CVE List - 2024 / May
Showing 1701 - 1800 of 4994 CVEs for May 2024 (Page 18 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-34965 | 2024-05-07 | Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34966 | 2024-05-07 | Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34967 | 2024-05-07 | Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34968 | 2024-05-07 | Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34969 | 2024-05-07 | Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-34970 | 2024-05-07 | Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability |
| CVE-2021-34971 | 2024-05-07 | Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2021-34972 | 2024-05-07 | Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-34973 | 2024-05-07 | Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-34974 | 2024-05-07 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34975 | 2024-05-07 | Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34976 | 2024-05-07 | Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-34981 | 2024-05-07 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability |
| CVE-2021-34982 | 2024-05-07 | NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2021-34983 | 2024-05-07 | NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability |
| CVE-2021-34999 | 2024-05-07 | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability |
| CVE-2021-35000 | 2024-05-07 | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability |
| CVE-2021-35001 | 2024-05-07 | BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability |
| CVE-2021-35002 | 2024-05-07 | BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability |
| CVE-2022-0369 | 2024-05-07 | Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability |
| CVE-2022-43651 | 2024-05-07 | Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-43652 | 2024-05-07 | Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-43653 | 2024-05-07 | Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-43654 | 2024-05-07 | NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability |
| CVE-2022-43655 | 2024-05-07 | Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-43656 | 2024-05-07 | Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-27321 | 2024-05-07 | OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability |
| CVE-2023-35748 | 2024-05-07 | D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-35749 | 2024-05-07 | D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-35757 | 2024-05-07 | D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-37325 | 2024-05-07 | D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability |
| CVE-2023-40490 | 2024-05-07 | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-25515 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. |
| CVE-2024-25517 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. |
| CVE-2024-25518 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. |
| CVE-2024-25519 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. |
| CVE-2024-25520 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. |
| CVE-2024-25521 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. |
| CVE-2024-25522 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. |
| CVE-2024-25523 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. |
| CVE-2024-25524 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. |
| CVE-2024-25525 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. |
| CVE-2024-25526 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. |
| CVE-2024-25528 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. |
| CVE-2024-25529 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. |
| CVE-2024-25530 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. |
| CVE-2024-25531 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. |
| CVE-2024-25532 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. |
| CVE-2024-25533 | 2024-05-08 | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or... |
| CVE-2024-31961 | 2024-05-08 | A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. |
| CVE-2024-34244 | 2024-05-08 | libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read... |
| CVE-2024-34255 | 2024-05-08 | jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. |
| CVE-2024-34257 | 2024-05-08 | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. |
| CVE-2024-25527 | 2024-05-08 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. |
| CVE-2024-33382 | 2024-05-08 | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration |
| CVE-2024-4456 | 2024-05-08 | In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. |
| CVE-2024-2860 | 2024-05-08 | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain... |
| CVE-2024-1930 | 2024-05-08 | No Limit on Number of Open Sessions / Bad Session Close Behaviour |
| CVE-2024-1929 | 2024-05-08 | Local Root Exploit via Configuration Dictionary |
| CVE-2024-2746 | 2024-05-08 | Incomplete fix for CVE-2024-1929 |
| CVE-2024-4162 | 2024-05-08 | KW Watcher Vulnerability ALlows Malicious Read Access to Memory |
| CVE-2024-4393 | 2024-05-08 | The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied... |
| CVE-2024-4418 | 2024-05-08 | Libvirt: stack use-after-free in virnetclientioeventloop() |
| CVE-2024-32674 | 2024-05-08 | Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user... |
| CVE-2024-22264 | 2024-05-08 | VMware Avi Load Balancer updates address multiple vulnerabilities |
| CVE-2024-22266 | 2024-05-08 | VMware Avi Load Balancer updates address multiple vulnerabilities |
| CVE-2024-3494 | 2024-05-08 | The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization... |
| CVE-2024-1076 | 2024-05-08 | SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access |
| CVE-2023-41651 | 2024-05-08 | WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability |
| CVE-2024-4436 | 2024-05-08 | Etcd: incomplete fix for cve-2022-41723 in openstack platform |
| CVE-2024-4437 | 2024-05-08 | Etcd: incomplete fix for cve-2021-44716 in openstack platform |
| CVE-2024-34574 | 2024-05-08 | WordPress Table Maker plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4438 | 2024-05-08 | Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform |
| CVE-2024-34573 | 2024-05-08 | WordPress Pootle Pagebuilder plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34572 | 2024-05-08 | WordPress Fancy Elementor Flipbox plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4281 | 2024-05-08 | The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization... |
| CVE-2024-4135 | 2024-05-08 | The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to... |
| CVE-2024-34571 | 2024-05-08 | WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34570 | 2024-05-08 | WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34569 | 2024-05-08 | WordPress Zotpress plugin <= 7.3.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-3507 | 2024-05-08 | Privilege escalation vulnerability in Lunar |
| CVE-2024-34568 | 2024-05-08 | WordPress LetterPress Newsletter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34566 | 2024-05-08 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34565 | 2024-05-08 | WordPress Debug Info plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34564 | 2024-05-08 | WordPress Counter Up plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34563 | 2024-05-08 | WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34562 | 2024-05-08 | WordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34561 | 2024-05-08 | WordPress Real3D Flipbook PDF Viewer Lite plugin <= 3.71 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34560 | 2024-05-08 | WordPress gee Search Plus plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34558 | 2024-05-08 | WordPress WOLF plugin <= 1.0.8.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34553 | 2024-05-08 | WordPress Stockholm Core plugin <= 2.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34548 | 2024-05-08 | WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4644 | 2024-05-08 | SourceCodester Prison Management System changepassword.php cross site scripting |
| CVE-2024-34547 | 2024-05-08 | WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34546 | 2024-05-08 | WordPress Sticky Social Link plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34414 | 2024-05-08 | WordPress Raindrops theme <= 1.600 - Cross Site Scripting (XSS) vulnerability |
| CVE-2022-40218 | 2024-05-08 | WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-4645 | 2024-05-08 | SourceCodester Prison Management System changepassword.php cross site scripting |
| CVE-2024-4646 | 2024-05-08 | Campcodes Complete Web-Based School Management System student_payment_details.php cross site scripting |
| CVE-2024-4647 | 2024-05-08 | Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting |