CVE List - 2024 / May
Showing 4901 - 4997 of 4997 CVEs for May 2024 (Page 50 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-35433 | 2024-05-30 | ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control.... |
| CVE-2024-35468 | 2024-05-30 | A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource... |
| CVE-2024-35469 | 2024-05-30 | A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource... |
| CVE-2024-2420 | 2024-05-30 | LenelS2 NetBox Hardcoded Credentials |
| CVE-2024-2421 | 2024-05-30 | LenelS2 NetBox Improper Neutralization of Special Elements |
| CVE-2024-2422 | 2024-05-30 | LenelS2 NetBox Improper Neutralization of Argumented Delimiters |
| CVE-2024-35228 | 2024-05-30 | Improper Handling of Insufficient Permissions in Wagtail |
| CVE-2024-35189 | 2024-05-30 | Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides |
| CVE-2024-32877 | 2024-05-30 | Reflected Cross-site Scripting in yiisoft/yii2 Debug mode |
| CVE-2024-5271 | 2024-05-30 | Fuji Electric Monitouch V-SFT Out-of-Bounds Write |
| CVE-2024-34171 | 2024-05-30 | Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow |
| CVE-2024-1298 | 2024-05-30 | Integer Overflow caused by divide by zero during S3 suspension |
| CVE-2024-36119 | 2024-05-30 | Password confirmation stored in plain text via registration form in statamic/cms |
| CVE-2024-5493 | 2024-05-30 | Heap buffer overflow in WebRTC in Google Chrome prior to... |
| CVE-2024-5494 | 2024-05-30 | Use after free in Dawn in Google Chrome prior to... |
| CVE-2024-5495 | 2024-05-30 | Use after free in Dawn in Google Chrome prior to... |
| CVE-2024-5496 | 2024-05-30 | Use after free in Media Session in Google Chrome prior... |
| CVE-2024-5497 | 2024-05-30 | Out of bounds memory access in Browser UI in Google... |
| CVE-2024-5498 | 2024-05-30 | Use after free in Presentation API in Google Chrome prior... |
| CVE-2024-5499 | 2024-05-30 | Out of bounds write in Streams API in Google Chrome... |
| CVE-2024-37017 | 2024-05-30 | asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read... |
| CVE-2024-36843 | 2024-05-31 | libmodbus v3.1.6 was discovered to contain a heap overflow via... |
| CVE-2024-37032 | 2024-05-31 | Ollama before 0.1.34 does not validate the format of the... |
| CVE-2024-37018 | 2024-05-31 | The OpenDaylight 0.15.3 controller allows topology poisoning via API requests... |
| CVE-2024-32850 | 2024-05-31 | Improper neutralization of special elements used in a command ('Command... |
| CVE-2024-5345 | 2024-05-31 | Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion |
| CVE-2024-5418 | 2024-05-31 | DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute |
| CVE-2024-2793 | 2024-05-31 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-4205 | 2024-05-31 | Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure |
| CVE-2024-4376 | 2024-05-31 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget |
| CVE-2024-4379 | 2024-05-31 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip |
| CVE-2024-4469 | 2024-05-31 | Migration Backup Restore < 3.5.0 - Admin+ SSRF |
| CVE-2024-23847 | 2024-05-31 | Incorrect default permissions issue exists in Unifier and Unifier Cast.... |
| CVE-2024-36246 | 2024-05-31 | Missing authorization vulnerability exists in Unifier and Unifier Cast. If... |
| CVE-2024-5427 | 2024-05-31 | WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode |
| CVE-2024-5523 | 2024-05-31 | SQL injection vulnerability in Astrotalks |
| CVE-2024-5524 | 2024-05-31 | Information exposure vulnerability in Astrotalks |
| CVE-2024-5525 | 2024-05-31 | Improper privilege management vulnerability in Astrotalks |
| CVE-2024-5436 | 2024-05-31 | Type Confusion in Snapchat Lenscore |
| CVE-2024-5347 | 2024-05-31 | Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget |
| CVE-2024-4160 | 2024-05-31 | Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode |
| CVE-2024-5041 | 2024-05-31 | Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion |
| CVE-2024-23692 | 2024-05-31 | Rejetto HTTP File Server 2.3m Unauthenticated RCE |
| CVE-2024-22338 | 2024-05-31 | IBM Security Verify Access OIDC Provider information disclosure |
| CVE-2024-31889 | 2024-05-31 | IBM Planning Analytics Local cross-site scripting |
| CVE-2024-31908 | 2024-05-31 | IBM Planning Analytics Local cross-site scripting |
| CVE-2024-31907 | 2024-05-31 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to... |
| CVE-2024-5565 | 2024-05-31 | Prompt Injection in "ask" API with visualization leads to RCE |
| CVE-2023-7073 | 2024-05-31 | Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery |
| CVE-2024-36108 | 2024-05-31 | Multiple Broken Function-Level Authorization vulnerabilities in casgate |
| CVE-2024-28736 | 2024-05-31 | An issue in Debezium Community debezium-ui v.2.5 allows a local... |
| CVE-2022-25038 | 2024-05-31 | wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS)... |
| CVE-2022-25037 | 2024-05-31 | An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and... |
| CVE-2024-36120 | 2024-05-31 | javascript-deobfuscator crafted payload can lead to code execution |
| CVE-2024-35140 | 2024-05-31 | IBM Security Verify Access privilege escalation |
| CVE-2024-35142 | 2024-05-31 | IBM Security Verify Access privilege escalation |
| CVE-2024-1275 | 2024-05-31 | Vulnerability in Baxter Welch Allyn Connex Spot Monitor |
| CVE-2024-35196 | 2024-05-31 | Slack integration leaks sensitive information in logs in Sentry |
| CVE-2024-5176 | 2024-05-31 | Vulnerability in Welch Allyn Configuration Tool Software |
| CVE-2024-29825 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-29824 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-22058 | 2024-05-31 | A buffer overflow allows a low privilege user on the... |
| CVE-2024-29830 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2023-38551 | 2024-05-31 | A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x)... |
| CVE-2024-29846 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-29848 | 2024-05-31 | An unrestricted file upload vulnerability in web component of Ivanti... |
| CVE-2024-29829 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-29828 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-29826 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-29822 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-22060 | 2024-05-31 | An unrestricted file upload vulnerability in web component of Ivanti... |
| CVE-2024-29827 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-29823 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2023-46810 | 2024-05-31 | A local privilege escalation vulnerability in Ivanti Secure Access Client... |
| CVE-2024-22059 | 2024-05-31 | A SQL injection vulnerability in web component of Ivanti Neurons... |
| CVE-2023-38042 | 2024-05-31 | A local privilege escalation vulnerability in Ivanti Secure Access Client... |
| CVE-2021-44534 | 2024-05-31 | Insufficient user input filtering leads to arbitrary file read by... |
| CVE-2024-31030 | 2024-05-31 | An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows... |
| CVE-2024-5564 | 2024-05-31 | Libndp: buffer overflow in route information length field |
| CVE-2024-23316 | 2024-05-31 | PingAccess HTTP Request Desynchronization Weakness |
| CVE-2024-36844 | 2024-05-31 | libmodbus v3.1.6 was discovered to contain a use-after-free via the... |
| CVE-2024-36845 | 2024-05-31 | An invalid pointer in the modbus_receive() function of libmodbus v3.1.6... |
| CVE-2024-33996 | 2024-05-31 | moodle: broken access control when setting calendar event type |
| CVE-2024-33997 | 2024-05-31 | moodle: stored XSS risk when editing another user's equation in equation editor |
| CVE-2024-33998 | 2024-05-31 | moodle: stored XSS via user's name on participants page when opening some options |
| CVE-2024-33999 | 2024-05-31 | moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php |
| CVE-2024-34000 | 2024-05-31 | moodle: stored XSS in lesson overview report via user ID number |
| CVE-2024-34001 | 2024-05-31 | moodle: CSRF risk in admin preset tool management of presets |
| CVE-2024-34002 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup |
| CVE-2024-34003 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup |
| CVE-2024-34004 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup |
| CVE-2024-34005 | 2024-05-31 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup |
| CVE-2024-34006 | 2024-05-31 | moodle: unsanitized HTML in site log for config_log_created |
| CVE-2024-34007 | 2024-05-31 | moodle: logout CSRF in admin/tool/mfa/auth.php |
| CVE-2024-34008 | 2024-05-31 | moodle: CSRF risk in analytics management of models |
| CVE-2024-34009 | 2024-05-31 | moodle: ReCAPTCHA can be bypassed on the login page |
| CVE-2024-5138 | 2024-05-31 | The snapctl component within snapd allows a confined snap to... |