CVE List - 2024 / April
Showing 3401 - 3500 of 3606 CVEs for April 2024 (Page 35 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28294 | 2024-04-29 | Limbas up to v5.2.14 was discovered to contain a SQL... |
| CVE-2024-28320 | 2024-04-29 | Insecure Direct Object References (IDOR) vulnerability in Hospital Management System... |
| CVE-2024-31621 | 2024-04-29 | An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows... |
| CVE-2024-31705 | 2024-04-29 | An issue in Infotel Conseil GLPI v.10.X.X and after allows... |
| CVE-2024-31747 | 2024-04-29 | An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118... |
| CVE-2024-31801 | 2024-04-29 | Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote... |
| CVE-2024-31820 | 2024-04-29 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote... |
| CVE-2024-31821 | 2024-04-29 | SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a... |
| CVE-2024-31822 | 2024-04-29 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote... |
| CVE-2024-31823 | 2024-04-29 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote... |
| CVE-2024-32269 | 2024-04-29 | An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker... |
| CVE-2024-32491 | 2024-04-29 | An issue was discovered in Znuny and Znuny LTS 6.0.31... |
| CVE-2024-32492 | 2024-04-29 | An issue was discovered in Znuny 7.0.1 through 7.0.16 where... |
| CVE-2024-32493 | 2024-04-29 | An issue was discovered in Znuny LTS 6.5.1 through 6.5.7... |
| CVE-2024-33266 | 2024-04-29 | SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows... |
| CVE-2024-33268 | 2024-04-29 | SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an... |
| CVE-2024-33269 | 2024-04-29 | SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows... |
| CVE-2024-33271 | 2024-04-29 | An issue in FME Modules eventsmanager before 4.4.0 allows an... |
| CVE-2024-33272 | 2024-04-29 | SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0... |
| CVE-2024-33276 | 2024-04-29 | SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before... |
| CVE-2024-33338 | 2024-04-29 | Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote... |
| CVE-2024-33345 | 2024-04-29 | D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference... |
| CVE-2024-33350 | 2024-04-29 | Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker... |
| CVE-2024-33435 | 2024-04-29 | Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast... |
| CVE-2024-33438 | 2024-04-29 | File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated... |
| CVE-2024-33444 | 2024-04-29 | SQL injection vulnerability in onethink v.1.1 allows a remote attacker... |
| CVE-2024-33445 | 2024-04-29 | An issue in hisiphp v2.0.111 allows a remote attacker to... |
| CVE-2024-33449 | 2024-04-29 | An SSRF issue in the PDFMyURL service allows a remote... |
| CVE-2024-33903 | 2024-04-29 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations... |
| CVE-2024-33904 | 2024-04-29 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a... |
| CVE-2024-33905 | 2024-04-29 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web... |
| CVE-2024-34020 | 2024-04-29 | A stack-based buffer overflow was found in the putSDN() function... |
| CVE-2024-34044 | 2024-04-29 | The O-RAN E2T I-Release buildPrometheusList function can have a NULL... |
| CVE-2024-34045 | 2024-04-29 | The O-RAN E2T I-Release Prometheus metric Increment function can crash... |
| CVE-2024-34046 | 2024-04-29 | The O-RAN E2T I-Release Prometheus metric Increment function can crash... |
| CVE-2024-34047 | 2024-04-29 | O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. |
| CVE-2024-34048 | 2024-04-29 | O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. |
| CVE-2024-34049 | 2024-04-29 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice... |
| CVE-2024-34050 | 2024-04-29 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice... |
| CVE-2023-46270 | 2024-04-29 | MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing... |
| CVE-2024-32268 | 2024-04-29 | An issue in Tuya Smart camera U6N v.3.2.5 allows a... |
| CVE-2024-33401 | 2024-04-29 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote... |
| CVE-2024-33443 | 2024-04-29 | An issue in onethink v.1.1 allows a remote attacker to... |
| CVE-2024-34043 | 2024-04-29 | O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a... |
| CVE-2024-4296 | 2024-04-29 | HGiga iSherlock - Arbitrary File Download |
| CVE-2024-4297 | 2024-04-29 | HGiga iSherlock - Arbitrary File Download |
| CVE-2024-4298 | 2024-04-29 | HGiga iSherlock - Command Injection |
| CVE-2024-4299 | 2024-04-29 | HGiga iSherlock - Command Injection |
| CVE-2024-4300 | 2024-04-29 | E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure |
| CVE-2024-2756 | 2024-04-29 | __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix |
| CVE-2024-3096 | 2024-04-29 | PHP function password_verify can erroneously return true when argument contains NUL |
| CVE-2024-2757 | 2024-04-29 | PHP mb_encode_mimeheader runs endlessly for some inputs |
| CVE-2024-1874 | 2024-04-29 | Command injection via array-ish $command parameter of proc_open() |
| CVE-2024-4301 | 2024-04-29 | N-Reporter and N-Cloud from N-Partner - Os Command Injection |
| CVE-2024-33649 | 2024-04-29 | WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33648 | 2024-04-29 | WordPress Recencio Book Reviews plugin <= 1.66.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33646 | 2024-04-29 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability |
| CVE-2024-33645 | 2024-04-29 | WordPress Easy Set Favicon plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33643 | 2024-04-29 | WordPress Advanced Most Recent Posts Mod plugin <= 1.6.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33640 | 2024-04-29 | WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33633 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33631 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33630 | 2024-04-29 | WordPress Piotnet Addons For Elementor plugin <= 2.4.26 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33571 | 2024-04-29 | WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33562 | 2024-04-29 | WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33554 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33548 | 2024-04-29 | WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33540 | 2024-04-29 | WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33539 | 2024-04-29 | WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33537 | 2024-04-29 | WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4302 | 2024-04-29 | Super 8 livechat SDK - Cross-site Scripting |
| CVE-2024-33686 | 2024-04-29 | Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes |
| CVE-2024-4303 | 2024-04-29 | ArmorX Android APP - MFA Bypass |
| CVE-2024-33632 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-1905 | 2024-04-29 | Smart Forms < 2.6.96 - Admin+ Stored XSS |
| CVE-2024-2505 | 2024-04-29 | GamiPress < 6.8.9 - Broken Access Control |
| CVE-2024-33681 | 2024-04-29 | WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability |
| CVE-2024-33542 | 2024-04-29 | WordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-33559 | 2024-04-29 | WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-33551 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-33546 | 2024-04-29 | WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability |
| CVE-2024-33544 | 2024-04-29 | WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-3191 | 2024-04-29 | MailCleaner Email os command injection |
| CVE-2024-3192 | 2024-04-29 | MailCleaner Admin Interface cross site scripting |
| CVE-2024-3193 | 2024-04-29 | MailCleaner Admin Endpoints os command injection |
| CVE-2024-3194 | 2024-04-29 | MailCleaner Log File Endpoint cross site scripting |
| CVE-2024-3195 | 2024-04-29 | MailCleaner Admin Endpoints path traversal |
| CVE-2024-3196 | 2024-04-29 | MailCleaner SOAP Service dumpConfiguration os command injection |
| CVE-2024-33641 | 2024-04-29 | WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability |
| CVE-2024-33553 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-33584 | 2024-04-29 | WordPress Video Conferencing with Zoom plugin <= 4.4.4 - Open Redirection vulnerability |
| CVE-2024-33627 | 2024-04-29 | WordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33629 | 2024-04-29 | WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.0.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33634 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33637 | 2024-04-29 | WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-33575 | 2024-04-29 | WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability |
| CVE-2024-33538 | 2024-04-29 | WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-33566 | 2024-04-29 | WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability |
| CVE-2024-33652 | 2024-04-29 | WordPress Client Dash plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2024-33558 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability |