid RSA public keys |
| CVE-2024-4173 | 2024-04-25 | SANnav versions exposes Kafka in the wan interface. |
| CVE-2024-3929 | 2024-04-25 | The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget... |
| CVE-2024-3988 | 2024-04-25 | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| CVE-2024-3893 | 2024-04-25 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX... |
| CVE-2023-51478 | 2024-04-25 | WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability |