CVE List - 2024 / May
Showing 3101 - 3200 of 4997 CVEs for May 2024 (Page 32 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-51481 | 2024-05-17 | WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability |
| CVE-2023-51483 | 2024-05-17 | WordPress WP Frontend Profile plugin <= 1.3.1 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2023-51546 | 2024-05-17 | WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability |
| CVE-2024-4214 | 2024-05-17 | WordPress cardealer plugin <= 4.15 - Content Injection vulnerability |
| CVE-2024-21746 | 2024-05-17 | WordPress Wp Ultimate Review plugin <= 2.3.2 - IP limit Bypass vulnerability |
| CVE-2024-22139 | 2024-05-17 | WordPress WordPress Manutenção plugin <= 1.0.6 - Bypass vulnerability |
| CVE-2024-22145 | 2024-05-17 | WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-22157 | 2024-05-17 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-23522 | 2024-05-17 | WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability |
| CVE-2024-24715 | 2024-05-17 | WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability |
| CVE-2024-24869 | 2024-05-17 | WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability |
| CVE-2024-24882 | 2024-05-17 | WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability |
| CVE-2024-24934 | 2024-05-17 | WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability |
| CVE-2024-27954 | 2024-05-17 | WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability |
| CVE-2024-27955 | 2024-05-17 | WordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-27971 | 2024-05-17 | WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.10 - Local File Inclusion vulnerability |
| CVE-2024-30509 | 2024-05-17 | WordPress SellKit plugin <= 1.8.1 - Arbitrary File Download vulnerability |
| CVE-2024-30542 | 2024-05-17 | WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-31231 | 2024-05-17 | WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-31232 | 2024-05-17 | WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability |
| CVE-2024-31237 | 2024-05-17 | WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability |
| CVE-2024-31281 | 2024-05-17 | WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability |
| CVE-2024-31290 | 2024-05-17 | WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-31300 | 2024-05-17 | WordPress Easy Social Share Buttons plugin <= 9.4 - Local File Inclusion vulnerability |
| CVE-2024-32507 | 2024-05-17 | WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability |
| CVE-2024-32511 | 2024-05-17 | WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-32512 | 2024-05-17 | WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability |
| CVE-2024-32521 | 2024-05-17 | WordPress Zero Spam for WordPress plugin <= 5.5.6 - Bypass Spam Protection vulnerability |
| CVE-2024-32523 | 2024-05-17 | WordPress Mailster plugin <= 4.0.6 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-32680 | 2024-05-17 | WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-32685 | 2024-05-17 | WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability |
| CVE-2024-32692 | 2024-05-17 | WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability |
| CVE-2024-32708 | 2024-05-17 | WordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerability |
| CVE-2024-32720 | 2024-05-17 | WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability |
| CVE-2024-32774 | 2024-05-17 | WordPress ProfileGrid plugin <= 5.8.2 - Group Members Limit Bypass vulnerability |
| CVE-2024-32786 | 2024-05-17 | WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability |
| CVE-2024-32802 | 2024-05-17 | WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability |
| CVE-2024-32809 | 2024-05-17 | WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability |
| CVE-2024-32827 | 2024-05-17 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability |
| CVE-2024-5052 | 2024-05-17 | Resource consumption vulnerability in Cerberus FTP Enterprise |
| CVE-2024-32830 | 2024-05-17 | WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability |
| CVE-2024-32959 | 2024-05-17 | WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-32960 | 2024-05-17 | WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability |
| CVE-2024-34809 | 2024-05-17 | WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34807 | 2024-05-17 | WordPress Fast Custom Social Share by CodeBard plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34806 | 2024-05-17 | WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34756 | 2024-05-17 | WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34755 | 2024-05-17 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-22120 | 2024-05-17 | Time Based SQL Injection in Zabbix Server Audit Log |
| CVE-2024-35174 | 2024-05-17 | WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability |
| CVE-2024-5043 | 2024-05-17 | Emlog Pro setting.php unrestricted upload |
| CVE-2024-5044 | 2024-05-17 | Emlog Pro Cookie improper authentication |
| CVE-2024-27402 | 2024-05-17 | phonet/pep: fix racy skb_queue_empty() use |
| CVE-2024-27403 | 2024-05-17 | netfilter: nft_flow_offload: reset dst in route object after setting up flow |
| CVE-2024-27404 | 2024-05-17 | mptcp: fix data races on remote_id |
| CVE-2024-27405 | 2024-05-17 | usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs |
| CVE-2024-27406 | 2024-05-17 | lib/Kconfig.debug: TEST_IOV_ITER depends on MMU |
| CVE-2024-27407 | 2024-05-17 | fs/ntfs3: Fixed overflow check in mi_enum_attr() |
| CVE-2023-52657 | 2024-05-17 | Revert "drm/amd/pm: resolve reboot exception for si oland" |
| CVE-2024-27408 | 2024-05-17 | dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup |
| CVE-2024-27409 | 2024-05-17 | dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup |
| CVE-2024-27410 | 2024-05-17 | wifi: nl80211: reject iftype change with mesh ID change |
| CVE-2024-27411 | 2024-05-17 | drm/nouveau: keep DMA buffers required for suspend/resume |
| CVE-2024-27412 | 2024-05-17 | power: supply: bq27xxx-i2c: Do not free non existing IRQ |
| CVE-2024-27413 | 2024-05-17 | efi/capsule-loader: fix incorrect allocation size |
| CVE-2024-27414 | 2024-05-17 | rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back |
| CVE-2024-27415 | 2024-05-17 | netfilter: bridge: confirm multicast packets before passing them up the stack |
| CVE-2024-27416 | 2024-05-17 | Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST |
| CVE-2024-27417 | 2024-05-17 | ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() |
| CVE-2024-27418 | 2024-05-17 | net: mctp: take ownership of skb in mctp_local_output |
| CVE-2023-52658 | 2024-05-17 | Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" |
| CVE-2024-27419 | 2024-05-17 | netrom: Fix data-races around sysctl_net_busy_read |
| CVE-2024-27431 | 2024-05-17 | cpumap: Zero-initialise xdp_rxq_info struct before running XDP program |
| CVE-2024-5055 | 2024-05-17 | Vulnerability of uncontrolled resource consumption in XAMPP |
| CVE-2023-52659 | 2024-05-17 | x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type |
| CVE-2023-52660 | 2024-05-17 | media: rkisp1: Fix IRQ handling due to shared interrupts |
| CVE-2024-27432 | 2024-05-17 | net: ethernet: mtk_eth_soc: fix PPE hanging issue |
| CVE-2024-27433 | 2024-05-17 | clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() |
| CVE-2024-27434 | 2024-05-17 | wifi: iwlwifi: mvm: don't set the MFP flag for the GTK |
| CVE-2024-27435 | 2024-05-17 | nvme: fix reconnection fail due to reserved tag allocation |
| CVE-2024-27436 | 2024-05-17 | ALSA: usb-audio: Stop parsing channels bits when all channels are found. |
| CVE-2024-35784 | 2024-05-17 | btrfs: fix deadlock with fiemap and extent locking |
| CVE-2024-35785 | 2024-05-17 | tee: optee: Fix kernel panic caused by incorrect error handling |
| CVE-2024-35786 | 2024-05-17 | drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf |
| CVE-2024-35787 | 2024-05-17 | md/md-bitmap: fix incorrect usage for sb_index |
| CVE-2024-35788 | 2024-05-17 | drm/amd/display: Fix bounds check for dcn35 DcfClocks |
| CVE-2024-35789 | 2024-05-17 | wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes |
| CVE-2024-35790 | 2024-05-17 | usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group |
| CVE-2024-35791 | 2024-05-17 | KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() |
| CVE-2024-35792 | 2024-05-17 | crypto: rk3288 - Fix use after free in unprepare |
| CVE-2024-35793 | 2024-05-17 | debugfs: fix wait/cancellation handling during remove |
| CVE-2024-35794 | 2024-05-17 | dm-raid: really frozen sync_thread during suspend |
| CVE-2024-5045 | 2024-05-17 | SourceCodester Online Birth Certificate Management System admin file access |
| CVE-2024-5046 | 2024-05-17 | SourceCodester Online Examination System registeracc.php sql injection |
| CVE-2024-5042 | 2024-05-17 | Submariner-operator: rbac permissions can allow for the spread of node compromises |
| CVE-2024-35795 | 2024-05-17 | drm/amdgpu: fix deadlock while reading mqd from debugfs |
| CVE-2024-35796 | 2024-05-17 | net: ll_temac: platform_get_resource replaced by wrong function |
| CVE-2024-35797 | 2024-05-17 | mm: cachestat: fix two shmem bugs |
| CVE-2024-35798 | 2024-05-17 | btrfs: fix race in read_extent_buffer_pages() |
| CVE-2024-35799 | 2024-05-17 | drm/amd/display: Prevent crash when disable stream |