CVE List - 2024 / May
Showing 4101 - 4200 of 4997 CVEs for May 2024 (Page 42 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-47491 | 2024-05-22 | mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-47492 | 2024-05-22 | mm, thp: bail out early in collapse_file for writeback page |
| CVE-2021-47493 | 2024-05-22 | ocfs2: fix race between searching chunks and release journal_head from buffer_head |
| CVE-2021-47494 | 2024-05-22 | cfg80211: fix management registrations locking |
| CVE-2021-47495 | 2024-05-22 | usbnet: sanity check for maxpacket |
| CVE-2021-47496 | 2024-05-22 | net/tls: Fix flipped sign in tls_err_abort() calls |
| CVE-2021-47497 | 2024-05-22 | nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells |
| CVE-2021-47498 | 2024-05-22 | dm rq: don't queue request to blk-mq during DM suspend |
| CVE-2024-4896 | 2024-05-22 | WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter |
| CVE-2024-3495 | 2024-05-22 | Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection |
| CVE-2024-2036 | 2024-05-22 | ApplyOnline – Application Form Builder and Manager <= 2.6 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-5031 | 2024-05-22 | MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode |
| CVE-2024-4362 | 2024-05-22 | SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode |
| CVE-2024-5025 | 2024-05-22 | MemberPress <= 1.11.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Parameter |
| CVE-2024-4262 | 2024-05-22 | Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes |
| CVE-2024-5193 | 2024-05-22 | Ritlabs TinyWeb Server Request crlf injection |
| CVE-2024-5194 | 2024-05-22 | Arris VAP2500 assoc_table.php command injection |
| CVE-2024-5195 | 2024-05-22 | Arris VAP2500 diag_s.php command injection |
| CVE-2024-36010 | 2024-05-22 | igb: Fix string truncation warnings in igb_set_fw_version |
| CVE-2024-5196 | 2024-05-22 | Arris VAP2500 tools_command.php command injection |
| CVE-2024-4261 | 2024-05-22 | Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-35550 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35551 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35552 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35553 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35554 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35556 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35555 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35557 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35558 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35559 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35560 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35561 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35475 | 2024-05-22 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM... |
| CVE-2024-35409 | 2024-05-22 | WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php. |
| CVE-2024-3926 | 2024-05-22 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes |
| CVE-2024-33218 | 2024-05-22 | An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc... |
| CVE-2024-33219 | 2024-05-22 | An issue in the component AsIO64.sys of ASUSTeK Computer Inc... |
| CVE-2024-33220 | 2024-05-22 | An issue in the component AslO3_64.sys of ASUSTeK Computer Inc... |
| CVE-2024-33221 | 2024-05-22 | An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc... |
| CVE-2024-33222 | 2024-05-22 | An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc... |
| CVE-2024-33223 | 2024-05-22 | An issue in the component IOMap64.sys of ASUSTeK Computer Inc... |
| CVE-2024-5157 | 2024-05-22 | Use after free in Scheduling in Google Chrome prior to... |
| CVE-2024-5158 | 2024-05-22 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.76... |
| CVE-2024-5159 | 2024-05-22 | Heap buffer overflow in ANGLE in Google Chrome prior to... |
| CVE-2024-5160 | 2024-05-22 | Heap buffer overflow in Dawn in Google Chrome prior to... |
| CVE-2024-33224 | 2024-05-22 | An issue in the component rtkio64.sys of Realtek Semiconductor Corp... |
| CVE-2024-33225 | 2024-05-22 | An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp... |
| CVE-2024-33226 | 2024-05-22 | An issue in the component Access64.sys of Wistron Corporation TBT... |
| CVE-2024-33227 | 2024-05-22 | An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0... |
| CVE-2024-33228 | 2024-05-22 | An issue in the component segwindrvx64.sys of Insyde Software Corp... |
| CVE-2024-35362 | 2024-05-22 | Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-29392 | 2024-05-22 | Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS)... |
| CVE-2024-34448 | 2024-05-22 | Ghost before 5.82.0 allows CSV Injection during a member CSV... |
| CVE-2024-5166 | 2024-05-22 | Insecure Direct Object Reference In Looker |
| CVE-2024-36077 | 2024-05-22 | Qlik Sense Enterprise for Windows before 14.187.4 allows a remote... |
| CVE-2024-20363 | 2024-05-22 | Multiple Cisco products are affected by a vulnerability in the... |
| CVE-2024-20261 | 2024-05-22 | A vulnerability in the file policy feature that is used... |
| CVE-2024-20361 | 2024-05-22 | A vulnerability in the Object Groups for Access Control Lists... |
| CVE-2024-20355 | 2024-05-22 | A vulnerability in the implementation of SAML 2.0 single sign-on... |
| CVE-2024-20293 | 2024-05-22 | A vulnerability in the activation of an access control list... |
| CVE-2024-4563 | 2024-05-22 | The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length |
| CVE-2024-29421 | 2024-05-22 | xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer... |
| CVE-2024-31617 | 2024-05-22 | OpenLiteSpeed before 1.8.1 mishandles chunked encoding. |
| CVE-2024-20360 | 2024-05-22 | A vulnerability in the web-based management interface of Cisco Firepower... |
| CVE-2024-21791 | 2024-05-22 | SQL Injection in ADAudit Plus |
| CVE-2024-31904 | 2024-05-22 | IBM App Connect Enterprise denial of service |
| CVE-2024-25738 | 2024-05-22 | A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route... |
| CVE-2024-31893 | 2024-05-22 | IBM App Connect Enterprise information disclosure |
| CVE-2024-25737 | 2024-05-22 | A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route... |
| CVE-2024-35627 | 2024-05-22 | tileserver-gl up to v4.4.10 was discovered to contain a cross-site... |
| CVE-2024-4454 | 2024-05-22 | WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-31895 | 2024-05-22 | IBM App Connect Enterprise information disclosure |
| CVE-2023-51636 | 2024-05-22 | Avira Prime Link Following Local Privilege Escalation Vulnerability |
| CVE-2023-51637 | 2024-05-22 | Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-31894 | 2024-05-22 | IBM App Connect Enterprise information disclosure |
| CVE-2024-4453 | 2024-05-22 | GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability |
| CVE-2024-27264 | 2024-05-22 | IBM Performance Tools for i privilege escalation |
| CVE-2024-4267 | 2024-05-22 | Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-22026 | 2024-05-22 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows... |
| CVE-2023-46807 | 2024-05-22 | An SQL Injection vulnerability in web component of EPMM before... |
| CVE-2023-46806 | 2024-05-22 | An SQL Injection vulnerability in a web component of EPMM... |
| CVE-2024-29849 | 2024-05-22 | Veeam Backup Enterprise Manager allows unauthenticated users to log in... |
| CVE-2024-29850 | 2024-05-22 | Veeam Backup Enterprise Manager allows account takeover via NTLM relay. |
| CVE-2024-29852 | 2024-05-22 | Veeam Backup Enterprise Manager allows high-privileged users to read backup... |
| CVE-2024-29851 | 2024-05-22 | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM... |
| CVE-2024-29853 | 2024-05-22 | An authentication bypass vulnerability in Veeam Agent for Microsoft Windows... |
| CVE-2024-4486 | 2024-05-23 | Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget |
| CVE-2024-1855 | 2024-05-23 | WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2024-4783 | 2024-05-23 | jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode |
| CVE-2023-6844 | 2024-05-23 | iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode |
| CVE-2024-3065 | 2024-05-23 | PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-3201 | 2024-05-23 | WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-4978 | 2024-05-23 | Malicious Code in Justice AV Solutions (JAVS) Viewer |
| CVE-2024-5230 | 2024-05-23 | EnvaySoft FleetCart information disclosure |
| CVE-2024-4895 | 2024-05-23 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import |
| CVE-2024-5231 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection |
| CVE-2024-5232 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection |
| CVE-2024-4431 | 2024-05-23 | LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2023-6325 | 2024-05-23 | RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate |