CVE List - 2024 / June

Showing 3001 - 3082 of 3082 CVEs for June 2024 (Page 31 of 31)

Back to List Previous

CVE ID	Date	Title
CVE-2024-5424	2024-06-28	Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters
CVE-2024-5925	2024-06-28	Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5662	2024-06-28	Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget
CVE-2024-5922	2024-06-28	Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5735	2024-06-28	Full Path Disclosure in AdmirorFrames Joomla! Extension
CVE-2024-5736	2024-06-28	SSRF in AdmirorFrames Joomla! Extension
CVE-2024-5737	2024-06-28	HTML Injection in AdmirorFrames Joomla! Extension
CVE-2024-3800	2024-06-28	XSS in S@M CMS
CVE-2024-3801	2024-06-28	XSS in S@M CMS
CVE-2024-3816	2024-06-28	SQLi in S@M CMS
CVE-2024-38531	2024-06-28	Nix sandbox escape
CVE-2024-29038	2024-06-28	tpm2 does not detect if quote was not generated by TPM
CVE-2024-35137	2024-06-28	IBM Security Access Manager Docker information disclosure
CVE-2024-38521	2024-06-28	Persistent Cross-Site Scripting (XSS) in hushline inbox
CVE-2024-35139	2024-06-28	IBM Security Access Manager Docker information disclosure
CVE-2024-29039	2024-06-28	Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
CVE-2024-6402	2024-06-28	Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow
CVE-2024-6403	2024-06-28	Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow
CVE-2024-38522	2024-06-28	CSP bypass in Hush Line
CVE-2024-37905	2024-06-28	Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik
CVE-2024-31919	2024-06-28	IBM MQ denial of service
CVE-2024-31912	2024-06-28	IBM MQ privilege escalation
CVE-2024-35155	2024-06-28	IBM MQ information disclosure
CVE-2024-38371	2024-06-28	Insufficient access control for OAuth2 Device Code flow in authentik
CVE-2024-38374	2024-06-28	Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
CVE-2024-38514	2024-06-28	NextChat Server-Side Request Forgery (SSRF)
CVE-2024-35156	2024-06-28	IBM MQ information disclosure
CVE-2024-35116	2024-06-28	IBM MQ denial of service
CVE-2024-25031	2024-06-28	IBM Storage Defender information disclosure
CVE-2024-38322	2024-06-28	IBM Storage Defender information disclosure
CVE-2024-25053	2024-06-28	IBM Cognos Analytics improper certificate validation
CVE-2024-25041	2024-06-28	IBM Cognos Analytics cross-site scripting
CVE-2022-27540	2024-06-28	A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been...
CVE-2022-38383	2024-06-28	IBM Cloud Pak for Security information disclosure
CVE-2024-5712	2024-06-28	CSRF Vulnerability in stitionai/devika
CVE-2024-5827	2024-06-28	Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna
CVE-2024-38528	2024-06-28	Unlimited number of NTS-KE connections can crash ntpd-rs server
CVE-2024-3995	2024-06-28	Command Injection in Helix ALM
CVE-2024-38518	2024-06-28	bbb-web API additional parameters considered
CVE-2024-39307	2024-06-28	Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita
CVE-2024-39302	2024-06-28	Some bbb-record-core files installed with wrong file permission
CVE-2024-29040	2024-06-28	Fapi Verify Quote: Does not detect if quote was not generated by TPM
CVE-2024-38525	2024-06-28	dd-trace-cpp malformed unicode header values may cause crash
CVE-2024-38533	2024-06-28	ZKsync Era invalid stack addressing conversion
CVE-2024-38532	2024-06-28	TEST_KEY used in example dcp_tool reference implementation
CVE-2024-39840	2024-06-29	Factorio before 1.1.101 allows a crafted server to execute arbitrary...
CVE-2024-39846	2024-06-29	NewPass before 1.2.0 stores passwords (rather than password hashes) directly,...
CVE-2024-39848	2024-06-29	Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication...
CVE-2024-6405	2024-06-29	Floating Social Buttons <= 1.5 - Cross-Site Request Forgery
CVE-2024-5942	2024-06-29	Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure
CVE-2024-5192	2024-06-29	Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-6265	2024-06-29	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'
CVE-2024-5889	2024-06-29	Events Manager <= 6.4.8 - Reflected Cross-Site Scripting
CVE-2024-5598	2024-06-29	Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
CVE-2024-6363	2024-06-29	Stock Ticker <= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode
CVE-2024-5666	2024-06-29	Extensions for Elementor <= 2.0.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2024-5790	2024-06-29	Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget
CVE-2024-5819	2024-06-29	Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes
CVE-2023-4017	2024-06-29	Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
CVE-2024-25943	2024-06-29	iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00...
CVE-2024-2386	2024-06-29	WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection
CVE-2024-5926	2024-06-30	Path Traversal in stitionai/devika
CVE-2024-6414	2024-06-30	Parsec Automation TrakSYS Export Page contentpage direct request
CVE-2024-6415	2024-06-30	Ingenico Estate Manager New Widget cross site scripting
CVE-2024-5062	2024-06-30	Reflected XSS through survey redirect parameter in zenml-io/zenml
CVE-2024-28795	2024-06-30	IBM InfoSphere Information Server cross-site scripting
CVE-2023-35022	2024-06-30	IBM InfoSphere Information Server improper authentication
CVE-2024-28798	2024-06-30	IBM InfoSphere Information Server cross-site scripting
CVE-2024-35119	2024-06-30	IBM InfoSphere Information Server information disclosure
CVE-2024-31902	2024-06-30	IBM InfoSphere Information Server cross-site request forgery
CVE-2023-50954	2024-06-30	IBM InfoSphere Information Server information disclosure
CVE-2024-31898	2024-06-30	IBM InfoSphere Information Server data modification
CVE-2024-28797	2024-06-30	IBM InfoSphere Information Server cross-site scripting
CVE-2023-50952	2024-06-30	IBM InfoSphere Information Server server-side request forgery
CVE-2023-50953	2024-06-30	IBM InfoSphere Information Server information disclosure
CVE-2024-28794	2024-06-30	IBM InfoSphere Information Server cross-site scripting
CVE-2023-50964	2024-06-30	IBM InfoSphere Information Server cross-site scripting
CVE-2024-34703	2024-06-30	Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters
CVE-2024-6416	2024-06-30	SeaCMS sql injection
CVE-2024-6417	2024-06-30	SourceCodester Simple Online Bidding System sql injection
CVE-2024-6418	2024-06-30	SourceCodester Medicine Tracker System sql injection
CVE-2024-6419	2024-06-30	SourceCodester Medicine Tracker System sql injection