CVE List - 2024 / May
Showing 4301 - 4400 of 4994 CVEs for May 2024 (Page 44 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-5247 | 2024-05-23 | NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability |
| CVE-2024-5279 | 2024-05-23 | Qiwen Netdisk File Rename cross site scripting |
| CVE-2024-4409 | 2024-05-24 | WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery |
| CVE-2024-5205 | 2024-05-24 | Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode |
| CVE-2024-4544 | 2024-05-24 | Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass |
| CVE-2024-2618 | 2024-05-24 | Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-2784 | 2024-05-24 | The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card |
| CVE-2024-3557 | 2024-05-24 | WP Go Maps (formerly WP Google Maps) <= 9.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3718 | 2024-05-24 | The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box |
| CVE-2024-1134 | 2024-05-24 | SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-0867 | 2024-05-24 | Email Log <= 2.4.8 - Unauthenticated Hook Injection |
| CVE-2024-5142 | 2024-05-24 | XSS in Hubshare's social module |
| CVE-2023-1001 | 2024-05-24 | xuliangzhan vxe-table vxe-textarea textarea.js export cross site scripting |
| CVE-2024-36361 | 2024-05-24 | Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling... |
| CVE-2023-1111 | 2024-05-24 | FastCMS New Article Tab cross site scripting |
| CVE-2024-0893 | 2024-05-24 | Schema App Structured Data <= 1.23.1 - Missing Authorization |
| CVE-2024-4485 | 2024-05-24 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5060 | 2024-05-24 | LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-1376 | 2024-05-24 | Event post <= 5.9.4 - Missing Authorization |
| CVE-2024-1332 | 2024-05-24 | Custom Fonts – Host Your Fonts Locally <= 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-4484 | 2024-05-24 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2023-7259 | 2024-05-24 | zzdevelop lenosp Adduser Page cross site scripting |
| CVE-2024-4366 | 2024-05-24 | Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-4037 | 2024-05-24 | WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-5310 | 2024-05-24 | JFinalCMS content cross site scripting |
| CVE-2024-5314 | 2024-05-24 | Multiple vulnerabilities in DOLIBARR's ERP CMS |
| CVE-2024-5315 | 2024-05-24 | Multiple vulnerabilities in DOLIBARR's ERP CMS |
| CVE-2024-5312 | 2024-05-24 | Cross-Site Scripting vulnerability in PHP Server Monitor |
| CVE-2024-4455 | 2024-05-24 | YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-47710 | 2024-05-24 | IBM Security Guardium cross-site scripting |
| CVE-2023-49572 | 2024-05-24 | XSS vulnerability in VX Search Enterprise |
| CVE-2023-49573 | 2024-05-24 | XSS vulnerability in VX Search Enterprise |
| CVE-2023-49574 | 2024-05-24 | XSS vulnerability in VX Search Enterprise |
| CVE-2023-49575 | 2024-05-24 | XSS vulnerability in VX Search Enterprise |
| CVE-2024-5318 | 2024-05-24 | Missing Authorization in GitLab |
| CVE-2024-35595 | 2024-05-24 | An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-35593 | 2024-05-24 | An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-5273 | 2024-05-24 | Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD... |
| CVE-2024-35591 | 2024-05-24 | An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-35592 | 2024-05-24 | An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
| CVE-2024-31510 | 2024-05-24 | An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. |
| CVE-2024-35339 | 2024-05-24 | Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. |
| CVE-2024-35618 | 2024-05-24 | PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer. |
| CVE-2024-35340 | 2024-05-24 | Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. |
| CVE-2024-33809 | 2024-05-24 | PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks. |
| CVE-2024-22588 | 2024-05-24 | Kwik commit 745fd4e2 does not discard unused encryption keys. |
| CVE-2021-47499 | 2024-05-24 | iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove |
| CVE-2021-47500 | 2024-05-24 | iio: mma8452: Fix trigger reference couting |
| CVE-2021-47501 | 2024-05-24 | i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc |
| CVE-2021-47502 | 2024-05-24 | ASoC: codecs: wcd934x: handle channel mappping list correctly |
| CVE-2021-47503 | 2024-05-24 | scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() |
| CVE-2021-47504 | 2024-05-24 | io_uring: ensure task_work gets run as part of cancelations |
| CVE-2021-47505 | 2024-05-24 | aio: fix use-after-free due to missing POLLFREE handling |
| CVE-2021-47506 | 2024-05-24 | nfsd: fix use-after-free due to delegation race |
| CVE-2021-47507 | 2024-05-24 | nfsd: Fix nsfd startup race (again) |
| CVE-2021-47508 | 2024-05-24 | btrfs: free exchange changeset on failures |
| CVE-2024-33470 | 2024-05-24 | An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only... |
| CVE-2021-47509 | 2024-05-24 | ALSA: pcm: oss: Limit the period size to 16MB |
| CVE-2021-47510 | 2024-05-24 | btrfs: fix re-dirty process of tree-log nodes |
| CVE-2021-47511 | 2024-05-24 | ALSA: pcm: oss: Fix negative period/buffer sizes |
| CVE-2021-47512 | 2024-05-24 | net/sched: fq_pie: prevent dismantle issue |
| CVE-2021-47513 | 2024-05-24 | net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering |
| CVE-2021-47514 | 2024-05-24 | devlink: fix netns refcount leak in devlink_nl_cmd_reload() |
| CVE-2021-47515 | 2024-05-24 | seg6: fix the iif in the IPv6 socket control block |
| CVE-2021-47516 | 2024-05-24 | nfp: Fix memory leak in nfp_cpp_area_cache_add() |
| CVE-2021-47517 | 2024-05-24 | ethtool: do not perform operations on net devices being unregistered |
| CVE-2021-47518 | 2024-05-24 | nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done |
| CVE-2021-47519 | 2024-05-24 | can: m_can: m_can_read_fifo: fix memory leak in error branch |
| CVE-2021-47520 | 2024-05-24 | can: pch_can: pch_can_rx_normal: fix use after free |
| CVE-2021-47521 | 2024-05-24 | can: sja1000: fix use after free in ems_pcmcia_add_card() |
| CVE-2021-47522 | 2024-05-24 | HID: bigbenff: prevent null pointer dereference |
| CVE-2021-47523 | 2024-05-24 | IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr |
| CVE-2021-47524 | 2024-05-24 | serial: liteuart: fix minor-number leak on probe errors |
| CVE-2021-47525 | 2024-05-24 | serial: liteuart: fix use-after-free and memleak on unbind |
| CVE-2021-47526 | 2024-05-24 | serial: liteuart: Fix NULL pointer dereference in ->remove() |
| CVE-2021-47527 | 2024-05-24 | serial: core: fix transmit-buffer reset and memleak |
| CVE-2021-47528 | 2024-05-24 | usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() |
| CVE-2021-47529 | 2024-05-24 | iwlwifi: Fix memory leaks in error handling path |
| CVE-2021-47530 | 2024-05-24 | drm/msm: Fix wait_fence submitqueue leak |
| CVE-2021-47531 | 2024-05-24 | drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP |
| CVE-2021-47532 | 2024-05-24 | drm/msm/devfreq: Fix OPP refcnt leak |
| CVE-2021-47533 | 2024-05-24 | drm/vc4: kms: Clear the HVS FIFO commit pointer once done |
| CVE-2021-47534 | 2024-05-24 | drm/vc4: kms: Add missing drm_crtc_commit_put |
| CVE-2021-47535 | 2024-05-24 | drm/msm/a6xx: Allocate enough space for GMU registers |
| CVE-2021-47536 | 2024-05-24 | net/smc: fix wrong list_del in smc_lgr_cleanup_early |
| CVE-2021-47537 | 2024-05-24 | octeontx2-af: Fix a memleak bug in rvu_mbox_init() |
| CVE-2021-47538 | 2024-05-24 | rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() |
| CVE-2021-47539 | 2024-05-24 | rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() |
| CVE-2021-47540 | 2024-05-24 | mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode |
| CVE-2021-47541 | 2024-05-24 | net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() |
| CVE-2021-47542 | 2024-05-24 | net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() |
| CVE-2021-47544 | 2024-05-24 | tcp: fix page frag corruption on page fault |
| CVE-2021-47546 | 2024-05-24 | ipv6: fix memory leak in fib6_rule_suppress |
| CVE-2021-47547 | 2024-05-24 | net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound |
| CVE-2021-47548 | 2024-05-24 | ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() |
| CVE-2021-47549 | 2024-05-24 | sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl |
| CVE-2021-47550 | 2024-05-24 | drm/amd/amdgpu: fix potential memleak |
| CVE-2021-47551 | 2024-05-24 | drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again |
| CVE-2021-47552 | 2024-05-24 | blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() |
| CVE-2021-47553 | 2024-05-24 | sched/scs: Reset task stack state in bringup_cpu() |