CVE List - 2024 / April
Showing 601 - 700 of 3606 CVEs for April 2024 (Page 7 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-3454 | 2024-04-04 | Remote code execution (RCE) vulnerability in Brocade Fabric OS after... |
| CVE-2024-27268 | 2024-04-04 | IBM WebSphere Application Server Liberty denial of service |
| CVE-2024-28787 | 2024-04-04 | IBM Security Verify Access information disclosure |
| CVE-2024-25692 | 2024-04-04 | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS |
| CVE-2024-25708 | 2024-04-04 | Persistent XSS when creating new application using Web App Builder |
| CVE-2024-25690 | 2024-04-04 | HTML injection in ArcGIS Web AppBuilder |
| CVE-2024-25697 | 2024-04-04 | Stored XSS in Portal for ArcGIS |
| CVE-2024-25696 | 2024-04-04 | Stored XSS in Portal for ArcGIS |
| CVE-2024-25695 | 2024-04-04 | concatenated errors resulting in cross site scripting and frame injection issues. |
| CVE-2024-25693 | 2024-04-04 | Portal for ArcGIS has a directory traversal vulnerability. |
| CVE-2024-25698 | 2024-04-04 | Reflected XSS in Portal for ArcGIS |
| CVE-2024-25700 | 2024-04-04 | Persistent XSS in URL added to a shared map |
| CVE-2024-25709 | 2024-04-04 | Self-XSS style in move item dialog |
| CVE-2024-2660 | 2024-04-04 | Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses |
| CVE-2024-25706 | 2024-04-04 | HTMLi at createFolder Content Injection |
| CVE-2024-25705 | 2024-04-04 | Cross site scripting issue in embed widget |
| CVE-2024-25699 | 2024-04-04 | Portal for ArcGIS has an invalid authentication vulnerability |
| CVE-2024-29192 | 2024-04-04 | GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability |
| CVE-2024-25007 | 2024-04-04 | Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability |
| CVE-2024-29193 | 2024-04-04 | GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability |
| CVE-2024-30249 | 2024-04-04 | Cloudburst Network DoS in RakNet connection handling |
| CVE-2024-30252 | 2024-04-04 | GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015` |
| CVE-2024-30254 | 2024-04-04 | Directory traversal allowing overwriting arbitrary files |
| CVE-2023-38709 | 2024-04-04 | Apache HTTP Server: HTTP response splitting |
| CVE-2024-24795 | 2024-04-04 | Apache HTTP Server: HTTP Response Splitting in multiple modules |
| CVE-2024-27316 | 2024-04-04 | Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames |
| CVE-2024-30255 | 2024-04-04 | HTTP/2: CPU exhaustion due to CONTINUATION frame flood |
| CVE-2024-22023 | 2024-04-04 | An XML entity expansion or XEE vulnerability in SAML component... |
| CVE-2024-22052 | 2024-04-04 | A null pointer dereference vulnerability in IPSec component of Ivanti... |
| CVE-2024-22053 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect... |
| CVE-2024-30264 | 2024-04-04 | typebot.io: `GHSL-2024-040` |
| CVE-2024-30270 | 2024-04-04 | mailcow Path Traversal and Arbitrary Code Execution Vulnerability |
| CVE-2024-3311 | 2024-04-04 | Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal |
| CVE-2023-45288 | 2024-04-04 | HTTP/2 CONTINUATION flood in net/http |
| CVE-2024-31204 | 2024-04-04 | mailcow Cross-site Scripting Vulnerability via Exception Handler |
| CVE-2024-3314 | 2024-04-04 | SourceCodester Computer Laboratory Management System Users.php sql injection |
| CVE-2024-3315 | 2024-04-04 | SourceCodester Computer Laboratory Management System user.php sql injection |
| CVE-2024-3316 | 2024-04-04 | SourceCodester Computer Laboratory Management System view_category.php sql injection |
| CVE-2024-29981 | 2024-04-04 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-29049 | 2024-04-04 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| CVE-2024-31206 | 2024-04-04 | Use of Unencrypted HTTP Request in dectalk-tts |
| CVE-2024-21894 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect... |
| CVE-2024-27981 | 2024-04-04 | A Command Injection vulnerability found in a Self-Hosted UniFi Network... |
| CVE-2024-31210 | 2024-04-04 | PHP file upload bypass via Plugin installer |
| CVE-2024-31211 | 2024-04-04 | Remote Code Execution in `WP_HTML_Token` |
| CVE-2024-31212 | 2024-04-04 | SQL injection in index_chart_data action |
| CVE-2024-22363 | 2024-04-05 | SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial... |
| CVE-2024-26329 | 2024-04-05 | Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via... |
| CVE-2024-29672 | 2024-04-05 | Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a... |
| CVE-2024-29863 | 2024-04-05 | A race condition in the installer executable in Qlik Qlikview... |
| CVE-2024-30849 | 2024-04-05 | Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0,... |
| CVE-2024-30891 | 2024-04-05 | A command injection vulnerability exists in /goform/exeCommand in Tenda AC18... |
| CVE-2024-31852 | 2024-04-05 | LLVM before 18.1.3 generates code in which the LR register... |
| CVE-2023-49965 | 2024-04-05 | SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS... |
| CVE-2023-52235 | 2024-04-05 | SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink... |
| CVE-2024-27448 | 2024-04-05 | MailDev 2 through 2.1.0 allows Remote Code Execution via a... |
| CVE-2024-28065 | 2024-04-05 | In Unify CP IP Phone firmware 1.10.4.3, files are not... |
| CVE-2024-30977 | 2024-04-05 | An issue in Secnet Security Network Intelligent AC Management System... |
| CVE-2024-3320 | 2024-04-05 | SourceCodester eLearning System cross site scripting |
| CVE-2024-3321 | 2024-04-05 | SourceCodester eLearning System Maintenance Module cross site scripting |
| CVE-2023-5973 | 2024-04-05 | Truncated port name |
| CVE-2024-2509 | 2024-04-05 | Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS |
| CVE-2024-3217 | 2024-04-05 | The WP Directory Kit plugin for WordPress is vulnerable to... |
| CVE-2024-2115 | 2024-04-05 | The LearnPress – WordPress LMS Plugin plugin for WordPress is... |
| CVE-2024-21848 | 2024-04-05 | Users maintain access to active call after being removed from a channel |
| CVE-2024-28949 | 2024-04-05 | DoS via a large number of User Preferences |
| CVE-2024-29221 | 2024-04-05 | Invite ID available to team admins even without the "Add Members" permission |
| CVE-2024-26810 | 2024-04-05 | vfio/pci: Lock external INTx masking ops |
| CVE-2024-26812 | 2024-04-05 | vfio/pci: Create persistent INTx handler |
| CVE-2024-26813 | 2024-04-05 | vfio/platform: Create persistent IRQ handlers |
| CVE-2024-26814 | 2024-04-05 | vfio/fsl-mc: Block calling interrupt handler without trigger |
| CVE-2024-27437 | 2024-04-05 | vfio/pci: Disable auto-enable of exclusive INTx IRQ |
| CVE-2024-2447 | 2024-04-05 | Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before... |
| CVE-2023-6522 | 2024-04-05 | Information Disclosure in ExtremePacs's Extreme XDS |
| CVE-2023-6523 | 2024-04-05 | IDOR in ExtremePacs's Extreme XDS |
| CVE-2024-31083 | 2024-04-05 | Xorg-x11-server: use-after-free in procrenderaddglyphs |
| CVE-2023-5692 | 2024-04-05 | WordPress Core is vulnerable to Sensitive Information Exposure in versions... |
| CVE-2024-2499 | 2024-04-05 | The Squelch Tabs and Accordions Shortcodes plugin for WordPress is... |
| CVE-2024-2380 | 2024-04-05 | XSS in graph rendering |
| CVE-2024-31213 | 2024-04-05 | InstantCMS Open Redirect vulnerability |
| CVE-2024-31218 | 2024-04-05 | Missing Authentication for Critical Function in Webhood backend |
| CVE-2024-31220 | 2024-04-05 | Sunshine vulnerable to remote unauthenticated arbitrary file read |
| CVE-2023-48426 | 2024-04-05 | Chromecast Bootloader & Kernel-level code-execution including compromise of user-data |
| CVE-2024-3346 | 2024-04-05 | Byzoro Smart S80 webmailattach.php os command injection |
| CVE-2024-3347 | 2024-04-05 | SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection |
| CVE-2024-3348 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-3349 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System login.php sql injection |
| CVE-2024-3350 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-31848 | 2024-04-05 | A path traversal vulnerability exists in the Java version of... |
| CVE-2024-31849 | 2024-04-05 | A path traversal vulnerability exists in the Java version of... |
| CVE-2024-31850 | 2024-04-05 | A path traversal vulnerability exists in the Java version of... |
| CVE-2024-31851 | 2024-04-05 | A path traversal vulnerability exists in the Java version of... |
| CVE-2023-31028 | 2024-04-05 | NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability... |
| CVE-2024-0072 | 2024-04-05 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in... |
| CVE-2024-0076 | 2024-04-05 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in... |
| CVE-2024-0080 | 2024-04-05 | NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability... |
| CVE-2024-3351 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-22004 | 2024-04-05 | Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read |
| CVE-2024-0081 | 2024-04-05 | NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp... |
| CVE-2024-3352 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |