CVE List - 2024 / June
Showing 101 - 200 of 3082 CVEs for June 2024 (Page 2 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-34789 | 2024-06-03 | WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34770 | 2024-06-03 | WordPress Popup Maker WP plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34769 | 2024-06-03 | WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34767 | 2024-06-03 | WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34766 | 2024-06-03 | WordPress ChaosTheory theme <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34764 | 2024-06-03 | WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-34385 | 2024-06-03 | WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35632 | 2024-06-03 | WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-36568 | 2024-06-03 | Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL... |
| CVE-2024-36569 | 2024-06-03 | Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary... |
| CVE-2024-5197 | 2024-06-03 | Integer overflow in libvpx |
| CVE-2024-36729 | 2024-06-03 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow... |
| CVE-2024-36728 | 2024-06-03 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow... |
| CVE-2024-0336 | 2024-06-03 | Improper Access Control in EMTA Grups PDKS |
| CVE-2024-36123 | 2024-06-03 | Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline |
| CVE-2024-36124 | 2024-06-03 | iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash |
| CVE-2024-36127 | 2024-06-03 | apko Exposure of HTTP basic auth credentials in log output |
| CVE-2024-36128 | 2024-06-03 | Directus is soft-locked by providing a string value to random string util |
| CVE-2024-32983 | 2024-06-03 | Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities |
| CVE-2024-4540 | 2024-06-03 | Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie |
| CVE-2024-36674 | 2024-06-03 | LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-4332 | 2024-06-03 | Improper Authentication in Tripwire Enterprise 9.1.0 APIs |
| CVE-2024-37019 | 2024-06-03 | Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has... |
| CVE-2022-0555 | 2024-06-03 | Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions |
| CVE-2021-3899 | 2024-06-03 | There is a race condition in the 'replaced executable' detection... |
| CVE-2022-1242 | 2024-06-03 | Apport can be tricked into connecting to arbitrary sockets as... |
| CVE-2024-31684 | 2024-06-03 | Incorrect access control in the fingerprint authentication mechanism of Bitdefender... |
| CVE-2024-31682 | 2024-06-03 | Incorrect access control in the fingerprint authentication mechanism of Phone... |
| CVE-2024-34051 | 2024-06-03 | A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of... |
| CVE-2023-52162 | 2024-06-03 | Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable... |
| CVE-2024-36783 | 2024-06-03 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection... |
| CVE-2024-36782 | 2024-06-03 | TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password... |
| CVE-2023-23730 | 2024-06-03 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability |
| CVE-2023-23735 | 2024-06-03 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability |
| CVE-2023-23738 | 2024-06-03 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability |
| CVE-2023-24373 | 2024-06-03 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability |
| CVE-2023-26521 | 2024-06-03 | WordPress Search in Place plugin <= 1.0.104 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-26523 | 2024-06-03 | WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-27437 | 2024-06-03 | WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability |
| CVE-2023-27460 | 2024-06-03 | WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-28492 | 2024-06-03 | WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2024-29152 | 2024-06-04 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2024-29972 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in... |
| CVE-2024-29973 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in... |
| CVE-2024-29974 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability... |
| CVE-2024-29975 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability... |
| CVE-2024-29976 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability... |
| CVE-2024-4870 | 2024-06-04 | Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation |
| CVE-2024-4552 | 2024-06-04 | Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass |
| CVE-2024-3888 | 2024-06-04 | tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode |
| CVE-2024-1717 | 2024-06-04 | Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval |
| CVE-2024-3555 | 2024-06-04 | Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting |
| CVE-2024-2019 | 2024-06-04 | WP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database Access |
| CVE-2024-1718 | 2024-06-04 | Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update |
| CVE-2024-3031 | 2024-06-04 | Fluid Notification Bar <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-2382 | 2024-06-04 | Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass |
| CVE-2024-3230 | 2024-06-04 | Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4274 | 2024-06-04 | Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion |
| CVE-2024-4697 | 2024-06-04 | Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter |
| CVE-2024-4273 | 2024-06-04 | Essential Real Estate <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-4997 | 2024-06-04 | WPUpper Share Buttons <= 3.43 - Missing Authorization |
| CVE-2024-4462 | 2024-06-04 | Nafeza Prayer Time <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-0757 | 2024-06-04 | Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE |
| CVE-2024-2470 | 2024-06-04 | Simple Ajax Chat < 20240412 - Admin+ Stored XSS |
| CVE-2024-4057 | 2024-06-04 | Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS |
| CVE-2024-4180 | 2024-06-04 | The Events Calendar < 6.4.0.1 - Reflected XSS |
| CVE-2024-4749 | 2024-06-04 | WP eMember < 10.3.9 - Reflected XSS |
| CVE-2024-4750 | 2024-06-04 | BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment |
| CVE-2024-4856 | 2024-06-04 | FS Product Inquiry <= 1.1.1 - Reflected XSS |
| CVE-2024-4857 | 2024-06-04 | FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS |
| CVE-2024-5485 | 2024-06-04 | SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! <= 1.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trigger Link Shortcode |
| CVE-2024-20873 | 2024-06-04 | Improper input validation vulnerability in caminfo driver prior to SMR... |
| CVE-2024-20874 | 2024-06-04 | Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024... |
| CVE-2024-20875 | 2024-06-04 | Improper caller verification vulnerability in SemClipboard prior to SMR June-2024... |
| CVE-2024-20876 | 2024-06-04 | Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release... |
| CVE-2024-20877 | 2024-06-04 | Heap out-of-bound write vulnerability in parsing grid image header in... |
| CVE-2024-20878 | 2024-06-04 | Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so... |
| CVE-2024-20879 | 2024-06-04 | Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024... |
| CVE-2024-20880 | 2024-06-04 | Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024... |
| CVE-2024-20881 | 2024-06-04 | Improper input validation vulnerability in chnactiv TA prior to SMR... |
| CVE-2024-20882 | 2024-06-04 | Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release... |
| CVE-2024-20883 | 2024-06-04 | Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService... |
| CVE-2024-20884 | 2024-06-04 | Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService... |
| CVE-2024-20885 | 2024-06-04 | Improper component protection vulnerability in Samsung Dialer prior to SMR... |
| CVE-2024-20886 | 2024-06-04 | Arbitrary directory creation in Samsung Live Wallpaper PC prior to... |
| CVE-2024-20887 | 2024-06-04 | Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51... |
| CVE-2023-28494 | 2024-06-04 | WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-33930 | 2024-06-04 | WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability |
| CVE-2023-34001 | 2024-06-04 | WordPress Hide My WP Ghost – Security Plugin plugin <= 5.0.25 - Captcha Bypass vulnerability |
| CVE-2023-37865 | 2024-06-04 | WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability |
| CVE-2023-38520 | 2024-06-04 | WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering |
| CVE-2023-39161 | 2024-06-04 | WordPress Discussion Board plugin <= 2.4.8 - Content Injection vulnerability |
| CVE-2023-40332 | 2024-06-04 | WordPress WP-PostRatings plugin <= 1.91 - Rating limit Bypass vulnerability |
| CVE-2023-40557 | 2024-06-04 | WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability |
| CVE-2023-40673 | 2024-06-04 | WordPress Cartpauj Register Captcha plugin <= 1.0.02 - Captcha Bypass vulnerability |
| CVE-2023-41134 | 2024-06-04 | WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability |
| CVE-2024-36104 | 2024-06-04 | Apache OFBiz: Path traversal leading to a RCE |
| CVE-2024-4253 | 2024-06-04 | Command Injection in gradio-app/gradio |
| CVE-2023-44235 | 2024-06-04 | WordPress WP Captcha plugin <= 2.0.0 - Captcha Bypass vulnerability |
| CVE-2024-5420 | 2024-06-04 | Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro |