CVE List - 2024 / May
Showing 4001 - 4100 of 4994 CVEs for May 2024 (Page 41 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-25724 | 2024-05-21 | In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute... |
| CVE-2024-33525 | 2024-05-21 | A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well... |
| CVE-2024-31989 | 2024-05-21 | ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache |
| CVE-2024-34274 | 2024-05-21 | OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on... |
| CVE-2024-31756 | 2024-05-21 | An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. |
| CVE-2024-5040 | 2024-05-21 | LCDS LAquis SCADA Path Traversal |
| CVE-2024-35220 | 2024-05-21 | @fastify/session reuses destroyed session cookie |
| CVE-2024-21683 | 2024-05-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of... |
| CVE-2024-3519 | 2024-05-21 | Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang |
| CVE-2024-3518 | 2024-05-21 | Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode |
| CVE-2024-0451 | 2024-05-22 | AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback |
| CVE-2024-0452 | 2024-05-22 | AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback |
| CVE-2024-0453 | 2024-05-22 | AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback |
| CVE-2024-4980 | 2024-05-22 | WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters |
| CVE-2024-30419 | 2024-05-22 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to... |
| CVE-2024-30420 | 2024-05-22 | Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with... |
| CVE-2024-31394 | 2024-05-22 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to... |
| CVE-2024-31395 | 2024-05-22 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to... |
| CVE-2024-31396 | 2024-05-22 | Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator... |
| CVE-2024-31340 | 2024-05-22 | TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted... |
| CVE-2024-35162 | 2024-05-22 | Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary... |
| CVE-2024-4971 | 2024-05-22 | LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-3611 | 2024-05-22 | Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5092 | 2024-05-22 | Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets |
| CVE-2024-4443 | 2024-05-22 | Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter |
| CVE-2024-3066 | 2024-05-22 | Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags |
| CVE-2020-35165 | 2024-05-22 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
| CVE-2021-47433 | 2024-05-22 | btrfs: fix abort logic in btrfs_replace_file_extents |
| CVE-2021-47434 | 2024-05-22 | xhci: Fix command ring pointer corruption while aborting a command |
| CVE-2021-47435 | 2024-05-22 | dm: fix mempool NULL pointer race when completing IO |
| CVE-2021-47436 | 2024-05-22 | usb: musb: dsps: Fix the probe error path |
| CVE-2021-47437 | 2024-05-22 | iio: adis16475: fix deadlock on frequency set |
| CVE-2021-47438 | 2024-05-22 | net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path |
| CVE-2021-47439 | 2024-05-22 | net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work |
| CVE-2021-47440 | 2024-05-22 | net: encx24j600: check error in devm_regmap_init_encx24j600 |
| CVE-2021-47441 | 2024-05-22 | mlxsw: thermal: Fix out-of-bounds memory accesses |
| CVE-2021-47442 | 2024-05-22 | NFC: digital: fix possible memory leak in digital_in_send_sdd_req() |
| CVE-2021-47443 | 2024-05-22 | NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() |
| CVE-2021-47444 | 2024-05-22 | drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read |
| CVE-2021-47445 | 2024-05-22 | drm/msm: Fix null pointer dereference on pointer edp |
| CVE-2021-47446 | 2024-05-22 | drm/msm/a4xx: fix error handling in a4xx_gpu_init() |
| CVE-2021-47447 | 2024-05-22 | drm/msm/a3xx: fix error handling in a3xx_gpu_init() |
| CVE-2021-47448 | 2024-05-22 | mptcp: fix possible stall on recvmsg() |
| CVE-2021-47449 | 2024-05-22 | ice: fix locking for Tx timestamp tracking flush |
| CVE-2021-47450 | 2024-05-22 | KVM: arm64: Fix host stage-2 PGD refcount |
| CVE-2021-47451 | 2024-05-22 | netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value |
| CVE-2021-47452 | 2024-05-22 | netfilter: nf_tables: skip netdev events generated on netns removal |
| CVE-2021-47453 | 2024-05-22 | ice: Avoid crash from unnecessary IDA free |
| CVE-2021-47454 | 2024-05-22 | powerpc/smp: do not decrement idle task preempt count in CPU offline |
| CVE-2021-47455 | 2024-05-22 | ptp: Fix possible memory leak in ptp_clock_register() |
| CVE-2021-47456 | 2024-05-22 | can: peak_pci: peak_pci_remove(): fix UAF |
| CVE-2021-47457 | 2024-05-22 | can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() |
| CVE-2021-47458 | 2024-05-22 | ocfs2: mount fails with buffer overflow in strlen |
| CVE-2021-47459 | 2024-05-22 | can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv |
| CVE-2021-47460 | 2024-05-22 | ocfs2: fix data corruption after conversion from inline format |
| CVE-2021-47461 | 2024-05-22 | userfaultfd: fix a race between writeprotect and exit_mmap() |
| CVE-2021-47462 | 2024-05-22 | mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() |
| CVE-2021-47463 | 2024-05-22 | mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() |
| CVE-2021-47464 | 2024-05-22 | audit: fix possible null-pointer dereference in audit_filter_rules |
| CVE-2021-47465 | 2024-05-22 | KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() |
| CVE-2021-47466 | 2024-05-22 | mm, slub: fix potential memoryleak in kmem_cache_open() |
| CVE-2021-47467 | 2024-05-22 | kunit: fix reference count leak in kfree_at_end |
| CVE-2021-47468 | 2024-05-22 | isdn: mISDN: Fix sleeping function called from invalid context |
| CVE-2021-47470 | 2024-05-22 | mm, slub: fix potential use-after-free in slab_debugfs_fops |
| CVE-2021-47471 | 2024-05-22 | drm: mxsfb: Fix NULL pointer dereference crash on unload |
| CVE-2021-47473 | 2024-05-22 | scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() |
| CVE-2024-3663 | 2024-05-22 | WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation |
| CVE-2024-1446 | 2024-05-22 | NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2024-3927 | 2024-05-22 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass |
| CVE-2024-2088 | 2024-05-22 | NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure |
| CVE-2024-1762 | 2024-05-22 | NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent |
| CVE-2024-3198 | 2024-05-22 | WP Font Awesome Share Icons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3671 | 2024-05-22 | Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-2163 | 2024-05-22 | Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets |
| CVE-2024-0632 | 2024-05-22 | Automatic Translator with Google Translate <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom Font |
| CVE-2024-2119 | 2024-05-22 | LuckyWP Table of Contents <= 2.1.4 - Reflected Cross-Site Scripting |
| CVE-2023-6487 | 2024-05-22 | LuckyWP Table of Contents <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting |
| CVE-2024-4157 | 2024-05-22 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues |
| CVE-2024-2953 | 2024-05-22 | LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3666 | 2024-05-22 | Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5147 | 2024-05-22 | WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion |
| CVE-2024-32988 | 2024-05-22 | 'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be... |
| CVE-2021-47474 | 2024-05-22 | comedi: vmk80xx: fix bulk-buffer overflow |
| CVE-2021-47475 | 2024-05-22 | comedi: vmk80xx: fix transfer-buffer overflows |
| CVE-2021-47476 | 2024-05-22 | comedi: ni_usb6501: fix NULL-deref in command paths |
| CVE-2021-47477 | 2024-05-22 | comedi: dt9812: fix DMA buffers on stack |
| CVE-2021-47478 | 2024-05-22 | isofs: Fix out of bound access for corrupted isofs image |
| CVE-2021-47479 | 2024-05-22 | staging: rtl8712: fix use-after-free in rtl8712_dl_fw |
| CVE-2021-47480 | 2024-05-22 | scsi: core: Put LLD module refcnt after SCSI device is released |
| CVE-2021-47481 | 2024-05-22 | RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR |
| CVE-2021-47482 | 2024-05-22 | net: batman-adv: fix error handling |
| CVE-2021-47483 | 2024-05-22 | regmap: Fix possible double-free in regcache_rbtree_exit() |
| CVE-2021-47484 | 2024-05-22 | octeontx2-af: Fix possible null pointer dereference. |
| CVE-2021-47485 | 2024-05-22 | IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields |
| CVE-2021-47486 | 2024-05-22 | riscv, bpf: Fix potential NULL dereference |
| CVE-2021-47489 | 2024-05-22 | drm/amdgpu: Fix even more out of bound writes from debugfs |
| CVE-2021-47490 | 2024-05-22 | drm/ttm: fix memleak in ttm_transfered_destroy |
| CVE-2021-47491 | 2024-05-22 | mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-47492 | 2024-05-22 | mm, thp: bail out early in collapse_file for writeback page |
| CVE-2021-47493 | 2024-05-22 | ocfs2: fix race between searching chunks and release journal_head from buffer_head |