CVE List - 2024 / April
Showing 3501 - 3600 of 3605 CVEs for April 2024 (Page 36 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-33635 | 2024-04-29 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability |
| CVE-2024-33597 | 2024-04-29 | WordPress SSU plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2024-28961 | 2024-04-29 | Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized... |
| CVE-2024-33596 | 2024-04-29 | WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability |
| CVE-2024-3375 | 2024-04-29 | Broken Access Control in Havelsan's Dialogue |
| CVE-2024-33595 | 2024-04-29 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-33594 | 2024-04-29 | WordPress Leaky Paywall plugin <= 4.20.8 - Price Manipulation vulnerability |
| CVE-2024-33593 | 2024-04-29 | WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability |
| CVE-2024-33591 | 2024-04-29 | WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability |
| CVE-2024-33590 | 2024-04-29 | WordPress basepress plugin <= 2.16.1 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-33589 | 2024-04-29 | WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2024-4304 | 2024-04-29 | Vulnerability on SWAL platform from GT3 Soluciones |
| CVE-2024-4306 | 2024-04-29 | Unrestricted Upload of File with Dangerous Type vulnerability in HubBank |
| CVE-2024-4308 | 2024-04-29 | SQL injection vulnerability in HubBank |
| CVE-2024-4307 | 2024-04-29 | SQL injection vulnerability in HubBank |
| CVE-2024-4309 | 2024-04-29 | SQL injection vulnerability in HubBank |
| CVE-2024-4310 | 2024-04-29 | Cross-site Scripting (XSS) vulnerability in HubBank |
| CVE-2024-33588 | 2024-04-29 | WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability |
| CVE-2024-33587 | 2024-04-29 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2024-33586 | 2024-04-29 | WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability |
| CVE-2024-33585 | 2024-04-29 | WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability |
| CVE-2024-27322 | 2024-04-29 | Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R... |
| CVE-2024-1579 | 2024-04-29 | Insufficient seeding of random number generator |
| CVE-2024-1969 | 2024-04-29 | Heap buffer overflow |
| CVE-2023-48683 | 2024-04-29 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux,... |
| CVE-2023-48684 | 2024-04-29 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758. |
| CVE-2024-34010 | 2024-04-29 | Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build... |
| CVE-2024-34011 | 2024-04-29 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. |
| CVE-2024-0840 | 2024-04-29 | Grandstream UCM Series IP PBX HTTP Parameter Injection |
| CVE-2024-33522 | 2024-04-29 | Privilege escalation in Calico CNI install binary |
| CVE-2019-19753 | 2024-04-30 | SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the... |
| CVE-2019-19754 | 2024-04-30 | HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as... |
| CVE-2019-19755 | 2024-04-30 | ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as... |
| CVE-2020-27478 | 2024-04-30 | Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature. |
| CVE-2020-5200 | 2024-04-30 | Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. |
| CVE-2023-45385 | 2024-04-30 | ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module. |
| CVE-2023-46304 | 2024-04-30 | modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed... |
| CVE-2023-49473 | 2024-04-30 | Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control. |
| CVE-2023-50053 | 2024-04-30 | An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) |
| CVE-2023-50059 | 2024-04-30 | An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce (random number) |
| CVE-2023-50914 | 2024-04-30 | A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone... |
| CVE-2024-22546 | 2024-04-30 | TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. |
| CVE-2024-23772 | 2024-04-30 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers... |
| CVE-2024-23773 | 2024-04-30 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of... |
| CVE-2024-23774 | 2024-04-30 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers... |
| CVE-2024-26331 | 2024-04-30 | ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily... |
| CVE-2024-28269 | 2024-04-30 | ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in... |
| CVE-2024-28716 | 2024-04-30 | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. |
| CVE-2024-29320 | 2024-04-30 | Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. |
| CVE-2024-29384 | 2024-04-30 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions. |
| CVE-2024-33101 | 2024-04-30 | A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word... |
| CVE-2024-33102 | 2024-04-30 | A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code... |
| CVE-2024-33103 | 2024-04-30 | An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the... |
| CVE-2024-33267 | 2024-04-30 | SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. |
| CVE-2024-33270 | 2024-04-30 | An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component. |
| CVE-2024-33273 | 2024-04-30 | SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. |
| CVE-2024-33274 | 2024-04-30 | Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of... |
| CVE-2024-33275 | 2024-04-30 | SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. |
| CVE-2024-33308 | 2024-04-30 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed... |
| CVE-2024-33309 | 2024-04-30 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is... |
| CVE-2024-33371 | 2024-04-30 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. |
| CVE-2024-33383 | 2024-04-30 | Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. |
| CVE-2024-33465 | 2024-04-30 | Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. |
| CVE-2024-33831 | 2024-04-30 | A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2024-33832 | 2024-04-30 | OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. |
| CVE-2024-34088 | 2024-04-30 | In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not... |
| CVE-2024-34149 | 2024-04-30 | In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check... |
| CVE-2019-19751 | 2024-04-30 | easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. |
| CVE-2019-19752 | 2024-04-30 | nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as... |
| CVE-2023-50915 | 2024-04-30 | An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS... |
| CVE-2024-29466 | 2024-04-30 | Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. |
| CVE-2024-31837 | 2024-04-30 | DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938. |
| CVE-2024-33332 | 2024-04-30 | An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. |
| CVE-2024-33436 | 2024-04-30 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables |
| CVE-2024-33437 | 2024-04-30 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. |
| CVE-2024-4327 | 2024-04-30 | Apryse WebViewer PDF Document cross site scripting |
| CVE-2024-4226 | 2024-04-30 | It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in... |
| CVE-2024-0216 | 2024-04-30 | The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers... |
| CVE-2024-1371 | 2024-04-30 | The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and... |
| CVE-2024-4225 | 2024-04-30 | NGDIN_ST v2.0D.0062 - Multiple Vulnerabilities |
| CVE-2024-1895 | 2024-04-30 | The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via... |
| CVE-2024-3072 | 2024-04-30 | The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to,... |
| CVE-2024-4185 | 2024-04-30 | The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently... |
| CVE-2024-2663 | 2024-04-30 | The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible... |
| CVE-2024-4337 | 2024-04-30 | Múltiple vulnerabilities on Adive Framework |
| CVE-2024-4336 | 2024-04-30 | Múltiple vulnerabilities on Adive Framework |
| CVE-2024-22405 | 2024-04-30 | XADMaster may not apply quarantine attribute correctly to extracted files |
| CVE-2024-2377 | 2024-04-30 | A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and... |
| CVE-2024-2617 | 2024-04-30 | A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to... |
| CVE-2024-2378 | 2024-04-30 | A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations. |
| CVE-2024-4340 | 2024-04-30 | Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. |
| CVE-2024-25575 | 2024-04-30 | A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability,... |
| CVE-2024-25648 | 2024-04-30 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously... |
| CVE-2024-25938 | 2024-04-30 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously... |
| CVE-2023-38002 | 2024-04-30 | IBM Storage Scale session fixation |
| CVE-2024-2877 | 2024-04-30 | Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node |
| CVE-2024-23463 | 2024-04-30 | Anti-Tampering bypass via Repair App functionality |
| CVE-2024-3411 | 2024-04-30 | Insufficient Randomness When Validating an IPMI Authenticated Session |
| CVE-2024-3746 | 2024-04-30 | Measuresoft ScadaPro Improper Access Control |
| CVE-2024-4348 | 2024-04-30 | osCommerce all-products cross site scripting |