CVE List - 2024 / May
Showing 1901 - 2000 of 4994 CVEs for May 2024 (Page 20 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-34556 | 2024-05-09 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Sensitive Data Exposure via Exported File vulnerability |
| CVE-2024-34550 | 2024-05-09 | WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability |
| CVE-2024-34549 | 2024-05-09 | WordPress WP Job Manager plugin <= 2.2.2 - Sensitive Data Exposure vulnerability |
| CVE-2024-32724 | 2024-05-09 | WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability |
| CVE-2024-32719 | 2024-05-09 | WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability |
| CVE-2024-32717 | 2024-05-09 | WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2024-32712 | 2024-05-09 | WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability |
| CVE-2024-28075 | 2024-05-09 | SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution |
| CVE-2024-23473 | 2024-05-09 | SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability |
| CVE-2024-4317 | 2024-05-09 | PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks |
| CVE-2024-4676 | 2024-05-09 | Campcodes Complete Web-Based School Management System range_grade_text.php cross site scripting |
| CVE-2024-4677 | 2024-05-09 | Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting |
| CVE-2024-34218 | 2024-05-09 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. |
| CVE-2024-31803 | 2024-05-09 | Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT<T>::read_pre_data128_from_file function. |
| CVE-2024-34219 | 2024-05-09 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. |
| CVE-2024-34212 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. |
| CVE-2024-32874 | 2024-05-09 | In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service |
| CVE-2024-34211 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. |
| CVE-2024-34210 | 2024-05-09 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. |
| CVE-2024-34074 | 2024-05-09 | Frappe vuilnerable to an open redirect on login page |
| CVE-2024-32655 | 2024-05-09 | Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow |
| CVE-2024-4678 | 2024-05-09 | Campcodes Complete Web-Based School Management System find_friends.php cross site scripting |
| CVE-2024-34352 | 2024-05-09 | Arbitrary file write vulnerability in 1Panel |
| CVE-2024-34354 | 2024-05-09 | CMSaasStarter: JWT Token Not Verified on Server Session |
| CVE-2024-32735 | 2024-05-09 | CyberPower PowerPanel Enterprise Missing Authentication |
| CVE-2024-34345 | 2024-05-09 | @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability |
| CVE-2024-3727 | 2024-05-09 | Containers/image: digest type does not guarantee valid type |
| CVE-2024-32736 | 2024-05-09 | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-32737 | 2024-05-09 | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-32738 | 2024-05-09 | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-32739 | 2024-05-09 | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-33454 | 2024-05-09 | Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component. |
| CVE-2024-34350 | 2024-05-09 | Next.js Vulnerable to HTTP Request Smuggling |
| CVE-2024-34351 | 2024-05-09 | Next.js Server-Side Request Forgery in Server Actions |
| CVE-2024-29157 | 2024-05-09 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29158 | 2024-05-09 | HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29159 | 2024-05-09 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29160 | 2024-05-09 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29161 | 2024-05-09 | HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29162 | 2024-05-09 | HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution. |
| CVE-2024-34215 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. |
| CVE-2024-29163 | 2024-05-09 | HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29164 | 2024-05-09 | HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-29165 | 2024-05-09 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-34217 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. |
| CVE-2024-29166 | 2024-05-09 | HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-34207 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. |
| CVE-2024-32605 | 2024-05-09 | HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). |
| CVE-2024-32606 | 2024-05-09 | HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c). |
| CVE-2024-32607 | 2024-05-09 | HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer. |
| CVE-2024-32609 | 2024-05-09 | HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. |
| CVE-2024-34206 | 2024-05-09 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. |
| CVE-2024-32610 | 2024-05-09 | HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. |
| CVE-2024-34205 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. |
| CVE-2024-34204 | 2024-05-09 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. |
| CVE-2024-34203 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. |
| CVE-2023-52654 | 2024-05-09 | io_uring/af_unix: disable sending io_uring over sockets |
| CVE-2024-27393 | 2024-05-09 | xen-netfront: Add missing skb_mark_for_recycle |
| CVE-2024-27394 | 2024-05-09 | tcp: Fix Use-After-Free in tcp_ao_connect_init |
| CVE-2024-27395 | 2024-05-09 | net: openvswitch: Fix Use-After-Free in ovs_ct_exit |
| CVE-2024-27396 | 2024-05-09 | net: gtp: Fix Use-After-Free in gtp_dellink |
| CVE-2024-27397 | 2024-05-09 | netfilter: nf_tables: use timestamp to check for set element timeout |
| CVE-2024-34202 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. |
| CVE-2024-32611 | 2024-05-09 | HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c. |
| CVE-2024-32612 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613. |
| CVE-2024-34201 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. |
| CVE-2024-34200 | 2024-05-09 | TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. |
| CVE-2024-34213 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. |
| CVE-2024-32613 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612. |
| CVE-2024-34209 | 2024-05-09 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. |
| CVE-2024-32614 | 2024-05-09 | HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. |
| CVE-2024-32615 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer. |
| CVE-2024-32616 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. |
| CVE-2024-32617 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c). |
| CVE-2024-32618 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer. |
| CVE-2024-32619 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. |
| CVE-2024-32620 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer. |
| CVE-2024-32621 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer. |
| CVE-2024-32622 | 2024-05-09 | HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c). |
| CVE-2024-32623 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). |
| CVE-2024-32624 | 2024-05-09 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer. |
| CVE-2024-33873 | 2024-05-09 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. |
| CVE-2024-33874 | 2024-05-09 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. |
| CVE-2024-33875 | 2024-05-09 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. |
| CVE-2024-33876 | 2024-05-09 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. |
| CVE-2024-33877 | 2024-05-09 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. |
| CVE-2024-4681 | 2024-05-09 | Campcodes Legal Case Management System Setting general-setting unrestricted upload |
| CVE-2024-4682 | 2024-05-09 | Campcodes Complete Web-Based School Management System exam_timetable_update_form.php cross site scripting |
| CVE-2024-31952 | 2024-05-09 | An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker... |
| CVE-2024-31953 | 2024-05-09 | An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can... |
| CVE-2024-31954 | 2024-05-09 | An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during... |
| CVE-2024-34338 | 2024-05-09 | Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with... |
| CVE-2023-29881 | 2024-05-09 | phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. |
| CVE-2024-4545 | 2024-05-09 | EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr |
| CVE-2024-24157 | 2024-05-09 | Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. |
| CVE-2024-22910 | 2024-05-09 | Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. |
| CVE-2024-4683 | 2024-05-09 | Campcodes Complete Web-Based School Management System exam_timetable_insert_form.php cross site scripting |
| CVE-2024-34220 | 2024-05-09 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. |
| CVE-2022-32509 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0... |
| CVE-2024-4684 | 2024-05-09 | Campcodes Complete Web-Based School Management System exam_timetable_grade_wise.php cross site scripting |