CVE List - 2024 / June
Showing 1701 - 1800 of 3082 CVEs for June 2024 (Page 18 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-27174 | 2024-06-14 | insecure upload |
| CVE-2024-27175 | 2024-06-14 | Local File Inclusion |
| CVE-2024-5469 | 2024-06-14 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-27176 | 2024-06-14 | Remote Code Execution |
| CVE-2024-27177 | 2024-06-14 | Remote Code Execution |
| CVE-2024-27178 | 2024-06-14 | Remote Code Execution |
| CVE-2024-27179 | 2024-06-14 | Session disclosure inside the log files |
| CVE-2024-27180 | 2024-06-14 | TOCTOU vulnerability |
| CVE-2024-3496 | 2024-06-14 | Authentication Bypass Vulnerability |
| CVE-2024-3497 | 2024-06-14 | Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-3498 | 2024-06-14 | Incorrect Permission Assignment Privilege Escalation Vulnerability |
| CVE-2024-1094 | 2024-06-14 | Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation |
| CVE-2024-4936 | 2024-06-14 | Canto <= 3.0.8 - Unauthenticated Remote File Inclusion |
| CVE-2023-51497 | 2024-06-14 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability |
| CVE-2024-23504 | 2024-06-14 | WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2024-5551 | 2024-06-14 | WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion |
| CVE-2024-4404 | 2024-06-14 | ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery |
| CVE-2024-2122 | 2024-06-14 | FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL |
| CVE-2023-51496 | 2024-06-14 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-51495 | 2024-06-14 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-51377 | 2024-06-14 | WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2024-1295 | 2024-06-14 | The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access |
| CVE-2024-2218 | 2024-06-14 | LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS |
| CVE-2024-3754 | 2024-06-14 | Alemha Watermarker <= 1.3.1 - Author+ Stored XSS |
| CVE-2024-3965 | 2024-06-14 | Pray For Me <= 1.0.4 - Settings Update via CSRF |
| CVE-2024-3966 | 2024-06-14 | Pray For Me <= 1.0.4 - Unauthenticated Stored XSS |
| CVE-2024-3971 | 2024-06-14 | Similarity <= 3.0 - Plugin Reset via CSRF |
| CVE-2024-3972 | 2024-06-14 | Similarity <= 3.0 - Stored XSS via CSRF |
| CVE-2024-3977 | 2024-06-14 | WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS |
| CVE-2024-3978 | 2024-06-14 | WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-3992 | 2024-06-14 | Amen <= 3.3.1 - Admin+ Stored XSS |
| CVE-2024-3993 | 2024-06-14 | AZAN Plugin <= 0.6 - Stored XSS via CSRF |
| CVE-2024-4005 | 2024-06-14 | Social Pixel <= 2.1 - Admin+ Stored XSS |
| CVE-2024-4270 | 2024-06-14 | SVGMagic <= 1.1 - Stored XSS via SVG Upload |
| CVE-2024-4271 | 2024-06-14 | SVGator <= 1.2.6 - Stored XSS via SVG Upload |
| CVE-2024-4480 | 2024-06-14 | WP Prayer II <= 2.4.7 - Email Settings Update via CSRF |
| CVE-2024-4751 | 2024-06-14 | WP Prayer II <= 2.4.7 - Settings Update via CSRF |
| CVE-2024-5155 | 2024-06-14 | Inquiry Cart <= 3.4.2 - Stored XSS via CSRF |
| CVE-2024-31162 | 2024-06-14 | ASUS Download Master - OS Command Injection |
| CVE-2024-31163 | 2024-06-14 | ASUS Download Master - Buffer Overflow |
| CVE-2024-5994 | 2024-06-14 | WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-36499 | 2024-06-14 | Vulnerability of unauthorized screenshot capturing in the WMS module Impact:... |
| CVE-2024-5995 | 2024-06-14 | Soar Cloud HR Portal - Insufficient Session Expiration |
| CVE-2024-36500 | 2024-06-14 | Privilege escalation vulnerability in the AMS module Impact: Successful exploitation... |
| CVE-2024-36501 | 2024-06-14 | Memory management vulnerability in the boottime module Impact: Successful exploitation... |
| CVE-2024-36502 | 2024-06-14 | Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation... |
| CVE-2024-36503 | 2024-06-14 | Memory management vulnerability in the Gralloc module Impact: Successful exploitation... |
| CVE-2024-5464 | 2024-06-14 | Vulnerability of insufficient permission verification in the NearLink module Impact:... |
| CVE-2024-5465 | 2024-06-14 | Function vulnerabilities in the Calendar module Impact: Successful exploitation of... |
| CVE-2024-5577 | 2024-06-14 | Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion |
| CVE-2024-5961 | 2024-06-14 | Reflected XSS in 2ClickPortal |
| CVE-2024-25142 | 2024-06-14 | Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache |
| CVE-2024-4863 | 2024-06-14 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter |
| CVE-2024-36287 | 2024-06-14 | Bypass of TCC restrictions on macOS |
| CVE-2024-37182 | 2024-06-14 | Lack of permissions prompting when opening external URLs |
| CVE-2024-3912 | 2024-06-14 | ASUS Router - Upload arbitrary firmware |
| CVE-2024-2472 | 2024-06-14 | LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR |
| CVE-2024-34012 | 2024-06-14 | Local privilege escalation due to insecure folder permissions. The following... |
| CVE-2024-5685 | 2024-06-14 | Broken Function Level Authorization (BFLA) in snipe/snipe-it |
| CVE-2023-51376 | 2024-06-14 | WordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerability |
| CVE-2024-36459 | 2024-06-14 | Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent |
| CVE-2024-2023 | 2024-06-14 | Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload |
| CVE-2024-2024 | 2024-06-14 | Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload |
| CVE-2024-5671 | 2024-06-14 | Insecure Deserialization in some workflows of the IPS Manager allows... |
| CVE-2024-5731 | 2024-06-14 | A vulnerability in the IPS Manager, Central Manager, and Local... |
| CVE-2024-37367 | 2024-06-14 | Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction |
| CVE-2024-23442 | 2024-06-14 | Kibana open redirect issue |
| CVE-2024-37368 | 2024-06-14 | Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction |
| CVE-2024-34694 | 2024-06-14 | LNbits improperly handles potential network and payment failures when using Eclair backend |
| CVE-2024-37312 | 2024-06-14 | Nextcloud user_oidc app's ID4me feature is available even when disabled |
| CVE-2024-37313 | 2024-06-14 | Nextcloud server allows the by-pass the second factor |
| CVE-2024-37314 | 2024-06-14 | Nextcloud Photos' shared albums have no restriction on photo removal |
| CVE-2024-37315 | 2024-06-14 | Nextcloud Server's read-only users can restore old versions |
| CVE-2024-37316 | 2024-06-14 | Nextcloud Calendar's event create can create attachments that link to other websites |
| CVE-2024-37317 | 2024-06-14 | Nextcloud Notes app can be tricked into using a received share created before the user logged in |
| CVE-2024-37882 | 2024-06-14 | Nextcloud Server can reshare read&share only folder with more permissions |
| CVE-2024-37883 | 2024-06-14 | Nextcloud Deck can access comments and attachments of deleted cards |
| CVE-2024-37884 | 2024-06-14 | Nextcloud Server's users can delete old versions of read-only shared files |
| CVE-2024-37885 | 2024-06-14 | Code injection in Nextcloud Desktop Client for macOS |
| CVE-2024-37886 | 2024-06-14 | Nextcloud user_oidc's ID4me does not validate signature or expiration |
| CVE-2024-37887 | 2024-06-14 | Nextcloud Server's events information leaked with shared calendars on recurrence exceptions |
| CVE-2024-5659 | 2024-06-14 | Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers |
| CVE-2024-37369 | 2024-06-14 | Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions |
| CVE-2024-37888 | 2024-06-14 | The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality |
| CVE-2024-37889 | 2024-06-14 | MyFinances Allows Unauthorized Access to Other Customer Data |
| CVE-2024-6003 | 2024-06-14 | Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection |
| CVE-2024-30119 | 2024-06-14 | HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header |
| CVE-2024-21988 | 2024-06-14 | CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale) |
| CVE-2024-30120 | 2024-06-14 | HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application |
| CVE-2024-38394 | 2024-06-15 | Mismatches in interpreting USB authorization policy between GNOME Settings Daemon... |
| CVE-2024-2544 | 2024-06-15 | Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions |
| CVE-2024-5263 | 2024-06-15 | ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets |
| CVE-2024-3814 | 2024-06-15 | tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta |
| CVE-2024-3815 | 2024-06-15 | Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta |
| CVE-2024-3813 | 2024-06-15 | tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2023-6696 | 2024-06-15 | Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure |
| CVE-2024-4479 | 2024-06-15 | Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets |
| CVE-2024-6000 | 2024-06-15 | FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload |
| CVE-2024-5868 | 2024-06-15 | WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness |
| CVE-2024-5871 | 2024-06-15 | WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection |