CVE List - 2024 / May

Showing 4201 - 4300 of 4997 CVEs for May 2024 (Page 43 of 50)

Back to List Previous Next

CVE ID	Date	Title
CVE-2024-4662	2024-05-23	Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution
CVE-2024-5233	2024-05-23	Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection
CVE-2024-5234	2024-05-23	Campcodes Complete Web-Based School Management System teacher_salary_history1.php sql injection
CVE-2024-5235	2024-05-23	Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection
CVE-2024-5236	2024-05-23	Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection
CVE-2024-5237	2024-05-23	Campcodes Complete Web-Based School Management System timetable_grade_wise.php sql injection
CVE-2024-5238	2024-05-23	Campcodes Complete Web-Based School Management System timetable_insert_form.php sql injection
CVE-2024-3626	2024-05-23	Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization
CVE-2024-4347	2024-05-23	WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion
CVE-2024-3711	2024-05-23	Brizy – Page Builder <= 2.4.43 - Missing Authorization
CVE-2024-5177	2024-05-23	Hash Elements <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter in Multiple Widgets
CVE-2024-2220	2024-05-23	Button contact VR <= 4.7 - Admin+ Stored XSS
CVE-2024-3594	2024-05-23	IDonate <= 1.9.0 - Admin+ Stored XSS
CVE-2024-3917	2024-05-23	Pet Manager <= 1.4 - Reflected XSS
CVE-2024-3918	2024-05-23	Pet Manager <= 1.4 - Contributor+ Stored XSS
CVE-2024-3920	2024-05-23	Flattr <= 1.2.2 - Admin+ Stored XSS
CVE-2024-4388	2024-05-23	CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
CVE-2024-4399	2024-05-23	CAS <= 1.0.0 - Unauthenticated SSRF
CVE-2024-5239	2024-05-23	Campcodes Complete Web-Based School Management System timetable_update_form.php sql injection
CVE-2024-4835	2024-05-23	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2024-5240	2024-05-23	Campcodes Complete Web-Based School Management System unread_msg.php sql injection
CVE-2024-3648	2024-05-23	ShareThis Share Buttons <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode
CVE-2024-4043	2024-05-23	WP Ultimate Post Grid <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode
CVE-2024-2038	2024-05-23	Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials
CVE-2024-5241	2024-05-23	Huashi Private Cloud CDN Live Streaming Acceleration Server ipconfig_new.php os command injection
CVE-2024-2874	2024-05-23	Allocation of Resources Without Limits or Throttling in GitLab
CVE-2024-36011	2024-05-23	Bluetooth: HCI: Fix potential null-ptr-deref
CVE-2024-36012	2024-05-23	Bluetooth: msft: fix slab-use-after-free in msft_do_close()
CVE-2024-36013	2024-05-23	Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
CVE-2024-4706	2024-05-23	WordPress + Microsoft Office 365 / Azure AD \| LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode
CVE-2024-32969	2024-05-23	vantage6 collaboration admins can extend their influence by expanding the collaboration
CVE-2024-30280	2024-05-23	ZDI-CAN-22867: Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-30279	2024-05-23	ZDI-CAN-22887: Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5264	2024-05-23	Network Key Transfer with AES KHT vulnerability in Luna EFT
CVE-2024-35223	2024-05-23	Dapr API Token Exposure
CVE-2024-35186	2024-05-23	gix traversal outside working tree enables arbitrary code execution
CVE-2024-2861	2024-05-23	ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget
CVE-2024-4779	2024-05-23	Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]
CVE-2024-5165	2024-05-23	Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input
CVE-2024-5258	2024-05-23	Authorization Bypass Through User-Controlled Key in GitLab
CVE-2024-1947	2024-05-23	Improper Handling of Highly Compressed Data (Data Amplification) in GitLab
CVE-2023-7045	2024-05-23	Cross-Site Request Forgery (CSRF) in GitLab
CVE-2023-6502	2024-05-23	Inefficient Regular Expression Complexity in GitLab
CVE-2024-1815	2024-05-23	Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block
CVE-2024-4575	2024-05-23	LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode
CVE-2024-3997	2024-05-23	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget
CVE-2024-1814	2024-05-23	Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block
CVE-2024-4378	2024-05-23	Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider
CVE-2024-26139	2024-05-23	OpenCTI Authenticated Privilege Escalation
CVE-2024-28188	2024-05-23	jupyter-scheduler's endpoint is missing authentication
CVE-2024-34060	2024-05-23	Arbitrary File Write in IRIS EVTX Pipeline
CVE-2024-35197	2024-05-23	gix refs and paths with reserved Windows device names access the devices
CVE-2024-1803	2024-05-23	EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual
CVE-2024-4471	2024-05-23	140+ Widgets \| Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-35224	2024-05-23	Stored Cross-Site Scripting (XSS) in OpenProject
CVE-2024-5168	2024-05-23	Improper access control vulnerability in Prodys Quantum Audio codec
CVE-2024-35222	2024-05-23	iFrames Bypass Origin Checks for Tauri API Access Control
CVE-2024-5085	2024-05-23	Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection
CVE-2024-5084	2024-05-23	Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
CVE-2024-34927	2024-05-23	A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based...
CVE-2024-34928	2024-05-23	A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based...
CVE-2024-34929	2024-05-23	A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based...
CVE-2024-34930	2024-05-23	A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based...
CVE-2024-4365	2024-05-23	Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-34931	2024-05-23	A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based...
CVE-2024-34932	2024-05-23	A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based...
CVE-2024-34933	2024-05-23	A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based...
CVE-2024-34934	2024-05-23	A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based...
CVE-2024-34935	2024-05-23	A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based...
CVE-2024-34936	2024-05-23	A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based...
CVE-2024-35083	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-35090	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-2301	2024-05-23	Certain HP LaserJet Pro devices are potentially vulnerable to a...
CVE-2024-35085	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-35084	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-5143	2024-05-23	A user with device administrative privileges can change existing SMTP...
CVE-2024-35082	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-35086	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-35081	2024-05-23	LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion...
CVE-2024-35091	2024-05-23	J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability...
CVE-2024-35570	2024-05-23	An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of...
CVE-2024-35080	2024-05-23	An arbitrary file upload vulnerability in the gok4 method of...
CVE-2024-35079	2024-05-23	An arbitrary file upload vulnerability in the uploadAudio method of...
CVE-2024-35375	2024-05-23	There is an arbitrary file upload vulnerability on the media...
CVE-2024-31843	2024-05-23	An issue was discovered in Italtel Embrace 1.6.4. The Web...
CVE-2024-5202	2024-05-23	Dimensions RM - Arbitrary File Read
CVE-2024-5201	2024-05-23	Dimensions RM - Privilege Escalation
CVE-2024-5291	2024-05-23	D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
CVE-2024-5292	2024-05-23	D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2024-5293	2024-05-23	D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5294	2024-05-23	D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability
CVE-2024-5295	2024-05-23	D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
CVE-2024-5296	2024-05-23	D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
CVE-2024-5297	2024-05-23	D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability
CVE-2024-5298	2024-05-23	D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2024-5299	2024-05-23	D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2024-5227	2024-05-23	TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
CVE-2024-5228	2024-05-23	TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5242	2024-05-23	TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5243	2024-05-23	TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability