VULNMAP - Security Vulnerabilities

CVE List - 2024 / June

Showing 2401 - 2500 of 3082 CVEs for June 2024 (Page 25 of 31)

CVE ID Date Title
CVE-2024-4384 2024-06-21 CSSable Countdown <= 1.5 - Admin+ Stored XSS
CVE-2024-4474 2024-06-21 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
CVE-2024-4475 2024-06-21 WP Logs Book <= 1.0.1 - Log Clearing via CSRF
CVE-2024-4477 2024-06-21 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
CVE-2024-4616 2024-06-21 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
CVE-2024-4755 2024-06-21 Google CSE <= 1.0.7 - Admin+ Stored XSS
CVE-2024-4969 2024-06-21 Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
CVE-2024-4970 2024-06-21 Widget Bundle <= 2.0.0 - Admin+ Stored XSS
CVE-2024-5447 2024-06-21 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS
CVE-2024-5448 2024-06-21 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS
CVE-2024-5639 2024-06-21 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
CVE-2024-5191 2024-06-21 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-2003 2024-06-21 Local Privilege Escalation in Quarantine of ESET products for Windows
CVE-2024-6225 2024-06-21 Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-5945 2024-06-21 WP SVG Images <= 4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
CVE-2024-5859 2024-06-21 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting
CVE-2024-31890 2024-06-21 IBM i privilege escalation
CVE-2024-6027 2024-06-21 Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter
CVE-2023-52884 2024-06-21 Input: cyapa - add missing input core locking to suspend/resume functions
CVE-2024-31076 2024-06-21 genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
CVE-2024-33619 2024-06-21 efi: libstub: only free priv.runtime_map when allocated
CVE-2024-33621 2024-06-21 ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
CVE-2024-36244 2024-06-21 net/sched: taprio: extend minimum interval restriction to entire cycle too
CVE-2024-36270 2024-06-21 netfilter: tproxy: bail out if IP has been disabled on the device
CVE-2024-36281 2024-06-21 net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
CVE-2024-36286 2024-06-21 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
CVE-2024-36478 2024-06-21 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
CVE-2024-36484 2024-06-21 net: relax socket state check at accept time.
CVE-2024-36489 2024-06-21 tls: fix missing memory barrier in tls_init
CVE-2024-37356 2024-06-21 tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
CVE-2024-38381 2024-06-21 nfc: nci: Fix uninit-value in nci_rx_work
CVE-2024-38388 2024-06-21 ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
CVE-2024-38390 2024-06-21 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
CVE-2024-38621 2024-06-21 media: stk1160: fix bounds checking in stk1160_copy_video()
CVE-2024-38622 2024-06-21 drm/msm/dpu: Add callback function pointer check before its call
CVE-2024-38623 2024-06-21 fs/ntfs3: Use variable length array instead of fixed size
CVE-2024-38624 2024-06-21 fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
CVE-2024-38625 2024-06-21 fs/ntfs3: Check 'folio' pointer for NULL
CVE-2024-38626 2024-06-21 fuse: clear FR_SENT when re-adding requests into pending list
CVE-2024-38627 2024-06-21 stm class: Fix a double free in stm_register_device()
CVE-2024-38628 2024-06-21 usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
CVE-2024-38629 2024-06-21 dmaengine: idxd: Avoid unnecessary destruction of file_ida
CVE-2024-38630 2024-06-21 watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
CVE-2024-38631 2024-06-21 iio: adc: PAC1934: fix accessing out of bounds array index
CVE-2024-38632 2024-06-21 vfio/pci: fix potential memory leak in vfio_intx_enable()
CVE-2024-38633 2024-06-21 serial: max3100: Update uart_driver_registered on driver removal
CVE-2024-38634 2024-06-21 serial: max3100: Lock port->lock when calling uart_handle_cts_change()
CVE-2024-38635 2024-06-21 soundwire: cadence: fix invalid PDI offset
CVE-2024-38636 2024-06-21 f2fs: multidev: fix to recognize valid zero block address
CVE-2024-38637 2024-06-21 greybus: lights: check return of get_channel_from_mode
CVE-2024-3036 2024-06-21 Communication DoS vulnerability
CVE-2024-38659 2024-06-21 enic: Validate length of nl attributes in enic_set_vf_port
CVE-2024-38662 2024-06-21 bpf: Allow delete from sockmap/sockhash only if update is allowed
CVE-2024-38780 2024-06-21 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
CVE-2024-39277 2024-06-21 dma-mapping: benchmark: handle NUMA_NO_NODE correctly
CVE-2024-34777 2024-06-21 dma-mapping: benchmark: fix node id validation
CVE-2024-36288 2024-06-21 SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
CVE-2024-36477 2024-06-21 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
CVE-2024-36481 2024-06-21 tracing/probes: fix error check in parse_btf_field()
CVE-2024-5058 2024-06-21 WordPress Typing Text plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35779 2024-06-21 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability
CVE-2024-35774 2024-06-21 WordPress DImage 360 plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35769 2024-06-21 WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35768 2024-06-21 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35766 2024-06-21 WordPress WPPizza – A Restaurant Plugin plugin <= 3.18.13 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-35764 2024-06-21 WordPress Church Admin plugin <= 4.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35763 2024-06-21 WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35762 2024-06-21 WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35761 2024-06-21 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35760 2024-06-21 WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35759 2024-06-21 WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35758 2024-06-21 WordPress Interface theme <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-35757 2024-06-21 WordPress Easy Age Verify plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-5059 2024-06-21 WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
CVE-2024-35776 2024-06-21 WordPress phpinfo() WP plugin <= 5.0 - Unauthenticated Data Exposure vulnerability
CVE-2024-35772 2024-06-21 WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-35771 2024-06-21 WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-35770 2024-06-21 WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-6239 2024-06-21 Poppler: pdfinfo: crash in broken documents when using -dests parameter
CVE-2022-43453 2024-06-21 WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability
CVE-2024-6240 2024-06-21 Improper privilege management vulnerability in Parallels Desktop
CVE-2022-45803 2024-06-21 WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability
CVE-2023-51375 2024-06-21 WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability
CVE-2024-37230 2024-06-21 WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37227 2024-06-21 WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37212 2024-06-21 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability
CVE-2024-37198 2024-06-21 WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37118 2024-06-21 WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability
CVE-2023-45197 2024-06-21 Adminer and AdminerEvo vulnerable to directory traversal and file upload
CVE-2022-38055 2024-06-21 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability
CVE-2022-44587 2024-06-21 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
CVE-2022-44593 2024-06-21 WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability
CVE-2023-38389 2024-06-21 WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
CVE-2024-35767 2024-06-21 WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability
CVE-2024-35778 2024-06-21 WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability
CVE-2024-35781 2024-06-21 WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability
CVE-2024-6241 2024-06-21 Pear Admin Boot getDictItems sql injection
CVE-2023-45673 2024-06-21 Arbitrary code execution on click of PDF links in Joplin
CVE-2023-39517 2024-06-21 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin
CVE-2023-38506 2024-06-21 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin