CVE List - 2024 / April
Showing 3101 - 3200 of 3606 CVEs for April 2024 (Page 32 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-3893 | 2024-04-25 | The Classified Listing – Classified ads & Business Directory Plugin... |
| CVE-2023-51478 | 2024-04-25 | WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability |
| CVE-2023-51482 | 2024-04-25 | WordPress Eazy Plugin Manager plugin <= 4.1.2 - Auth. Arbitrary Options Update lead to RCE vulnerability |
| CVE-2023-51484 | 2024-04-25 | WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability |
| CVE-2024-22144 | 2024-04-25 | WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability |
| CVE-2024-3733 | 2024-04-25 | The Essential Addons for Elementor – Best Elementor Templates, Widgets,... |
| CVE-2024-25917 | 2024-04-25 | WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability |
| CVE-2024-30560 | 2024-04-25 | WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability |
| CVE-2024-31266 | 2024-04-25 | WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-4077 | 2024-04-25 | WordPress UDesign theme <= 4.7.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32961 | 2024-04-25 | WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4035 | 2024-04-25 | The Photo Gallery – GT3 Image Gallery & Gutenberg Block... |
| CVE-2024-3994 | 2024-04-25 | The Tutor LMS – eLearning and online course solution plugin... |
| CVE-2023-52220 | 2024-04-25 | WordPress MonsterInsights plugin <= 8.21.0 - Broken Access Control vulnerability |
| CVE-2024-25583 | 2024-04-25 | Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured |
| CVE-2024-4164 | 2024-04-25 | Tenda G3 ModifyPppAuthWhiteMac formModifyPppAuthWhiteMac stack-based overflow |
| CVE-2024-32676 | 2024-04-25 | WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability |
| CVE-2024-3730 | 2024-04-25 | The Simple Membership plugin for WordPress is vulnerable to Stored... |
| CVE-2024-2829 | 2024-04-25 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2024-2434 | 2024-04-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab |
| CVE-2024-1347 | 2024-04-25 | Authentication Bypass by Spoofing in GitLab |
| CVE-2024-4165 | 2024-04-25 | Tenda G3 modifyDhcpRule stack-based overflow |
| CVE-2024-4166 | 2024-04-25 | Tenda 4G300 sub_41E858 stack-based overflow |
| CVE-2024-4174 | 2024-04-25 | Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server |
| CVE-2024-4175 | 2024-04-25 | Improper Input Validation vulnerability in Hyperion Web Server |
| CVE-2024-4167 | 2024-04-25 | Tenda 4G300 sub_422AA4 stack-based overflow |
| CVE-2024-4168 | 2024-04-25 | Tenda 4G300 sub_4260F0 stack-based overflow |
| CVE-2024-25026 | 2024-04-25 | IBM WebSphere Application Server denial of service |
| CVE-2023-3597 | 2024-04-25 | Keycloak: secondary factor bypass in step-up authentication |
| CVE-2024-4169 | 2024-04-25 | Tenda 4G300 sub_4279CC stack-based overflow |
| CVE-2024-4170 | 2024-04-25 | Tenda 4G300 sub_429A30 stack-based overflow |
| CVE-2024-4006 | 2024-04-25 | Incorrect Authorization in GitLab |
| CVE-2024-4024 | 2024-04-25 | Authentication Bypass by Assumed-Immutable Data in GitLab |
| CVE-2024-4171 | 2024-04-25 | Tenda W30E WizardHandle fromWizardHandle stack-based overflow |
| CVE-2024-4172 | 2024-04-25 | idcCMS cross-site request forgery |
| CVE-2024-25569 | 2024-04-25 | An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of... |
| CVE-2024-22373 | 2024-04-25 | An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of... |
| CVE-2024-22391 | 2024-04-25 | A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality... |
| CVE-2024-33592 | 2024-04-25 | WordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-5675 | 2024-04-25 | Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used. |
| CVE-2023-6484 | 2024-04-25 | Keycloak: log injection during webauthn authentication or registration |
| CVE-2023-6544 | 2024-04-25 | Keycloak: authorization bypass |
| CVE-2023-6596 | 2024-04-25 | Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325) |
| CVE-2023-6717 | 2024-04-25 | Keycloak: xss via assertion consumer service url in saml post-binding flow |
| CVE-2023-6787 | 2024-04-25 | Keycloak: session hijacking via re-authentication |
| CVE-2024-0874 | 2024-04-25 | Coredns: cd bit response is cached and served later |
| CVE-2024-1102 | 2024-04-25 | Jberet: jberet-core logging database credentials |
| CVE-2024-1139 | 2024-04-25 | Cluster-monitoring-operator: credentials leak |
| CVE-2024-1657 | 2024-04-25 | Platform: insecure websocket used when interacting with eda server |
| CVE-2024-1726 | 2024-04-25 | Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service |
| CVE-2024-25624 | 2024-04-25 | iris-web vulnerable to Server Side Template Injection in reports |
| CVE-2024-28240 | 2024-04-25 | GLPI-Agent's MSI package installation permits local users to change Agent configuration |
| CVE-2024-28241 | 2024-04-25 | GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder |
| CVE-2024-2467 | 2024-04-25 | Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack) |
| CVE-2024-32467 | 2024-04-25 | Meteraphsere vulnerable to unauthorized viewing by workspace members |
| CVE-2024-32481 | 2024-04-25 | vyper's range(start, start + N) reverts for negative numbers |
| CVE-2024-32645 | 2024-04-25 | vyper performs incorrect topic logging in raw_log |
| CVE-2024-32646 | 2024-04-25 | vyper performs double eval of the slice args when buffer from adhoc locations |
| CVE-2024-32647 | 2024-04-25 | vyper performs double eval of raw_args in create_from_blueprint |
| CVE-2024-2905 | 2024-04-25 | Rpm-ostree: world-readable /etc/shadow file |
| CVE-2024-3508 | 2024-04-25 | Bzip2: compressed content bomb leads to denial of service of bombastic api |
| CVE-2024-3622 | 2024-04-25 | Mirror-registry: plain-text default csrf secret key |
| CVE-2024-3623 | 2024-04-25 | Mirror-registry: default database secret key stored in plain-text on initial configuration file |
| CVE-2024-3625 | 2024-04-25 | Mirror-registry: redis password stored in plain-text |
| CVE-2024-3624 | 2024-04-25 | Mirror-registry: database user and password stored in plain-text |
| CVE-2024-32648 | 2024-04-25 | vyper default functions don't respect nonreentrancy keys |
| CVE-2024-32649 | 2024-04-25 | vyper performs double eval of the argument of sqrt |
| CVE-2022-36028 | 2024-04-25 | BigBlueButton Greenlight Open Redirect vulnerability |
| CVE-2022-36029 | 2024-04-25 | BigBlueButton Greenlight Open Redirect vulnerability |
| CVE-2024-3265 | 2024-04-25 | WP Advanced Search <= 1.1.6 - Admin+ SQL Injection |
| CVE-2024-0916 | 2024-04-25 | Unauthenticated Remote Code Execution in UvDesk Community |
| CVE-2024-32651 | 2024-04-25 | Server Side Template Injection in Jinja2 allows Remote Command Execution |
| CVE-2024-32868 | 2024-04-25 | ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass |
| CVE-2022-48682 | 2024-04-26 | In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition... |
| CVE-2023-26603 | 2024-04-26 | JumpCloud Agent before 1.178.0 Creates a Temporary File in a... |
| CVE-2023-47252 | 2024-04-26 | An issue was discovered in PnpSmm in Insyde InsydeH2O with... |
| CVE-2023-51794 | 2024-04-26 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker... |
| CVE-2024-22633 | 2024-04-26 | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered... |
| CVE-2024-25343 | 2024-04-26 | Tenda N300 F3 router vulnerability allows users to bypass intended... |
| CVE-2024-28322 | 2024-04-26 | SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0... |
| CVE-2024-28325 | 2024-04-26 | Asus RT-N12+ B1 router stores credentials in cleartext, which could... |
| CVE-2024-28326 | 2024-04-26 | Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1... |
| CVE-2024-28327 | 2024-04-26 | Asus RT-N12+ B1 router stores user passwords in plaintext, which... |
| CVE-2024-28328 | 2024-04-26 | CSV Injection vulnerability in the Asus RT-N12+ router allows administrator... |
| CVE-2024-31502 | 2024-04-26 | An issue in Insurance Management System v.1.0.0 and before allows... |
| CVE-2024-31551 | 2024-04-26 | Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows... |
| CVE-2024-31601 | 2024-04-26 | An issue in Beijing Panabit Network Software Co., Ltd Panalog... |
| CVE-2024-31741 | 2024-04-26 | Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote... |
| CVE-2024-31755 | 2024-04-26 | cJSON v1.7.17 was discovered to contain a segmentation violation, which... |
| CVE-2024-31828 | 2024-04-26 | Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers... |
| CVE-2024-32404 | 2024-04-26 | Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1,... |
| CVE-2024-32406 | 2024-04-26 | Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1... |
| CVE-2024-33255 | 2024-04-26 | Jerryscript commit cefd391 was discovered to contain an Assertion Failure... |
| CVE-2024-33258 | 2024-04-26 | Jerryscript commit ff9ff8f was discovered to contain a segmentation violation... |
| CVE-2024-33259 | 2024-04-26 | Jerryscript commit cefd391 was discovered to contain a segmentation violation... |
| CVE-2024-33260 | 2024-04-26 | Jerryscript commit cefd391 was discovered to contain a segmentation violation... |
| CVE-2024-33263 | 2024-04-26 | QuickJS commit 3b45d15 was discovered to contain an Assertion Failure... |
| CVE-2024-33342 | 2024-04-26 | D-Link DIR-822+ V1.0.5 was found to contain a command injection... |
| CVE-2024-33343 | 2024-04-26 | D-Link DIR-822+ V1.0.5 was found to contain a command injection... |
| CVE-2024-33344 | 2024-04-26 | D-Link DIR-822+ V1.0.5 was found to contain a command injection... |