CVE List - 2024 / May
Showing 1401 - 1500 of 4994 CVEs for May 2024 (Page 15 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-33113 | 2024-05-06 | D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. |
| CVE-2024-33117 | 2024-05-06 | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. |
| CVE-2024-33118 | 2024-05-06 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. |
| CVE-2024-33121 | 2024-05-06 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. |
| CVE-2024-33294 | 2024-05-06 | An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. |
| CVE-2024-33403 | 2024-05-06 | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. |
| CVE-2024-33404 | 2024-05-06 | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. |
| CVE-2024-33405 | 2024-05-06 | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. |
| CVE-2024-33406 | 2024-05-06 | SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. |
| CVE-2024-33407 | 2024-05-06 | SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. |
| CVE-2024-33408 | 2024-05-06 | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. |
| CVE-2024-33409 | 2024-05-06 | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. |
| CVE-2024-33410 | 2024-05-06 | SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. |
| CVE-2024-33749 | 2024-05-06 | DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. |
| CVE-2024-33752 | 2024-05-06 | An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload... |
| CVE-2024-33753 | 2024-05-06 | Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. |
| CVE-2024-33788 | 2024-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. |
| CVE-2024-33829 | 2024-05-06 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. |
| CVE-2024-33830 | 2024-05-06 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. |
| CVE-2024-34090 | 2024-05-06 | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously... |
| CVE-2024-34091 | 2024-05-06 | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to... |
| CVE-2024-34093 | 2024-05-06 | An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. |
| CVE-2024-34246 | 2024-05-06 | wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. |
| CVE-2024-34249 | 2024-05-06 | wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c. |
| CVE-2024-34250 | 2024-05-06 | A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in... |
| CVE-2024-34251 | 2024-05-06 | An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h. |
| CVE-2024-34252 | 2024-05-06 | wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c. |
| CVE-2024-34470 | 2024-05-06 | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file... |
| CVE-2024-34471 | 2024-05-06 | An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does... |
| CVE-2024-34472 | 2024-05-06 | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php... |
| CVE-2024-34532 | 2024-05-06 | A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. |
| CVE-2024-34533 | 2024-05-06 | A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a... |
| CVE-2024-34534 | 2024-05-06 | A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. |
| CVE-2024-34538 | 2024-05-06 | Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. |
| CVE-2023-33548 | 2024-05-06 | Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. |
| CVE-2024-33111 | 2024-05-06 | D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. |
| CVE-2024-33411 | 2024-05-06 | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. |
| CVE-2024-34089 | 2024-05-06 | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to... |
| CVE-2024-34092 | 2024-05-06 | An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release. |
| CVE-2024-4508 | 2024-05-06 | Ruijie RG-UAC static_route_edit_ipv6.php os command injection |
| CVE-2024-4509 | 2024-05-06 | Ruijie RG-UAC add_commit.php os command injection |
| CVE-2024-4510 | 2024-05-06 | Ruijie RG-UAC arp_add_commit.php os command injection |
| CVE-2024-4511 | 2024-05-06 | Shanghai Sunfull Automation BACnet Server HMI1002-ARM Message buffer overflow |
| CVE-2024-4512 | 2024-05-06 | SourceCodester Prison Management System edit-profile.php cross site scripting |
| CVE-2024-4513 | 2024-05-06 | Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting |
| CVE-2024-4514 | 2024-05-06 | Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting |
| CVE-2024-4515 | 2024-05-06 | Campcodes Complete Web-Based School Management System timetable_grade_wise.php cross site scripting |
| CVE-2024-4516 | 2024-05-06 | Campcodes Complete Web-Based School Management System timetable.php cross site scripting |
| CVE-2024-20056 | 2024-05-06 | In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20057 | 2024-05-06 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32873 | 2024-05-06 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32871 | 2024-05-06 | In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-20058 | 2024-05-06 | In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20059 | 2024-05-06 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20060 | 2024-05-06 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20064 | 2024-05-06 | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-20021 | 2024-05-06 | In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System... |
| CVE-2024-4517 | 2024-05-06 | Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php cross site scripting |
| CVE-2024-4518 | 2024-05-06 | Campcodes Complete Web-Based School Management System teacher_salary_invoice.php cross site scripting |
| CVE-2024-4519 | 2024-05-06 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting |
| CVE-2024-4521 | 2024-05-06 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting |
| CVE-2024-4522 | 2024-05-06 | Campcodes Complete Web-Based School Management System teacher_salary_details.php cross site scripting |
| CVE-2024-4523 | 2024-05-06 | Campcodes Complete Web-Based School Management System teacher_attendance_history1.php cross site scripting |
| CVE-2024-4524 | 2024-05-06 | Campcodes Complete Web-Based School Management System student_payment_invoice.php cross site scripting |
| CVE-2024-4525 | 2024-05-06 | Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting |
| CVE-2024-0904 | 2024-05-06 | Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting |
| CVE-2024-3752 | 2024-05-06 | Crelly Slider <= 1.4.5 - Admin+ Stored XSS |
| CVE-2024-3755 | 2024-05-06 | MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS |
| CVE-2024-3756 | 2024-05-06 | MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF |
| CVE-2024-4526 | 2024-05-06 | Campcodes Complete Web-Based School Management System student_payment_details3.php cross site scripting |
| CVE-2024-4527 | 2024-05-06 | Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting |
| CVE-2024-4528 | 2024-05-06 | SourceCodester Prison Management System user-record.php cross site scripting |
| CVE-2024-23186 | 2024-05-06 | E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy... |
| CVE-2024-23187 | 2024-05-06 | Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information... |
| CVE-2024-23188 | 2024-05-06 | Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to... |
| CVE-2024-23193 | 2024-05-06 | E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other... |
| CVE-2023-6854 | 2024-05-06 | The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization... |
| CVE-2023-49675 | 2024-05-06 | CODESYS: Out-of-bounds write through corrupted project files |
| CVE-2023-49676 | 2024-05-06 | CODESYS: Use after free vulnerability through corrupted project files |
| CVE-2024-3576 | 2024-05-06 | NPort 5100A Series Store XSS Vulnerability |
| CVE-2024-4547 | 2024-05-06 | Delta Electronics DIAEnergie Unauthenticated SQL Injection |
| CVE-2024-4548 | 2024-05-06 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2024-4549 | 2024-05-06 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2024-32972 | 2024-05-06 | go-ethereum denial of service via malicious p2p message |
| CVE-2023-33119 | 2024-05-06 | Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor |
| CVE-2023-43521 | 2024-05-06 | Use After Free in HLOS |
| CVE-2023-43524 | 2024-05-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio |
| CVE-2023-43525 | 2024-05-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio |
| CVE-2023-43526 | 2024-05-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio |
| CVE-2023-43527 | 2024-05-06 | Buffer Over-read in Video |
| CVE-2023-43528 | 2024-05-06 | Buffer Over-read in Audio |
| CVE-2023-43529 | 2024-05-06 | Reachable Assertion in Data Modem |
| CVE-2023-43530 | 2024-05-06 | Integer Overflow or Wraparound in HLOS |
| CVE-2023-43531 | 2024-05-06 | Access of Uninitialized Pointer in SPS Applications |
| CVE-2024-21471 | 2024-05-06 | Use After Free in Graphics Linux |
| CVE-2024-21474 | 2024-05-06 | Stack-based Buffer Overflow in PMIC |
| CVE-2024-21475 | 2024-05-06 | Use of Out-of-range Pointer Offset in Video |
| CVE-2024-21476 | 2024-05-06 | Improper Input Validation in Secure Processor |
| CVE-2024-21477 | 2024-05-06 | Buffer Over-read in WLAN Firmware |
| CVE-2024-21480 | 2024-05-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio |