CVE List - 2024 / May
Showing 2101 - 2200 of 4994 CVEs for May 2024 (Page 22 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-34818 | 2024-05-10 | WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32776 | 2024-05-10 | WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability |
| CVE-2024-4277 | 2024-05-10 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter |
| CVE-2024-4039 | 2024-05-10 | Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-4713 | 2024-05-10 | Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting |
| CVE-2024-4714 | 2024-05-10 | Campcodes Complete Web-Based School Management System update_subject.php cross site scripting |
| CVE-2024-4490 | 2024-05-10 | Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-4715 | 2024-05-10 | Campcodes Complete Web-Based School Management System update_grade.php cross site scripting |
| CVE-2024-22064 | 2024-05-10 | Configuration error Vulnerability in ZTE ZXUN-ePDG |
| CVE-2024-34974 | 2024-05-10 | Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter. |
| CVE-2024-34946 | 2024-05-10 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. |
| CVE-2024-34944 | 2024-05-10 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. |
| CVE-2024-34945 | 2024-05-10 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle. |
| CVE-2024-34943 | 2024-05-10 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. |
| CVE-2024-34942 | 2024-05-10 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. |
| CVE-2024-4693 | 2024-05-10 | Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash |
| CVE-2024-4716 | 2024-05-10 | Campcodes Complete Web-Based School Management System update_exam.php cross site scripting |
| CVE-2024-2257 | 2024-05-10 | Password Policy Bypass Vulnerability in Digisol Router |
| CVE-2024-4231 | 2024-05-10 | Incorrect Access Control Vulnerability in Digisol Router |
| CVE-2024-4232 | 2024-05-10 | Password Storage in Plaintext Vulnerability in Digisol Router |
| CVE-2024-4717 | 2024-05-10 | Campcodes Complete Web-Based School Management System update_classroom.php cross site scripting |
| CVE-2024-4718 | 2024-05-10 | Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting |
| CVE-2024-33771 | 2024-05-10 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
| CVE-2024-33772 | 2024-05-10 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime." |
| CVE-2024-31441 | 2024-05-10 | Arbitrary File Reading in DataEase |
| CVE-2024-33773 | 2024-05-10 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
| CVE-2024-33774 | 2024-05-10 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
| CVE-2024-32964 | 2024-05-10 | lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability |
| CVE-2024-4044 | 2024-05-10 | Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio |
| CVE-2024-4719 | 2024-05-10 | Campcodes Complete Web-Based School Management System delete_record.php cross site scripting |
| CVE-2024-4720 | 2024-05-10 | Campcodes Complete Web-Based School Management System approve_petty_cash.php cross site scripting |
| CVE-2024-30801 | 2024-05-10 | SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. |
| CVE-2024-34070 | 2024-05-10 | Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise |
| CVE-2024-34349 | 2024-05-10 | Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel |
| CVE-2024-4721 | 2024-05-10 | Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting |
| CVE-2024-28781 | 2024-05-10 | IBM UrbanCode Deploy cross-site scripting |
| CVE-2024-34360 | 2024-05-10 | Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX |
| CVE-2024-34695 | 2024-05-10 | WOWS Karma vulnerable to a post submission bounce/timing attack |
| CVE-2024-4722 | 2024-05-10 | Campcodes Complete Web-Based School Management System index.php cross site scripting |
| CVE-2023-26566 | 2024-05-10 | Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via... |
| CVE-2024-34245 | 2024-05-10 | An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. |
| CVE-2024-34199 | 2024-05-10 | TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. |
| CVE-2024-4723 | 2024-05-10 | Campcodes Legal Case Management System case-status cross site scripting |
| CVE-2024-4724 | 2024-05-10 | Campcodes Legal Case Management System case-type cross site scripting |
| CVE-2024-33818 | 2024-05-10 | Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. |
| CVE-2024-27269 | 2024-05-10 | IBM QRadar SIEM information disclosure |
| CVE-2024-4725 | 2024-05-10 | Campcodes Legal Case Management System client_user cross site scripting |
| CVE-2024-33819 | 2024-05-10 | Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function. |
| CVE-2024-34359 | 2024-05-10 | llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata |
| CVE-2023-37526 | 2024-05-10 | HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability |
| CVE-2023-38264 | 2024-05-10 | IBM SDK, Java Technology Edition denial of service |
| CVE-2024-34310 | 2024-05-10 | Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. |
| CVE-2024-22343 | 2024-05-10 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-4726 | 2024-05-10 | Campcodes Legal Case Management System clients cross site scripting |
| CVE-2024-30055 | 2024-05-10 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-22344 | 2024-05-10 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-22345 | 2024-05-10 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-4727 | 2024-05-10 | Campcodes Legal Case Management System court-type cross site scripting |
| CVE-2024-4728 | 2024-05-10 | Campcodes Legal Case Management System court cross site scripting |
| CVE-2024-4701 | 2024-05-10 | Path Traversal vulnerability via File Uploads in Genie |
| CVE-2024-4729 | 2024-05-10 | Campcodes Legal Case Management System expense-type cross site scripting |
| CVE-2024-4730 | 2024-05-10 | Campcodes Legal Case Management System judge cross site scripting |
| CVE-2024-34079 | 2024-05-10 | octo-sts allows unauthenticated attackers to cause unbounded CPU and memory usage |
| CVE-2024-4731 | 2024-05-10 | Campcodes Legal Case Management System role cross site scripting |
| CVE-2024-4732 | 2024-05-10 | Campcodes Legal Case Management System service cross site scripting |
| CVE-2024-4735 | 2024-05-10 | Campcodes Legal Case Management System tasks cross site scripting |
| CVE-2024-27460 | 2024-05-10 | A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. |
| CVE-2024-4736 | 2024-05-10 | Campcodes Legal Case Management System tax cross site scripting |
| CVE-2024-4737 | 2024-05-10 | Campcodes Legal Case Management System vendor cross site scripting |
| CVE-2024-4738 | 2024-05-10 | Campcodes Legal Case Management System cross site scripting |
| CVE-2024-4413 | 2024-05-10 | Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection |
| CVE-2024-4213 | 2024-05-10 | Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure |
| CVE-2024-4417 | 2024-05-10 | Falang multilanguage for WordPress <= 1.3.49 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-4430 | 2024-05-10 | Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute |
| CVE-2024-3055 | 2024-05-10 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-4574 | 2024-05-10 | Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-4209 | 2024-05-11 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer |
| CVE-2023-5447 | 2024-05-11 | Use-After-Free in Service for Hardware Support App for Fingerprint Driver |
| CVE-2024-4630 | 2024-05-11 | Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4560 | 2024-05-11 | Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function |
| CVE-2024-4329 | 2024-05-11 | Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-4487 | 2024-05-11 | Blocksy Companion <= 2.0.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads |
| CVE-2024-32989 | 2024-05-11 | Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32990 | 2024-05-11 | Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32991 | 2024-05-11 | Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32992 | 2024-05-11 | Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52383 | 2024-05-11 | Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52384 | 2024-05-11 | Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32993 | 2024-05-11 | Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52719 | 2024-05-11 | Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-32995 | 2024-05-11 | Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32996 | 2024-05-11 | Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32997 | 2024-05-11 | Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52720 | 2024-05-11 | Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32998 | 2024-05-11 | NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-32999 | 2024-05-11 | Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-4046 | 2024-05-11 | Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52721 | 2024-05-11 | The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2024-28761 | 2024-05-11 | IBM App Connect Enterprise HTML injection |
| CVE-2024-28760 | 2024-05-11 | IBM App Connect Enterprise denial of service |