CVE List - 2024 / April
Showing 3401 - 3500 of 3605 CVEs for April 2024 (Page 35 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31621 | 2024-04-29 | An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. |
| CVE-2024-31747 | 2024-04-29 | An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option. |
| CVE-2024-31801 | 2024-04-29 | Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request. |
| CVE-2024-31820 | 2024-04-29 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component. |
| CVE-2024-31821 | 2024-04-29 | SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component. |
| CVE-2024-31822 | 2024-04-29 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. |
| CVE-2024-31823 | 2024-04-29 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. |
| CVE-2024-32269 | 2024-04-29 | An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet. |
| CVE-2024-32491 | 2024-04-29 | An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request)... |
| CVE-2024-32492 | 2024-04-29 | An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. |
| CVE-2024-32493 | 2024-04-29 | An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter... |
| CVE-2024-33266 | 2024-04-29 | SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function. |
| CVE-2024-33268 | 2024-04-29 | SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. |
| CVE-2024-33269 | 2024-04-29 | SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. |
| CVE-2024-33271 | 2024-04-29 | An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. |
| CVE-2024-33272 | 2024-04-29 | SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components. |
| CVE-2024-33276 | 2024-04-29 | SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. |
| CVE-2024-33338 | 2024-04-29 | Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. |
| CVE-2024-33345 | 2024-04-29 | D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-33350 | 2024-04-29 | Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. |
| CVE-2024-33435 | 2024-04-29 | Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend... |
| CVE-2024-33438 | 2024-04-29 | File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. |
| CVE-2024-33444 | 2024-04-29 | SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. |
| CVE-2024-33445 | 2024-04-29 | An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. |
| CVE-2024-33449 | 2024-04-29 | An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter |
| CVE-2024-33903 | 2024-04-29 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. |
| CVE-2024-33904 | 2024-04-29 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. |
| CVE-2024-33905 | 2024-04-29 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. |
| CVE-2024-34020 | 2024-04-29 | A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. |
| CVE-2024-34044 | 2024-04-29 | The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. |
| CVE-2024-34045 | 2024-04-29 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). |
| CVE-2024-34046 | 2024-04-29 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). |
| CVE-2024-34047 | 2024-04-29 | O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. |
| CVE-2024-34048 | 2024-04-29 | O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. |
| CVE-2024-34049 | 2024-04-29 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. |
| CVE-2024-34050 | 2024-04-29 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. |
| CVE-2023-46270 | 2024-04-29 | MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items. |
| CVE-2024-31705 | 2024-04-29 | An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. |
| CVE-2024-32268 | 2024-04-29 | An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component. |
| CVE-2024-33401 | 2024-04-29 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. |
| CVE-2024-33443 | 2024-04-29 | An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. |
| CVE-2024-34043 | 2024-04-29 | O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. |
| CVE-2024-4296 | 2024-04-29 | HGiga iSherlock - Arbitrary File Download |
| CVE-2024-4297 | 2024-04-29 | HGiga iSherlock - Arbitrary File Download |
| CVE-2024-4298 | 2024-04-29 | HGiga iSherlock - Command Injection |
| CVE-2024-4299 | 2024-04-29 | HGiga iSherlock - Command Injection |
| CVE-2024-4300 | 2024-04-29 | E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure |
| CVE-2024-2756 | 2024-04-29 | __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix |
| CVE-2024-3096 | 2024-04-29 | PHP function password_verify can erroneously return true when argument contains NUL |
| CVE-2024-2757 | 2024-04-29 | PHP mb_encode_mimeheader runs endlessly for some inputs |
| CVE-2024-1874 | 2024-04-29 | Command injection via array-ish $command parameter of proc_open() |
| CVE-2024-4301 | 2024-04-29 | N-Reporter and N-Cloud from N-Partner - Os Command Injection |
| CVE-2024-33649 | 2024-04-29 | WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33648 | 2024-04-29 | WordPress Recencio Book Reviews plugin <= 1.66.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33646 | 2024-04-29 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability |
| CVE-2024-33645 | 2024-04-29 | WordPress Easy Set Favicon plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33643 | 2024-04-29 | WordPress Advanced Most Recent Posts Mod plugin <= 1.6.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33640 | 2024-04-29 | WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33633 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33631 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33630 | 2024-04-29 | WordPress Piotnet Addons For Elementor plugin <= 2.4.26 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33571 | 2024-04-29 | WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33562 | 2024-04-29 | WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33554 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33548 | 2024-04-29 | WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33540 | 2024-04-29 | WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33539 | 2024-04-29 | WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33537 | 2024-04-29 | WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4302 | 2024-04-29 | Super 8 livechat SDK - Cross-site Scripting |
| CVE-2024-33686 | 2024-04-29 | Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes |
| CVE-2024-4303 | 2024-04-29 | ArmorX Android APP - MFA Bypass |
| CVE-2024-33632 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-1905 | 2024-04-29 | Smart Forms < 2.6.96 - Admin+ Stored XSS |
| CVE-2024-2505 | 2024-04-29 | GamiPress < 6.8.9 - Broken Access Control |
| CVE-2024-33681 | 2024-04-29 | WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability |
| CVE-2024-33542 | 2024-04-29 | WordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-33559 | 2024-04-29 | WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-33551 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-33546 | 2024-04-29 | WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability |
| CVE-2024-33544 | 2024-04-29 | WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-3191 | 2024-04-29 | MailCleaner Email os command injection |
| CVE-2024-3192 | 2024-04-29 | MailCleaner Admin Interface cross site scripting |
| CVE-2024-3193 | 2024-04-29 | MailCleaner Admin Endpoints os command injection |
| CVE-2024-3194 | 2024-04-29 | MailCleaner Log File Endpoint cross site scripting |
| CVE-2024-3195 | 2024-04-29 | MailCleaner Admin Endpoints path traversal |
| CVE-2024-3196 | 2024-04-29 | MailCleaner SOAP Service dumpConfiguration os command injection |
| CVE-2024-33641 | 2024-04-29 | WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability |
| CVE-2024-33553 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-33584 | 2024-04-29 | WordPress Video Conferencing with Zoom plugin <= 4.4.4 - Open Redirection vulnerability |
| CVE-2024-33627 | 2024-04-29 | WordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33629 | 2024-04-29 | WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.0.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33634 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33637 | 2024-04-29 | WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-33575 | 2024-04-29 | WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability |
| CVE-2024-33538 | 2024-04-29 | WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-33566 | 2024-04-29 | WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability |
| CVE-2024-33652 | 2024-04-29 | WordPress Client Dash plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2024-33558 | 2024-04-29 | WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability |
| CVE-2024-33684 | 2024-04-29 | WordPress Save as PDF plugin by Pdfcrowd plugin <= 3.2.0 - Broken Access Control to Stored XSS vulnerability |
| CVE-2024-33636 | 2024-04-29 | WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability |