CVE List - 2024 / May
Showing 4701 - 4800 of 4997 CVEs for May 2024 (Page 48 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-25976 | 2024-05-29 | Reflected Cross-Site-Scripting (XSS) |
| CVE-2024-25977 | 2024-05-29 | Session Fixation |
| CVE-2024-5039 | 2024-05-29 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2023-42005 | 2024-05-29 | IBM Db2 on Cloud Pak for Data privilege escalation |
| CVE-2024-5185 | 2024-05-29 | Data Poisoning in EmbedAI |
| CVE-2024-25975 | 2024-05-29 | Arbitrary File Overwrite |
| CVE-2024-36362 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path... |
| CVE-2024-36363 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored... |
| CVE-2024-36364 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access... |
| CVE-2024-36365 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a... |
| CVE-2024-36366 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS... |
| CVE-2024-36367 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS... |
| CVE-2024-36368 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS... |
| CVE-2024-36369 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS... |
| CVE-2024-36370 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS... |
| CVE-2024-36371 | 2024-05-29 | In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit... |
| CVE-2024-36372 | 2024-05-29 | In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions... |
| CVE-2024-36373 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted... |
| CVE-2024-36374 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step... |
| CVE-2024-36375 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server... |
| CVE-2024-36376 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 users could perform actions that... |
| CVE-2024-36377 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did... |
| CVE-2024-36378 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS... |
| CVE-2024-36470 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass... |
| CVE-2024-4358 | 2024-05-29 | Registration Authentication Bypass Vulnerability |
| CVE-2024-35333 | 2024-05-29 | A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml... |
| CVE-2024-28974 | 2024-05-29 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption... |
| CVE-2023-46297 | 2024-05-29 | An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0... |
| CVE-2024-35283 | 2024-05-29 | A vulnerability in the Ignite component of Mitel MiContact Center... |
| CVE-2024-35284 | 2024-05-29 | A vulnerability in the legacy chat component of Mitel MiContact... |
| CVE-2024-35311 | 2024-05-29 | Yubico YubiKey 5 Series before 5.7.0, Security Key Series before... |
| CVE-2024-31079 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-32760 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-35200 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-34161 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-34715 | 2024-05-29 | Partial Password Exposure Vulnerability in Fides Webserver Logs |
| CVE-2024-35512 | 2024-05-29 | An issue in hmq v1.5.5 allows attackers to cause a... |
| CVE-2024-36016 | 2024-05-29 | tty: n_gsm: fix possible out-of-bounds in gsm0_receive() |
| CVE-2024-35434 | 2024-05-29 | Irontec Sngrep v1.8.1 was discovered to contain a heap buffer... |
| CVE-2024-35492 | 2024-05-29 | Cesanta Mongoose commit b316989 was discovered to contain a NULL... |
| CVE-2024-35221 | 2024-05-29 | Denial of service when publishing a package on rubygems.org |
| CVE-2024-36114 | 2024-05-29 | Decompressors can crash the JVM and leak memory content in Aircompressor |
| CVE-2024-5514 | 2024-05-30 | MinMax CMS - Hidden Functionality |
| CVE-2024-3726 | 2024-05-30 | Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode |
| CVE-2024-5223 | 2024-05-30 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-3190 | 2024-05-30 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field |
| CVE-2024-3063 | 2024-05-30 | WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3269 | 2024-05-30 | Download Monitor <= 4.9.13 - Missing Authorization |
| CVE-2024-2253 | 2024-05-30 | Testimonial Carousel For Elementor <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4218 | 2024-05-30 | AffiEasy <= 1.1.7 - Cross-Site Request Forgery to Various Actions |
| CVE-2024-3943 | 2024-05-30 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment |
| CVE-2024-3945 | 2024-05-30 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage() |
| CVE-2024-4356 | 2024-05-30 | List categories <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3947 | 2024-05-30 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings |
| CVE-2024-3946 | 2024-05-30 | WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings |
| CVE-2024-3277 | 2024-05-30 | Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification |
| CVE-2024-5207 | 2024-05-30 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection |
| CVE-2024-5341 | 2024-05-30 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget |
| CVE-2024-36267 | 2024-05-30 | Path traversal vulnerability exists in Redmine DMSF Plugin versions prior... |
| CVE-2024-5327 | 2024-05-30 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-5073 | 2024-05-30 | Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed |
| CVE-2024-4422 | 2024-05-30 | Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-2657 | 2024-05-30 | Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-4426 | 2024-05-30 | Comparison Slider <= 1.0.5 - Cross-Site Request Forgery |
| CVE-2024-2089 | 2024-05-30 | Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4427 | 2024-05-30 | Comparison Slider <= 1.0.5 - Missing Authorization |
| CVE-2024-4355 | 2024-05-30 | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.24 - Missing Authorization to Information Expsoure |
| CVE-2024-4668 | 2024-05-30 | Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets |
| CVE-2024-3583 | 2024-05-30 | Simple Like Page Plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5326 | 2024-05-30 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update |
| CVE-2024-5520 | 2024-05-30 | Cross-Site Scripting stored in Alkacon OpenCMS |
| CVE-2024-5521 | 2024-05-30 | Cross-Site Scripting stored in Alkacon OpenCMS |
| CVE-2022-43384 | 2024-05-30 | IBM Aspera Console cross-site scripting |
| CVE-2022-43575 | 2024-05-30 | IBM Aspera Console cross-site scripting |
| CVE-2022-43841 | 2024-05-30 | IBM Aspera Console information disclosure |
| CVE-2024-1100 | 2024-05-30 | SQLi in Vadi Corporate Information Systems' DIGIKENT GIS |
| CVE-2024-3584 | 2024-05-30 | Path Traversal in qdrant/qdrant |
| CVE-2024-36017 | 2024-05-30 | rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation |
| CVE-2024-5515 | 2024-05-30 | SourceCodester Stock Management System createBrand.php sql injection |
| CVE-2024-5516 | 2024-05-30 | itsourcecode Online Blood Bank Management System massage.php sql injection |
| CVE-2024-5517 | 2024-05-30 | itsourcecode Online Blood Bank Management System changepwd.php sql injection |
| CVE-2024-4330 | 2024-05-30 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-36018 | 2024-05-30 | nouveau/uvmm: fix addr/range calcs for remap operations |
| CVE-2024-36019 | 2024-05-30 | regmap: maple: Fix cache corruption in regcache_maple_drop() |
| CVE-2024-3924 | 2024-05-30 | Code Injection in huggingface/text-generation-inference |
| CVE-2024-36020 | 2024-05-30 | i40e: fix vf may be used uninitialized in this function warning |
| CVE-2024-36021 | 2024-05-30 | net: hns3: fix kernel crash when devlink reload during pf initialization |
| CVE-2024-35504 | 2024-05-30 | A cross-site scripting (XSS) vulnerability in the login page of... |
| CVE-2024-36022 | 2024-05-30 | drm/amdgpu: Init zone device and drm client after mode-1 reset on reload |
| CVE-2024-36023 | 2024-05-30 | Julia Lawall reported this null pointer dereference, this should fix it. |
| CVE-2024-36024 | 2024-05-30 | drm/amd/display: Disable idle reallow as part of command/gpint execution |
| CVE-2024-36025 | 2024-05-30 | scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() |
| CVE-2024-36026 | 2024-05-30 | drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 |
| CVE-2024-36027 | 2024-05-30 | btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer |
| CVE-2024-3301 | 2024-05-30 | Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024 |
| CVE-2024-3300 | 2024-05-30 | Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024 |
| CVE-2024-36028 | 2024-05-30 | mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() |
| CVE-2024-36029 | 2024-05-30 | mmc: sdhci-msm: pervent access to suspended controller |
| CVE-2024-36030 | 2024-05-30 | octeontx2-af: fix the double free in rvu_npc_freemem() |
| CVE-2023-52882 | 2024-05-30 | clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change |