CVE List - 2024 / May
Showing 2701 - 2800 of 4994 CVEs for May 2024 (Page 28 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-35179 | 2024-05-15 | Unprivileged Stalwart Mail Server user can read files as root |
| CVE-2023-5935 | 2024-05-15 | Missing authentication for local web interface in Arc before v1.6.0 |
| CVE-2023-5936 | 2024-05-15 | Unsafe temporary data privileges on Unix systems in Arc before v1.6.0 |
| CVE-2023-5937 | 2024-05-15 | Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 |
| CVE-2023-5938 | 2024-05-15 | Path traversal via 'zip slip' in Arc before v1.6.0 |
| CVE-2023-7258 | 2024-05-15 | Denial-of-Service in Gvisor |
| CVE-2024-27593 | 2024-05-15 | A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2024-3970 | 2024-05-15 | Server-Side Request Forgery vulnerability in iManager |
| CVE-2024-3968 | 2024-05-15 | Remote Code Execution vulnerability in the iManager |
| CVE-2024-3967 | 2024-05-15 | Remote Code Execution vulnerability in the iManager |
| CVE-2024-34082 | 2024-05-15 | Grav Arbitrary File Read to Account Takeover |
| CVE-2024-3892 | 2024-05-15 | Local code execution vulnerability in Telerik UI for WinForms |
| CVE-2024-3483 | 2024-05-15 | Remote Code Execution vulnerability in the iManager |
| CVE-2024-28042 | 2024-05-15 | SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component |
| CVE-2024-3484 | 2024-05-15 | Path Traversal vulnerability found in iManager |
| CVE-2024-3485 | 2024-05-15 | Server-Side Request Forgery vulnerability in iManager |
| CVE-2024-3486 | 2024-05-15 | XML External Entity injection vulnerability in iManager |
| CVE-2024-3487 | 2024-05-15 | Broken Authentication vulnerability in iManager |
| CVE-2024-3488 | 2024-05-15 | File Upload vulnerability in unauthenticated session found in iManager. |
| CVE-2024-4202 | 2024-05-15 | Progress Telerik Reporting Local Instantiation Vulnerability |
| CVE-2024-4622 | 2024-05-15 | alpitronic Hypercharger EV Charger Use of Default Credentials |
| CVE-2024-4200 | 2024-05-15 | Progress Telerik Reporting Local Deserialization Vulnerability |
| CVE-2024-4357 | 2024-05-15 | XML External Entity Processing Information Disclosure |
| CVE-2024-4837 | 2024-05-15 | Trust Boundary Violation Vulnerability |
| CVE-2024-20394 | 2024-05-15 | A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due... |
| CVE-2024-20392 | 2024-05-15 | A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This... |
| CVE-2024-20369 | 2024-05-15 | A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This... |
| CVE-2024-20391 | 2024-05-15 | A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.... |
| CVE-2024-20366 | 2024-05-15 | A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root... |
| CVE-2024-4905 | 2024-05-15 | Kashipara College Management System view_students_each_detail.php sql injection |
| CVE-2024-20258 | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct... |
| CVE-2024-25743 | 2024-05-15 | In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace... |
| CVE-2024-20256 | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct... |
| CVE-2024-20257 | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user... |
| CVE-2024-20383 | 2024-05-15 | Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2024-3182 | 2024-05-15 | Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed... |
| CVE-2024-35102 | 2024-05-15 | Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script. |
| CVE-2024-4906 | 2024-05-15 | Campcodes Complete Web-Based School Management System show_student1.php sql injection |
| CVE-2024-4907 | 2024-05-15 | Campcodes Complete Web-Based School Management System show_student2.php sql injection |
| CVE-2024-4908 | 2024-05-15 | Campcodes Complete Web-Based School Management System student_attendance_history1.php sql injection |
| CVE-2024-4909 | 2024-05-15 | Campcodes Complete Web-Based School Management System student_due_payment.php sql injection |
| CVE-2024-34025 | 2024-05-15 | CyberPower PowerPanel business Use of Hard-coded Password |
| CVE-2024-33625 | 2024-05-15 | CyberPower PowerPanel business Use of Hard-coded Password |
| CVE-2024-33615 | 2024-05-15 | CyberPower PowerPanel business Relative Path Traversal |
| CVE-2024-34906 | 2024-05-15 | An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-34909 | 2024-05-15 | An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-34913 | 2024-05-15 | An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-4904 | 2024-05-15 | Byzoro Smart S200 Management Platform userattestation.php unrestricted upload |
| CVE-2024-32053 | 2024-05-15 | CyberPower PowerPanel business Use of Hard-coded Credentials |
| CVE-2024-32047 | 2024-05-15 | CyberPower PowerPanel business Active Debug Code |
| CVE-2024-32042 | 2024-05-15 | CyberPower PowerPanel business Storing Passwords in a Recoverable Format |
| CVE-2024-31856 | 2024-05-15 | CyberPower PowerPanel business SQL Injection |
| CVE-2024-31410 | 2024-05-15 | CyberPower PowerPanel business Use of Hard-coded Cryptographic Key |
| CVE-2023-40297 | 2024-05-15 | Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component. |
| CVE-2024-4910 | 2024-05-15 | Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php sql injection |
| CVE-2024-31409 | 2024-05-15 | CyberPower PowerPanel business Incorrect Authorization |
| CVE-2024-4911 | 2024-05-15 | Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injection |
| CVE-2024-4912 | 2024-05-15 | Campcodes Online Examination System addExamExe.php sql injection |
| CVE-2024-4976 | 2024-05-15 | Out-of-bounds array write in Xpdf 4.05 due to missing object type check |
| CVE-2024-27243 | 2024-05-15 | Zoom Apps - Buffer Overflow |
| CVE-2024-4947 | 2024-05-15 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-4948 | 2024-05-15 | Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-4949 | 2024-05-15 | Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-4950 | 2024-05-15 | Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-27244 | 2024-05-15 | Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity |
| CVE-2024-4913 | 2024-05-15 | Campcodes Online Examination System exam.php sql injection |
| CVE-2024-35183 | 2024-05-15 | wolfictl leaks GitHub tokens to remote non-GitHub git servers |
| CVE-2024-35184 | 2024-05-15 | paperless-ngx's remote user auth via header works even when disabling it for API |
| CVE-2024-4914 | 2024-05-15 | Campcodes Online Examination System ranking-exam.php sql injection |
| CVE-2024-4915 | 2024-05-15 | Campcodes Online Examination System result.php sql injection |
| CVE-2024-4916 | 2024-05-15 | Campcodes Online Examination System selExamAttemptExe.php sql injection |
| CVE-2024-4917 | 2024-05-15 | Campcodes Online Examination System submitAnswerExe.php sql injection |
| CVE-2024-4918 | 2024-05-15 | Campcodes Online Examination System updateQuestion.php sql injection |
| CVE-2024-4919 | 2024-05-15 | Campcodes Online Examination System addCourseExe.php sql injection |
| CVE-2024-4920 | 2024-05-16 | SourceCodester Online Discussion Forum Site registerH.php unrestricted upload |
| CVE-2024-4921 | 2024-05-16 | SourceCodester Employee and Visitor Gate Pass Logging System unrestricted upload |
| CVE-2024-4922 | 2024-05-16 | SourceCodester Simple Image Stack Website cross site scripting |
| CVE-2024-4923 | 2024-05-16 | Codezips E-Commerce Site addproduct.php unrestricted upload |
| CVE-2024-4925 | 2024-05-16 | SourceCodester School Intramurals Student Attendance Management System manage_course.php sql injection |
| CVE-2024-4926 | 2024-05-16 | SourceCodester School Intramurals Student Attendance Management System manage_student.php sql injection |
| CVE-2024-4984 | 2024-05-16 | Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4927 | 2024-05-16 | SourceCodester Simple Online Bidding System unrestricted upload |
| CVE-2024-3750 | 2024-05-16 | Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution |
| CVE-2024-4928 | 2024-05-16 | SourceCodester Simple Online Bidding System sql injection |
| CVE-2024-4929 | 2024-05-16 | SourceCodester Simple Online Bidding System cross-site request forgery |
| CVE-2024-4930 | 2024-05-16 | SourceCodester Simple Online Bidding System sql injection |
| CVE-2024-4931 | 2024-05-16 | SourceCodester Simple Online Bidding System sql injection |
| CVE-2024-4932 | 2024-05-16 | SourceCodester Simple Online Bidding System sql injection |
| CVE-2024-4933 | 2024-05-16 | SourceCodester Simple Online Bidding System sql injection |
| CVE-2024-4945 | 2024-05-16 | SourceCodester Best Courier Management System view_parcel.php unrestricted upload |
| CVE-2024-4946 | 2024-05-16 | SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload |
| CVE-2024-4960 | 2024-05-16 | D-Link DAR-7000-40 licenseauthorization.php unrestricted upload |
| CVE-2024-4279 | 2024-05-16 | Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion |
| CVE-2024-4635 | 2024-05-16 | Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-4318 | 2024-05-16 | Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection |
| CVE-2024-3641 | 2024-05-16 | Newsletter Popup <= 1.2 - Unauthenticated Stored XSS |
| CVE-2024-3642 | 2024-05-16 | Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF |
| CVE-2024-3643 | 2024-05-16 | Newsletter Popup <= 1.2 - List Deletion via CSRF |
| CVE-2024-3644 | 2024-05-16 | Newsletter Popup <= 1.2 - Admin+ Stored XSS |
| CVE-2024-4961 | 2024-05-16 | D-Link DAR-7000-40 onlineuser.php unrestricted upload |