CVE List - 2024 / May
Showing 2801 - 2900 of 4997 CVEs for May 2024 (Page 29 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-4961 | 2024-05-16 | D-Link DAR-7000-40 onlineuser.php unrestricted upload |
| CVE-2024-4843 | 2024-05-16 | ePO doesn't allow a regular privileged user to delete tasks... |
| CVE-2024-4844 | 2024-05-16 | Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise... |
| CVE-2024-4962 | 2024-05-16 | D-Link DAR-7000-40 resmanage.php unrestricted upload |
| CVE-2024-4963 | 2024-05-16 | D-Link DAR-7000-40 url.php unrestricted upload |
| CVE-2024-4964 | 2024-05-16 | D-Link DAR-7000-40 urlblist.php unrestricted upload |
| CVE-2024-4965 | 2024-05-16 | D-Link DAR-7000-40 resmanage.php os command injection |
| CVE-2024-4478 | 2024-05-16 | Happy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget |
| CVE-2024-4546 | 2024-05-16 | Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode |
| CVE-2024-4966 | 2024-05-16 | SourceCodester SchoolWebTech home.php unrestricted upload |
| CVE-2024-20792 | 2024-05-16 | Adobe Illustrator TIF File Parsing Use-After-Free Remote memory corruption |
| CVE-2024-20793 | 2024-05-16 | Illustrator 2024 TIF file parsing Out Of Bound Read Information disclosure vulnerability |
| CVE-2024-20791 | 2024-05-16 | Illustrator 2024 BMP File Parsing Memory Corruption |
| CVE-2024-30309 | 2024-05-16 | Adobe Substance 3D Painter TGA File Parsing Acces Violation Read Vulnerability |
| CVE-2024-30274 | 2024-05-16 | Adobe Substance 3D Painter ABC File Parsing An Out-Of-Bounds Write Vulnerability |
| CVE-2024-30308 | 2024-05-16 | Adobe Substance 3D Painter PSD File Parsing Acces Violation Read Vulnerability |
| CVE-2024-30307 | 2024-05-16 | Adobe Substance 3D Painter BMP File Parsing Out Of Bounds Write Vulnerability |
| CVE-2024-4967 | 2024-05-16 | SourceCodester Interactive Map with Marker delete-mark.php sql injection |
| CVE-2024-4968 | 2024-05-16 | SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting |
| CVE-2024-3887 | 2024-05-16 | Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget |
| CVE-2024-4223 | 2024-05-16 | Tutor LMS <= 2.7.0 - Missing Authorization |
| CVE-2024-4391 | 2024-05-16 | Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget |
| CVE-2024-30275 | 2024-05-16 | Adobe Aero Beta has an arbitrary code execution vulnerability when parsing svg files |
| CVE-2024-30281 | 2024-05-16 | Substance3D - Designer | Out-of-bounds Read (CWE-125) |
| CVE-2024-30282 | 2024-05-16 | Adobe Animate 2024 Out of Bound Write Remote Code Execution Vulnerability |
| CVE-2024-30293 | 2024-05-16 | Adobe Animate 2024 AI File parsing Stack base buffer overflow Remote Code execution Vulnerability |
| CVE-2024-30297 | 2024-05-16 | When Adobe Animate parses FLA files, there is a heap out-of-bounds write vulnerability at Animate.exe+0x125D391 |
| CVE-2024-30298 | 2024-05-16 | Adobe Animate SWF File Parsing Memory corruption |
| CVE-2024-30294 | 2024-05-16 | Adobe Animate OGG File Parsing Heap Memory Corruption remote code execution Vulnerability |
| CVE-2024-30296 | 2024-05-16 | When Animate parses FLA files, there is an out-of-bounds write vulnerability at animate+0x123df28 |
| CVE-2024-30295 | 2024-05-16 | When Animate parses FLA files, there is a UAF vulnerability caused by referencing uninitialized memory at Animate.exe+0x1149dcf |
| CVE-2024-4972 | 2024-05-16 | code-projects Simple Chat System login.php sql injection |
| CVE-2024-3851 | 2024-05-16 | Unrestricted File Upload Leading to XSS in imartinez/privategpt |
| CVE-2024-2358 | 2024-05-16 | Path Traversal leading to Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-4322 | 2024-05-16 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-4321 | 2024-05-16 | Local File Inclusion (LFI) in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-3848 | 2024-05-16 | Path Traversal Bypass in mlflow/mlflow |
| CVE-2024-4326 | 2024-05-16 | Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui |
| CVE-2024-4181 | 2024-05-16 | Command Injection in run-llama/llama_index |
| CVE-2024-3403 | 2024-05-16 | Local File Inclusion in imartinez/privategpt |
| CVE-2024-3126 | 2024-05-16 | Command Injection in parisneo/lollms-webui |
| CVE-2024-4263 | 2024-05-16 | Improper Access Control in mlflow/mlflow |
| CVE-2024-3435 | 2024-05-16 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-4078 | 2024-05-16 | Arbitrary Code Execution in parisneo/lollms |
| CVE-2024-2366 | 2024-05-16 | Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-2361 | 2024-05-16 | Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui |
| CVE-2024-4973 | 2024-05-16 | code-projects Simple Chat System register.php sql injection |
| CVE-2024-4974 | 2024-05-16 | code-projects Simple Chat System register.php cross site scripting |
| CVE-2024-4351 | 2024-05-16 | Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation |
| CVE-2024-4222 | 2024-05-16 | Tutor LMS Pro <= 2.7.0 - Missing Authorization |
| CVE-2024-4352 | 2024-05-16 | Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection |
| CVE-2024-4975 | 2024-05-16 | code-projects Simple Chat System Message cross site scripting |
| CVE-2024-35299 | 2024-05-16 | In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked... |
| CVE-2024-35300 | 2024-05-16 | In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS... |
| CVE-2024-35301 | 2024-05-16 | In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check... |
| CVE-2024-35302 | 2024-05-16 | In JetBrains TeamCity before 2023.11 stored XSS during restore from... |
| CVE-2024-4838 | 2024-05-16 | ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-4617 | 2024-05-16 | Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4385 | 2024-05-16 | Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting |
| CVE-2024-4288 | 2024-05-16 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4400 | 2024-05-16 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting |
| CVE-2024-4634 | 2024-05-16 | Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-30287 | 2024-05-16 | Adobe FrameMaker PDF File Pparsing Out of Bound Read |
| CVE-2024-30289 | 2024-05-16 | Adobe FrameMaker XLS File Parsing Buffer Overflow |
| CVE-2024-30288 | 2024-05-16 | Adobe FrameMaker 3DS File Parsing Heap Memory Corruption |
| CVE-2024-30286 | 2024-05-16 | Adobe FrameMaker DOC File Parsing Memory Corruption |
| CVE-2024-30290 | 2024-05-16 | Adobe FrameMaker WEBP File Parsing Out Of Bound Write |
| CVE-2024-30283 | 2024-05-16 | Adobe FrameMaker ICO File Parsing Heap Memory Corruption |
| CVE-2024-30292 | 2024-05-16 | Adobe FrameMaker GIF File parsing Out Of Bound Write |
| CVE-2024-30291 | 2024-05-16 | Adobe FrameMaker TIF File parsing Out Of Bound Write |
| CVE-2024-4580 | 2024-05-16 | Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-30314 | 2024-05-16 | Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) |
| CVE-2024-4991 | 2024-05-16 | SQL injection vulnerability in SiAdmin |
| CVE-2024-4992 | 2024-05-16 | SQL injection vulnerability in SiAdmin |
| CVE-2024-4993 | 2024-05-16 | SQL injection vulnerability in SiAdmin |
| CVE-2024-4826 | 2024-05-16 | SQL injection vulnerability in Simple PHP Shopping Cart |
| CVE-2024-4999 | 2024-05-16 | Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection |
| CVE-2024-4760 | 2024-05-16 | Voltage glitch during startup of the EEFC NVM controller can bypass the security bit |
| CVE-2023-46842 | 2024-05-16 | x86 HVM hypercalls may trigger Xen bug check |
| CVE-2024-31142 | 2024-05-16 | x86: Incorrect logic for BTC/SRSO mitigations |
| CVE-2024-20326 | 2024-05-16 | A vulnerability in the ConfD CLI and the Cisco Crosswork... |
| CVE-2024-20389 | 2024-05-16 | A vulnerability in the ConfD CLI and the Cisco Crosswork... |
| CVE-2024-34905 | 2024-05-16 | FlyFish v3.0.0 was discovered to contain a buffer overflow via... |
| CVE-2024-34582 | 2024-05-16 | Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi... |
| CVE-2024-35039 | 2024-05-16 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-34958 | 2024-05-16 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-34957 | 2024-05-16 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-35176 | 2024-05-16 | REXML contains a denial of service vulnerability |
| CVE-2024-4609 | 2024-05-16 | Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability |
| CVE-2024-35185 | 2024-05-16 | Denial of service of Minder Server with attacker-controlled REST endpoint |
| CVE-2024-34273 | 2024-05-16 | njwt up to v0.4.0 was discovered to contain a prototype... |
| CVE-2024-35187 | 2024-05-16 | Stalwart Mail Server has privilege escalation by design |
| CVE-2024-4603 | 2024-05-16 | Excessive time spent checking DSA keys and parameters |
| CVE-2024-3640 | 2024-05-16 | Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables |
| CVE-2024-4956 | 2024-05-16 | Nexus Repository 3 - Path Traversal |
| CVE-2024-34808 | 2024-05-16 | WordPress JCH Optimize plugin <= 4.2.0 - Path Traversal vulnerability |
| CVE-2024-34751 | 2024-05-16 | WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability |
| CVE-2024-34805 | 2024-05-16 | WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34760 | 2024-05-16 | WordPress Magazine Blocks plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-48643 | 2024-05-16 | Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated... |