CVE List - 2024 / May
Showing 2301 - 2400 of 4997 CVEs for May 2024 (Page 24 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-34698 | 2024-05-13 | Prototype Pollution in getQueryParam Function (URL Query Parser) |
| CVE-2024-34701 | 2024-05-13 | CreateWiki vulnerable to impersonation of wiki requester |
| CVE-2024-34706 | 2024-05-13 | @valtimo/components exposes access token to form.io |
| CVE-2023-50717 | 2024-05-13 | NocoDB Allows Preview of File with Dangerous Content |
| CVE-2023-50718 | 2024-05-13 | NocoDB SQL Injection vulnerability |
| CVE-2024-34223 | 2024-05-13 | Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management... |
| CVE-2024-34222 | 2024-05-13 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL... |
| CVE-2024-34221 | 2024-05-13 | Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure... |
| CVE-2024-34224 | 2024-05-13 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management... |
| CVE-2024-34226 | 2024-05-13 | SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System... |
| CVE-2024-34225 | 2024-05-13 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management... |
| CVE-2023-46870 | 2024-05-13 | extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth... |
| CVE-2024-34899 | 2024-05-13 | WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2024-31771 | 2024-05-13 | Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker... |
| CVE-2023-49781 | 2024-05-13 | NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue |
| CVE-2024-34699 | 2024-05-13 | GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names. |
| CVE-2024-28285 | 2024-05-13 | A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h... |
| CVE-2024-25662 | 2024-05-13 | Oxygen XML Web Author v26.0.0 and older and Oxygen Content... |
| CVE-2024-34704 | 2024-05-13 | era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization |
| CVE-2024-34230 | 2024-05-13 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System... |
| CVE-2024-34231 | 2024-05-13 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System... |
| CVE-2024-34707 | 2024-05-13 | Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages |
| CVE-2024-34921 | 2024-05-13 | TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection... |
| CVE-2024-35099 | 2024-05-13 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow... |
| CVE-2024-29513 | 2024-05-13 | An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before... |
| CVE-2024-34708 | 2024-05-13 | Directus allows redacted data extraction on the API through "alias" |
| CVE-2024-22774 | 2024-05-13 | An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows... |
| CVE-2024-34709 | 2024-05-13 | Directus Lacks Session Tokens Invalidation |
| CVE-2024-28277 | 2024-05-13 | In Sourcecodester School Task Manager v1.0, a vulnerability was identified... |
| CVE-2024-28279 | 2024-05-13 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection... |
| CVE-2024-33433 | 2024-05-13 | Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows... |
| CVE-2024-28276 | 2024-05-13 | Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site... |
| CVE-2024-31810 | 2024-05-13 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password... |
| CVE-2024-23576 | 2024-05-13 | HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability |
| CVE-2024-4840 | 2024-05-13 | Rhosp-director: cleartext passwords exposed in logs |
| CVE-2024-27798 | 2024-05-13 | An authorization issue was addressed with improved state management. This... |
| CVE-2024-27825 | 2024-05-13 | A downgrade issue affecting Intel-based Mac computers was addressed with... |
| CVE-2024-27813 | 2024-05-13 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-27852 | 2024-05-13 | A privacy issue was addressed with improved client ID handling... |
| CVE-2024-27829 | 2024-05-13 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-27804 | 2024-05-13 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-27824 | 2024-05-13 | This issue was addressed by removing the vulnerable code. This... |
| CVE-2024-23236 | 2024-05-13 | A correctness issue was addressed with improved checks. This issue... |
| CVE-2024-27842 | 2024-05-13 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-27803 | 2024-05-13 | A permissions issue was addressed with improved validation. This issue... |
| CVE-2024-27839 | 2024-05-13 | A privacy issue was addressed by moving sensitive data to... |
| CVE-2024-27835 | 2024-05-13 | This issue was addressed through improved state management. This issue... |
| CVE-2024-27834 | 2024-05-13 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-27822 | 2024-05-13 | A logic issue was addressed with improved restrictions. This issue... |
| CVE-2024-27789 | 2024-05-13 | A logic issue was addressed with improved checks. This issue... |
| CVE-2024-27818 | 2024-05-13 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-27843 | 2024-05-13 | A logic issue was addressed with improved checks. This issue... |
| CVE-2024-23229 | 2024-05-13 | This issue was addressed with improved redaction of sensitive information.... |
| CVE-2024-27837 | 2024-05-13 | A downgrade issue was addressed with additional code-signing restrictions. This... |
| CVE-2024-27821 | 2024-05-13 | A path handling issue was addressed with improved validation. This... |
| CVE-2024-27841 | 2024-05-13 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-27816 | 2024-05-13 | A logic issue was addressed with improved checks. This issue... |
| CVE-2024-27827 | 2024-05-13 | This issue was addressed through improved state management. This issue... |
| CVE-2024-27796 | 2024-05-13 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-27847 | 2024-05-13 | This issue was addressed with improved checks This issue is... |
| CVE-2024-27810 | 2024-05-13 | A path handling issue was addressed with improved validation. This... |
| CVE-2024-4853 | 2024-05-14 | Mismatched Memory Management Routines in editcap |
| CVE-2024-4854 | 2024-05-14 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark |
| CVE-2024-4855 | 2024-05-14 | Use After Free in editcap |
| CVE-2024-3037 | 2024-05-14 | Arbitrary File Deletion in PaperCut NG/MF Web Print |
| CVE-2024-4712 | 2024-05-14 | Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler |
| CVE-2023-6812 | 2024-05-14 | WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css |
| CVE-2024-4761 | 2024-05-14 | Out of bounds write in V8 in Google Chrome prior... |
| CVE-2024-0870 | 2024-05-14 | YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update |
| CVE-2024-32731 | 2024-05-14 | Missing Authorization check in SAP My Travel Requests |
| CVE-2024-32733 | 2024-05-14 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2024-33007 | 2024-05-14 | Client-side script execution vulnerability in SAP UI5(PDFViewer) |
| CVE-2024-33008 | 2024-05-14 | Memory Corruption vulnerability in SAP Replication Server |
| CVE-2024-33000 | 2024-05-14 | Missing Authorization check in SAP Bank Account Management |
| CVE-2024-33002 | 2024-05-14 | Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS) |
| CVE-2024-28165 | 2024-05-14 | Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2024-4139 | 2024-05-14 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-4138 | 2024-05-14 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-34687 | 2024-05-14 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform |
| CVE-2024-33009 | 2024-05-14 | SQL injection vulnerability in SAP Global Label Management (GLM) |
| CVE-2024-33004 | 2024-05-14 | Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) |
| CVE-2024-33006 | 2024-05-14 | File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2024-4445 | 2024-05-14 | WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization |
| CVE-2024-4144 | 2024-05-14 | Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-3241 | 2024-05-14 | Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS |
| CVE-2024-25968 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use... |
| CVE-2024-25967 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution... |
| CVE-2024-25970 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper... |
| CVE-2024-25966 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper... |
| CVE-2024-25965 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external... |
| CVE-2024-25969 | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation... |
| CVE-2024-28133 | 2024-05-14 | PHOENIX CONTACT: Privilege escalation in CHARX Series |
| CVE-2024-28134 | 2024-05-14 | PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series |
| CVE-2024-28135 | 2024-05-14 | PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series |
| CVE-2024-28136 | 2024-05-14 | PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service |
| CVE-2024-28137 | 2024-05-14 | PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series |
| CVE-2024-4392 | 2024-05-14 | Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode |
| CVE-2024-3579 | 2024-05-14 | XSS in Online Shopping System Advanced |
| CVE-2024-4859 | 2024-05-14 | Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting... |
| CVE-2024-4860 | 2024-05-14 | The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are... |