CVE List - 2024 / May
Showing 4101 - 4200 of 4994 CVEs for May 2024 (Page 42 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-47494 | 2024-05-22 | cfg80211: fix management registrations locking |
| CVE-2021-47495 | 2024-05-22 | usbnet: sanity check for maxpacket |
| CVE-2021-47496 | 2024-05-22 | net/tls: Fix flipped sign in tls_err_abort() calls |
| CVE-2021-47497 | 2024-05-22 | nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells |
| CVE-2021-47498 | 2024-05-22 | dm rq: don't queue request to blk-mq during DM suspend |
| CVE-2024-4896 | 2024-05-22 | WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter |
| CVE-2024-3495 | 2024-05-22 | Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection |
| CVE-2024-2036 | 2024-05-22 | ApplyOnline – Application Form Builder and Manager <= 2.6 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-5031 | 2024-05-22 | MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode |
| CVE-2024-4362 | 2024-05-22 | SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode |
| CVE-2024-5025 | 2024-05-22 | MemberPress <= 1.11.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Parameter |
| CVE-2024-4262 | 2024-05-22 | Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes |
| CVE-2024-5193 | 2024-05-22 | Ritlabs TinyWeb Server Request crlf injection |
| CVE-2024-5194 | 2024-05-22 | Arris VAP2500 assoc_table.php command injection |
| CVE-2024-5195 | 2024-05-22 | Arris VAP2500 diag_s.php command injection |
| CVE-2024-36010 | 2024-05-22 | igb: Fix string truncation warnings in igb_set_fw_version |
| CVE-2024-5196 | 2024-05-22 | Arris VAP2500 tools_command.php command injection |
| CVE-2024-4261 | 2024-05-22 | Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-35550 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev. |
| CVE-2024-35551 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. |
| CVE-2024-35552 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. |
| CVE-2024-35553 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close. |
| CVE-2024-35554 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. |
| CVE-2024-35556 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet. |
| CVE-2024-35555 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40. |
| CVE-2024-35557 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close. |
| CVE-2024-35558 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close. |
| CVE-2024-35559 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close. |
| CVE-2024-35560 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN. |
| CVE-2024-35561 | 2024-05-22 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close. |
| CVE-2024-35475 | 2024-05-22 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim... |
| CVE-2024-35409 | 2024-05-22 | WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php. |
| CVE-2024-3926 | 2024-05-22 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes |
| CVE-2024-33218 | 2024-05-22 | An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL... |
| CVE-2024-33219 | 2024-05-22 | An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33220 | 2024-05-22 | An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33221 | 2024-05-22 | An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33222 | 2024-05-22 | An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33223 | 2024-05-22 | An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-5157 | 2024-05-22 | Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-5158 | 2024-05-22 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-5159 | 2024-05-22 | Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security... |
| CVE-2024-5160 | 2024-05-22 | Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security... |
| CVE-2024-33224 | 2024-05-22 | An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33225 | 2024-05-22 | An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL... |
| CVE-2024-33226 | 2024-05-22 | An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33227 | 2024-05-22 | An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-33228 | 2024-05-22 | An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| CVE-2024-35362 | 2024-05-22 | Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php. |
| CVE-2024-29392 | 2024-05-22 | Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. |
| CVE-2024-34448 | 2024-05-22 | Ghost before 5.82.0 allows CSV Injection during a member CSV export. |
| CVE-2024-5166 | 2024-05-22 | Insecure Direct Object Reference In Looker |
| CVE-2024-36077 | 2024-05-22 | Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role,... |
| CVE-2024-20363 | 2024-05-22 | Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on... |
| CVE-2024-20261 | 2024-05-22 | A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass... |
| CVE-2024-20361 | 2024-05-22 | A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls... |
| CVE-2024-20355 | 2024-05-22 | A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software... |
| CVE-2024-20293 | 2024-05-22 | A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote... |
| CVE-2024-4563 | 2024-05-22 | The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length |
| CVE-2024-29421 | 2024-05-22 | xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code. |
| CVE-2024-31617 | 2024-05-22 | OpenLiteSpeed before 1.8.1 mishandles chunked encoding. |
| CVE-2024-20360 | 2024-05-22 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This... |
| CVE-2024-21791 | 2024-05-22 | SQL Injection in ADAudit Plus |
| CVE-2024-31904 | 2024-05-22 | IBM App Connect Enterprise denial of service |
| CVE-2024-25738 | 2024-05-22 | A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to... |
| CVE-2024-31893 | 2024-05-22 | IBM App Connect Enterprise information disclosure |
| CVE-2024-25737 | 2024-05-22 | A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP... |
| CVE-2024-35627 | 2024-05-22 | tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key. |
| CVE-2024-4454 | 2024-05-22 | WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-31895 | 2024-05-22 | IBM App Connect Enterprise information disclosure |
| CVE-2023-51636 | 2024-05-22 | Avira Prime Link Following Local Privilege Escalation Vulnerability |
| CVE-2023-51637 | 2024-05-22 | Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-31894 | 2024-05-22 | IBM App Connect Enterprise information disclosure |
| CVE-2024-4453 | 2024-05-22 | GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability |
| CVE-2024-27264 | 2024-05-22 | IBM Performance Tools for i privilege escalation |
| CVE-2024-4267 | 2024-05-22 | Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-22026 | 2024-05-22 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. |
| CVE-2023-46807 | 2024-05-22 | An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. |
| CVE-2023-46806 | 2024-05-22 | An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. |
| CVE-2024-29849 | 2024-05-22 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. |
| CVE-2024-29850 | 2024-05-22 | Veeam Backup Enterprise Manager allows account takeover via NTLM relay. |
| CVE-2024-29852 | 2024-05-22 | Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. |
| CVE-2024-29851 | 2024-05-22 | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. |
| CVE-2024-29853 | 2024-05-22 | An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. |
| CVE-2024-4486 | 2024-05-23 | Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget |
| CVE-2024-1855 | 2024-05-23 | WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2024-4783 | 2024-05-23 | jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode |
| CVE-2023-6844 | 2024-05-23 | iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode |
| CVE-2024-3065 | 2024-05-23 | PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-3201 | 2024-05-23 | WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-4978 | 2024-05-23 | Malicious Code in Justice AV Solutions (JAVS) Viewer |
| CVE-2024-5230 | 2024-05-23 | EnvaySoft FleetCart information disclosure |
| CVE-2024-4895 | 2024-05-23 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import |
| CVE-2024-5231 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection |
| CVE-2024-5232 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection |
| CVE-2024-4431 | 2024-05-23 | LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2023-6325 | 2024-05-23 | RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate |
| CVE-2024-4662 | 2024-05-23 | Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution |
| CVE-2024-5233 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection |
| CVE-2024-5234 | 2024-05-23 | Campcodes Complete Web-Based School Management System teacher_salary_history1.php sql injection |