CVE List - 2024 / April
Showing 301 - 400 of 3606 CVEs for April 2024 (Page 4 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31011 | 2024-04-03 | Arbitrary file write vulnerability in beescms v.4.0, allows a remote... |
| CVE-2024-31012 | 2024-04-03 | An issue was discovered in SEMCMS v.4.8, allows remote attackers... |
| CVE-2023-35812 | 2024-04-03 | An issue was discovered in the Amazon Linux packages of... |
| CVE-2023-45552 | 2024-04-03 | In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability... |
| CVE-2024-25864 | 2024-04-03 | Server Side Request Forgery (SSRF) vulnerability in Friendica versions after... |
| CVE-2024-26495 | 2024-04-03 | Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12,... |
| CVE-2024-29477 | 2024-04-03 | Lack of sanitization during Installation Process in Dolibarr ERP CRM... |
| CVE-2024-30571 | 2024-04-03 | An information leak in the BRS_top.html component of Netgear R6850... |
| CVE-2024-30572 | 2024-04-03 | Netgear R6850 1.1.0.88 was discovered to contain a command injection... |
| CVE-2024-31013 | 2024-04-03 | Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3,... |
| CVE-2024-3221 | 2024-04-03 | SourceCodester PHP Task Management System attendance-info.php sql injection |
| CVE-2024-3222 | 2024-04-03 | SourceCodester PHP Task Management System admin-password-change.php sql injection |
| CVE-2024-3223 | 2024-04-03 | SourceCodester PHP Task Management System admin-manage-user.php sql injection |
| CVE-2024-3224 | 2024-04-03 | SourceCodester PHP Task Management System task-details.php sql injection |
| CVE-2024-3225 | 2024-04-03 | SourceCodester PHP Task Management System edit-task.php sql injection |
| CVE-2024-3226 | 2024-04-03 | Campcodes Online Patient Record Management System login.php sql injection |
| CVE-2024-3227 | 2024-04-03 | Panwei eoffice OA Backend save_image.php path traversal |
| CVE-2024-1327 | 2024-04-03 | The Jeg Elementor Kit plugin for WordPress is vulnerable to... |
| CVE-2024-3162 | 2024-04-03 | Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial |
| CVE-2024-2879 | 2024-04-03 | The LayerSlider plugin for WordPress is vulnerable to SQL Injection... |
| CVE-2024-2322 | 2024-04-03 | WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF |
| CVE-2023-34423 | 2024-04-03 | Survey Maker prior to 3.6.4 contains a stored cross-site scripting... |
| CVE-2023-35764 | 2024-04-03 | Insufficient verification of data authenticity issue in Survey Maker prior... |
| CVE-2024-29734 | 2024-04-03 | Uncontrolled search path element issue exists in SonicDICOM Media Viewer... |
| CVE-2024-0172 | 2024-04-03 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain... |
| CVE-2024-3251 | 2024-04-03 | SourceCodester Computer Laboratory Management System sql injection |
| CVE-2024-3252 | 2024-04-03 | SourceCodester Internship Portal Management System check_admin.php sql injection |
| CVE-2024-3253 | 2024-04-03 | SourceCodester Internship Portal Management System add_admin.php sql injection |
| CVE-2024-31390 | 2024-04-03 | WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability |
| CVE-2024-31380 | 2024-04-03 | WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability |
| CVE-2024-27972 | 2024-04-03 | WordPress WP Fusion Lite plugin <= 3.41.24 - Auth. Remote Code Execution (RCE) vulnerability |
| CVE-2024-27951 | 2024-04-03 | WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability |
| CVE-2024-3254 | 2024-04-03 | SourceCodester Internship Portal Management System edit_admin.php sql injection |
| CVE-2024-3255 | 2024-04-03 | SourceCodester Internship Portal Management System edit_admin_query.php sql injection |
| CVE-2024-28782 | 2024-04-03 | IBM QRadar Suite Software information disclosure |
| CVE-2024-27191 | 2024-04-03 | WordPress Slivery Extender plugin <= 1.0.2 - Auth. Remote Code Execution (RCE) vulnerability |
| CVE-2024-25918 | 2024-04-03 | WordPress InstaWP Connect plugin <= 0.1.0.8 - Auth. Remote Code Execution (RCE) vulnerability |
| CVE-2024-25030 | 2024-04-03 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect... |
| CVE-2024-25046 | 2024-04-03 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2024-25096 | 2024-04-03 | WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability |
| CVE-2024-24707 | 2024-04-03 | WordPress Cwicly plugin <= 1.4.0.2 - Auth. Remote Code Execution (RCE) vulnerability |
| CVE-2023-25699 | 2024-04-03 | WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE) |
| CVE-2024-27254 | 2024-04-03 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2023-38729 | 2024-04-03 | IBM Db2 information disclosure |
| CVE-2023-52296 | 2024-04-03 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2024-3256 | 2024-04-03 | SourceCodester Internship Portal Management System edit_activity.php sql injection |
| CVE-2024-22360 | 2024-04-03 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2024-3257 | 2024-04-03 | SourceCodester Internship Portal Management System edit_activity_query.php sql injection |
| CVE-2024-3258 | 2024-04-03 | SourceCodester Internship Portal Management System add_activity.php sql injection |
| CVE-2024-3259 | 2024-04-03 | SourceCodester Internship Portal Management System delete_activity.php sql injection |
| CVE-2024-0394 | 2024-04-03 | Rapid7 Minerva Armor Privilege Escalation |
| CVE-2024-22178 | 2024-04-03 | A file write vulnerability exists in the OAS Engine Save... |
| CVE-2024-21870 | 2024-04-03 | A file write vulnerability exists in the OAS Engine Tags... |
| CVE-2024-27201 | 2024-04-03 | An improper input validation vulnerability exists in the OAS Engine... |
| CVE-2024-24976 | 2024-04-03 | A denial of service vulnerability exists in the OAS Engine... |
| CVE-2024-31419 | 2024-04-03 | Cnv: information disclosure through the usage of vm-dump-metrics |
| CVE-2024-31420 | 2024-04-03 | Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes |
| CVE-2023-52637 | 2024-04-03 | can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) |
| CVE-2023-52638 | 2024-04-03 | can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock |
| CVE-2023-52639 | 2024-04-03 | KVM: s390: vsie: fix race during shadow creation |
| CVE-2024-26685 | 2024-04-03 | nilfs2: fix potential bug in end_buffer_async_write |
| CVE-2024-26686 | 2024-04-03 | fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats |
| CVE-2024-26687 | 2024-04-03 | xen/events: close evtchn after mapping cleanup |
| CVE-2024-26688 | 2024-04-03 | fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super |
| CVE-2024-26689 | 2024-04-03 | ceph: prevent use-after-free in encode_cap_msg() |
| CVE-2024-26690 | 2024-04-03 | net: stmmac: protect updates of 64-bit statistics counters |
| CVE-2024-26691 | 2024-04-03 | KVM: arm64: Fix circular locking dependency |
| CVE-2024-26692 | 2024-04-03 | smb: Fix regression in writes when non-standard maximum write size negotiated |
| CVE-2024-26693 | 2024-04-03 | wifi: iwlwifi: mvm: fix a crash when we run out of stations |
| CVE-2024-26694 | 2024-04-03 | wifi: iwlwifi: fix double-free bug |
| CVE-2024-26695 | 2024-04-03 | crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked |
| CVE-2024-26696 | 2024-04-03 | nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() |
| CVE-2024-26697 | 2024-04-03 | nilfs2: fix data corruption in dsync block recovery for small block sizes |
| CVE-2024-26698 | 2024-04-03 | hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove |
| CVE-2024-26699 | 2024-04-03 | drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr |
| CVE-2024-26700 | 2024-04-03 | drm/amd/display: Fix MST Null Ptr for RV |
| CVE-2024-26702 | 2024-04-03 | iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC |
| CVE-2024-26703 | 2024-04-03 | tracing/timerlat: Move hrtimer_init to timerlat_fd open() |
| CVE-2024-26704 | 2024-04-03 | ext4: fix double-free of blocks due to wrong extents moved_len |
| CVE-2024-26705 | 2024-04-03 | parisc: BTLB: Fix crash when setting up BTLB at CPU bringup |
| CVE-2024-26706 | 2024-04-03 | parisc: Fix random data corruption from exception handler |
| CVE-2024-26707 | 2024-04-03 | net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() |
| CVE-2024-26708 | 2024-04-03 | mptcp: really cope with fastopen race |
| CVE-2024-26709 | 2024-04-03 | powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach |
| CVE-2024-26710 | 2024-04-03 | powerpc/kasan: Limit KASAN thread size increase to 32KB |
| CVE-2024-26711 | 2024-04-03 | iio: adc: ad4130: zero-initialize clock init data |
| CVE-2024-26712 | 2024-04-03 | powerpc/kasan: Fix addr error caused by page alignment |
| CVE-2024-26714 | 2024-04-03 | interconnect: qcom: sc8180x: Mark CO0 BCM keepalive |
| CVE-2024-26715 | 2024-04-03 | usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend |
| CVE-2024-26716 | 2024-04-03 | usb: core: Prevent null pointer dereference in update_port_device_state |
| CVE-2024-26717 | 2024-04-03 | HID: i2c-hid-of: fix NULL-deref on failed power up |
| CVE-2024-26718 | 2024-04-03 | dm-crypt, dm-verity: disable tasklets |
| CVE-2024-26719 | 2024-04-03 | nouveau: offload fence uevents work to workqueue |
| CVE-2024-26721 | 2024-04-03 | drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address |
| CVE-2024-26722 | 2024-04-03 | ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() |
| CVE-2024-26723 | 2024-04-03 | lan966x: Fix crash when adding interface under a lag |
| CVE-2024-26724 | 2024-04-03 | net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers |
| CVE-2024-26725 | 2024-04-03 | dpll: fix possible deadlock during netlink dump operation |
| CVE-2024-26726 | 2024-04-03 | btrfs: don't drop extent_map for free space inode on write error |
| CVE-2024-26727 | 2024-04-03 | btrfs: do not ASSERT() if the newly created subvolume already got read |