CVE List - 2024 / June
Showing 2501 - 2600 of 3082 CVEs for June 2024 (Page 26 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-27352 | 2024-06-21 | When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers... |
| CVE-2024-6120 | 2024-06-21 | Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import |
| CVE-2024-5346 | 2024-06-22 | Flatsome | Multi-Purpose Responsive WooCommerce Theme <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-2484 | 2024-06-22 | Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets |
| CVE-2024-5791 | 2024-06-22 | Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-4313 | 2024-06-22 | Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter |
| CVE-2024-5966 | 2024-06-22 | Grey Opaque <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode |
| CVE-2024-5965 | 2024-06-22 | Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-4874 | 2024-06-22 | Bricks Builder <= 1.9.8 - Insecure Direct Object Reference |
| CVE-2024-21515 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's... |
| CVE-2024-21517 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and... |
| CVE-2024-21518 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within... |
| CVE-2024-21514 | 2024-06-22 | This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9.... |
| CVE-2024-21519 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker... |
| CVE-2024-21516 | 2024-06-22 | This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain... |
| CVE-2024-4940 | 2024-06-22 | Open Redirect in gradio-app/gradio |
| CVE-2024-5596 | 2024-06-22 | ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions |
| CVE-2024-3593 | 2024-06-22 | UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset |
| CVE-2024-38379 | 2024-06-22 | Apache Allura: Stored authenticated XSS |
| CVE-2024-6251 | 2024-06-22 | playSMS New Phonebook cross site scripting |
| CVE-2024-6252 | 2024-06-22 | Zorlan SkyCaiji Task cross site scripting |
| CVE-2024-6253 | 2024-06-22 | itsourcecode Online Food Ordering System purchase.php sql injection |
| CVE-2024-5443 | 2024-06-22 | Remote Code Execution via Path Traversal in parisneo/lollms |
| CVE-2024-38319 | 2024-06-22 | IBM Security SOAR code execution |
| CVE-2024-39331 | 2024-06-23 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. |
| CVE-2024-39334 | 2024-06-23 | MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files... |
| CVE-2024-39337 | 2024-06-23 | Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. |
| CVE-2024-6266 | 2024-06-23 | Pear Admin Boot loadDictItem sql injection |
| CVE-2024-6267 | 2024-06-23 | SourceCodester Service Provider Management System System Info Page index.php cross site scripting |
| CVE-2024-6268 | 2024-06-23 | lahirudanushka School Management System Login Page login.php sql injection |
| CVE-2024-6269 | 2024-06-23 | Ruijie RG-UAC HTTP POST Request sxh_vpnlic.php get_ip.addr_details command injection |
| CVE-2024-4841 | 2024-06-23 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-6273 | 2024-06-23 | SourceCodester Clinic Queuing System patient_side.php save_patient cross site scripting |
| CVE-2021-45785 | 2024-06-24 | TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must... |
| CVE-2023-50029 | 2024-06-24 | PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method. |
| CVE-2024-33278 | 2024-06-24 | Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie... |
| CVE-2024-33879 | 2024-06-24 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the... |
| CVE-2024-33881 | 2024-06-24 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the... |
| CVE-2024-34313 | 2024-06-24 | An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint. |
| CVE-2024-34988 | 2024-06-24 | SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information... |
| CVE-2024-34991 | 2024-06-24 | In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without... |
| CVE-2024-34992 | 2024-06-24 | SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and... |
| CVE-2024-36681 | 2024-06-24 | SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods. |
| CVE-2024-36682 | 2024-06-24 | In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of... |
| CVE-2024-36683 | 2024-06-24 | SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method. |
| CVE-2024-37677 | 2024-06-24 | An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. |
| CVE-2024-37678 | 2024-06-24 | Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. |
| CVE-2024-37679 | 2024-06-24 | Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp... |
| CVE-2024-37681 | 2024-06-24 | An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html component. |
| CVE-2024-37732 | 2024-06-24 | Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. |
| CVE-2024-37759 | 2024-06-24 | DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface. |
| CVE-2024-37825 | 2024-06-24 | An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2.0.27184 Hotfix May 2024) allows unauthenticated attackers on the same network to perform a directory traversal. |
| CVE-2024-38892 | 2024-06-24 | An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. |
| CVE-2024-38894 | 2024-06-24 | WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. |
| CVE-2024-38895 | 2024-06-24 | WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. |
| CVE-2024-38896 | 2024-06-24 | WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. |
| CVE-2024-38897 | 2024-06-24 | WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. |
| CVE-2024-38903 | 2024-06-24 | H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. |
| CVE-2024-33880 | 2024-06-24 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. |
| CVE-2024-33898 | 2024-06-24 | Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. |
| CVE-2024-34312 | 2024-06-24 | Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. |
| CVE-2024-37680 | 2024-06-24 | Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login,... |
| CVE-2024-38902 | 2024-06-24 | H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-3121 | 2024-06-24 | Remote Code Execution in create_conda_env function in parisneo/lollms |
| CVE-2024-6274 | 2024-06-24 | lahirudanushka School Management System Attendance Report Page attendancelist.php sql injection |
| CVE-2024-6275 | 2024-06-24 | lahirudanushka School Management System Parent Page parent.php sql injection |
| CVE-2024-6276 | 2024-06-24 | lahirudanushka School Management System Teacher Page teacher.php sql injection |
| CVE-2024-6277 | 2024-06-24 | lahirudanushka School Management System Student Page student.php sql injection |
| CVE-2024-6278 | 2024-06-24 | lahirudanushka School Management System Subject Page subject.php sql injection |
| CVE-2024-6279 | 2024-06-24 | lahirudanushka School Management System Exam Results Page examresults-par.php sql injection |
| CVE-2024-6280 | 2024-06-24 | SourceCodester Simple Online Bidding System unrestricted upload |
| CVE-2024-4499 | 2024-06-24 | CSRF Vulnerability in parisneo/lollms XTTS Server |
| CVE-2024-4899 | 2024-06-24 | SEOPress < 7.8 - Contributor+ Stored XSS |
| CVE-2024-4900 | 2024-06-24 | SEOPress < 7.8 - Contributor+ Open Redirect |
| CVE-2024-24550 | 2024-06-24 | Bludit - Remote Code Execution (RCE) through File API |
| CVE-2024-24551 | 2024-06-24 | Bludit - Remote Code Execution (RCE) through Image API |
| CVE-2024-24552 | 2024-06-24 | Bludit is Vulnerable to Session Fixation |
| CVE-2024-24553 | 2024-06-24 | Bludit uses SHA1 as Password Hashing Algorithm |
| CVE-2024-24554 | 2024-06-24 | Bludit - Insecure Token Generation |
| CVE-2024-27136 | 2024-06-24 | Apache JSPWiki: Cross-site scripting vulnerability on upload page |
| CVE-2024-36495 | 2024-06-24 | Read/Write Permissions for Everyone on Configuration File |
| CVE-2024-5683 | 2024-06-24 | Remote Code Execution in Next4Biz's BPM |
| CVE-2024-4754 | 2024-06-24 | Stored XSS in Next4Biz's BPM |
| CVE-2024-36496 | 2024-06-24 | Hardcoded Credentials |
| CVE-2024-36497 | 2024-06-24 | Unhashed Storage of Password |
| CVE-2024-6160 | 2024-06-24 | SQL Injection in MegaBIP |
| CVE-2024-29868 | 2024-06-24 | Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation |
| CVE-2024-36038 | 2024-06-24 | Stored XSS |
| CVE-2024-37089 | 2024-06-24 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-37091 | 2024-06-24 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-37092 | 2024-06-24 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2024-37107 | 2024-06-24 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Privilege Escalation vulnerability |
| CVE-2024-37109 | 2024-06-24 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability |
| CVE-2024-5862 | 2024-06-24 | User Enumeration in Mia Technology's Mia-Med Health Aplication |
| CVE-2024-37111 | 2024-06-24 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability |
| CVE-2024-37228 | 2024-06-24 | WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability |
| CVE-2024-37231 | 2024-06-24 | WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability |
| CVE-2024-3264 | 2024-06-24 | Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication |
| CVE-2024-37233 | 2024-06-24 | WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability |
| CVE-2024-4839 | 2024-06-24 | CSRF in Servers Configurations in parisneo/lollms-webui |