CVE List - 2024 / May
Showing 2601 - 2700 of 4994 CVEs for May 2024 (Page 27 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-4778 | 2024-05-14 | Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2024-33485 | 2024-05-14 | SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component |
| CVE-2024-32002 | 2024-05-14 | Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution |
| CVE-2024-32004 | 2024-05-14 | Git vulnerable to Remote Code Execution while cloning special-crafted local repositories |
| CVE-2024-2637 | 2024-05-14 | Insecure Loading of Code in B&R Products |
| CVE-2024-32020 | 2024-05-14 | Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will |
| CVE-2024-0862 | 2024-05-14 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private... |
| CVE-2024-3676 | 2024-05-14 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption... |
| CVE-2024-32021 | 2024-05-14 | Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory |
| CVE-2024-32465 | 2024-05-14 | Git's protections for cloning untrusted repositories can be bypassed |
| CVE-2021-22280 | 2024-05-14 | DLL Hijacking Vulnerability in Automation Studio |
| CVE-2024-31556 | 2024-05-14 | An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. |
| CVE-2024-3044 | 2024-05-14 | Graphic on-click binding allows unchecked script execution |
| CVE-2022-28132 | 2024-05-14 | The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the... |
| CVE-2020-26312 | 2024-05-14 | GHSL-2020-254: Arbitrary file read and/or write in dotmesh |
| CVE-2024-4561 | 2024-05-14 | WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController |
| CVE-2024-4562 | 2024-05-14 | WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings |
| CVE-2023-33327 | 2024-05-14 | WordPress Leyka plugin <= 3.30.2 - Privilege Escalation vulnerability |
| CVE-2024-31466 | 2024-05-14 | Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol |
| CVE-2024-35175 | 2024-05-14 | sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address |
| CVE-2024-31467 | 2024-05-14 | Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol |
| CVE-2024-31468 | 2024-05-14 | There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access... |
| CVE-2024-31469 | 2024-05-14 | There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access... |
| CVE-2024-31470 | 2024-05-14 | There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to... |
| CVE-2024-31471 | 2024-05-14 | There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's... |
| CVE-2024-31472 | 2024-05-14 | There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's... |
| CVE-2024-31473 | 2024-05-14 | There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access... |
| CVE-2024-31474 | 2024-05-14 | There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete... |
| CVE-2024-31475 | 2024-05-14 | There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to... |
| CVE-2024-31476 | 2024-05-14 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2024-4666 | 2024-05-14 | Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-31477 | 2024-05-14 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2024-31478 | 2024-05-14 | Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation... |
| CVE-2024-31479 | 2024-05-14 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal... |
| CVE-2024-31480 | 2024-05-14 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation... |
| CVE-2024-31481 | 2024-05-14 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation... |
| CVE-2024-31482 | 2024-05-14 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal... |
| CVE-2024-31483 | 2024-05-14 | An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in... |
| CVE-2024-4363 | 2024-05-14 | Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter |
| CVE-2024-4370 | 2024-05-14 | WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget |
| CVE-2024-0437 | 2024-05-14 | Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-28087 | 2024-05-15 | In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they... |
| CVE-2024-3744 | 2024-05-15 | Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs |
| CVE-2024-4734 | 2024-05-15 | Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-4618 | 2024-05-15 | Exclusive Addons for Elementor <= 2.6.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget |
| CVE-2024-4847 | 2024-05-15 | Alt Text AI – Automatically generate image alt text for SEO and accessibility <= 1.4.9 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-4199 | 2024-05-15 | Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization |
| CVE-2024-4656 | 2024-05-15 | Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-4373 | 2024-05-15 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer' |
| CVE-2024-35108 | 2024-05-15 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. |
| CVE-2024-35109 | 2024-05-15 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close. |
| CVE-2024-32888 | 2024-05-15 | Amazon JDBC Driver for Redshift SQL Injection via line comment generation |
| CVE-2024-4893 | 2024-05-15 | DigiWin EasyFlow .NET - SQL Injection |
| CVE-2024-3189 | 2024-05-15 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4208 | 2024-05-15 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect |
| CVE-2024-4894 | 2024-05-15 | ITPison OMICARD EDM - Server-Side Request Forgery |
| CVE-2024-3405 | 2024-05-15 | WP Prayer <= 2.0.9 - Settings Update via CSRF |
| CVE-2024-3406 | 2024-05-15 | WP Prayer <= 2.0.9 - Email Settings Update via CSRF |
| CVE-2024-3407 | 2024-05-15 | WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF |
| CVE-2024-3548 | 2024-05-15 | Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS |
| CVE-2024-3629 | 2024-05-15 | HL Twitter <= 2014.1.18 - Settings Update via CSRF |
| CVE-2024-3630 | 2024-05-15 | HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget |
| CVE-2024-3631 | 2024-05-15 | HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF |
| CVE-2024-3634 | 2024-05-15 | month name translation benaceur < 2.3.8 - Admin+ Stored XSS |
| CVE-2024-3748 | 2024-05-15 | SP Project & Document Manager <= 4.71 - Data Update via IDOR |
| CVE-2024-3749 | 2024-05-15 | SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR |
| CVE-2024-3822 | 2024-05-15 | Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS |
| CVE-2024-3823 | 2024-05-15 | Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF |
| CVE-2024-3824 | 2024-05-15 | Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF |
| CVE-2024-4636 | 2024-05-15 | Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-4010 | 2024-05-15 | Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request |
| CVE-2024-30310 | 2024-05-15 | ZDI-CAN-23327: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-34094 | 2024-05-15 | ZDI-CAN-23474: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-34097 | 2024-05-15 | ZDI-CAN-23473: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-34096 | 2024-05-15 | ZDI-CAN-23472: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-34099 | 2024-05-15 | ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 2 of 2 |
| CVE-2024-34095 | 2024-05-15 | ZDI-CAN-23475: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30311 | 2024-05-15 | TALOS-2024-1946 - Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability |
| CVE-2024-30312 | 2024-05-15 | TALOS-2024-1952 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability |
| CVE-2024-34098 | 2024-05-15 | ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 1 of 2 |
| CVE-2024-30284 | 2024-05-15 | ZDI-CAN-23466: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-34101 | 2024-05-15 | ZDI-CAN-23614: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-34100 | 2024-05-15 | Use-After-Free vulnerability in the latest Adobe Acrobat Reader DC when open malicious PDF file |
| CVE-2024-4702 | 2024-05-15 | Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget |
| CVE-2023-6321 | 2024-05-15 | Owlet Camera OS command injection |
| CVE-2023-6322 | 2024-05-15 | Stack-based buffer overflow in message parser functionality |
| CVE-2023-6323 | 2024-05-15 | ThroughTek Kalay SDK insufficient verification of message authenticity |
| CVE-2023-6324 | 2024-05-15 | ThroughTek Kalay SDK error in handling the PSK identity |
| CVE-2024-4670 | 2024-05-15 | All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode |
| CVE-2024-2248 | 2024-05-15 | JFrog Artifactory Header Injection |
| CVE-2024-25078 | 2024-05-15 | A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07,... |
| CVE-2024-34954 | 2024-05-15 | Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. |
| CVE-2024-34955 | 2024-05-15 | Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. |
| CVE-2024-27353 | 2024-05-15 | A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6... |
| CVE-2024-25079 | 2024-05-15 | A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09... |
| CVE-2024-4903 | 2024-05-15 | Tongda OA delete.php sql injection |
| CVE-2024-3319 | 2024-05-15 | Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints |
| CVE-2024-3318 | 2024-05-15 | SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability |
| CVE-2024-31216 | 2024-05-15 | source-controller leaks theAzure Storage SAS token into logs on connection errors |
| CVE-2024-3317 | 2024-05-15 | SailPoint Identity Security Cloud Improper Access Control |