CVE List - 2024 / June
Showing 501 - 600 of 3082 CVEs for June 2024 (Page 6 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-2383 | 2024-06-06 | Clickjacking Vulnerability in zenml-io/zenml |
| CVE-2024-5550 | 2024-06-06 | Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3 |
| CVE-2024-5306 | 2024-06-06 | Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-1881 | 2024-06-06 | Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt |
| CVE-2024-22326 | 2024-06-06 | IBM System Storage improper authentication |
| CVE-2024-5307 | 2024-06-06 | Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-3102 | 2024-06-06 | JSON Injection in mintplex-labs/anything-llm |
| CVE-2024-2213 | 2024-06-06 | Improper Authentication in zenml-io/zenml |
| CVE-2024-0520 | 2024-06-06 | Remote Code Execution due to Full Controlled File Write in mlflow/mlflow |
| CVE-2024-5225 | 2024-06-06 | SQL Injection in berriai/litellm |
| CVE-2024-5186 | 2024-06-06 | Server Side Request Forgery (SSRF) in imartinez/privategpt |
| CVE-2024-5478 | 2024-06-06 | Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary |
| CVE-2024-3234 | 2024-06-06 | Path Traversal in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-30373 | 2024-06-06 | Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-5133 | 2024-06-06 | Account Takeover via Exposed Recovery Token in lunary-ai/lunary |
| CVE-2024-2171 | 2024-06-06 | Stored XSS in zenml-io/zenml |
| CVE-2024-4320 | 2024-06-06 | Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui |
| CVE-2024-3166 | 2024-06-06 | Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm |
| CVE-2024-4890 | 2024-06-06 | Blind SQL Injection in berriai/litellm |
| CVE-2024-3402 | 2024-06-06 | Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-2288 | 2024-06-06 | CSRF File Upload Vulnerability in parisneo/lollms-webui |
| CVE-2024-2035 | 2024-06-06 | Improper Authorization in zenml-io/zenml |
| CVE-2024-5206 | 2024-06-06 | Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn |
| CVE-2024-5129 | 2024-06-06 | Privilege Escalation Vulnerability in lunary-ai/lunary |
| CVE-2024-3095 | 2024-06-06 | SSRF in Langchain Web Research Retriever in langchain-ai/langchain |
| CVE-2024-2928 | 2024-06-06 | Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow |
| CVE-2024-4888 | 2024-06-06 | Arbitrary File Deletion in BerriAI/litellm |
| CVE-2024-5131 | 2024-06-06 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-1880 | 2024-06-06 | OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt |
| CVE-2024-4851 | 2024-06-06 | SSRF Vulnerability in stangirard/quivr |
| CVE-2024-1873 | 2024-06-06 | Path Traversal and Denial of Service in parisneo/lollms-webui |
| CVE-2024-36740 | 2024-06-06 | An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size. |
| CVE-2024-3322 | 2024-06-06 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-3153 | 2024-06-06 | Uncontrolled Resource Consumption in mintplex-labs/anything-llm |
| CVE-2024-36735 | 2024-06-06 | OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating. |
| CVE-2024-5130 | 2024-06-06 | Incorrect Authorization in lunary-ai/lunary |
| CVE-2024-3149 | 2024-06-06 | SSRF in mintplex-labs/anything-llm |
| CVE-2024-36734 | 2024-06-06 | Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter. |
| CVE-2024-5278 | 2024-06-06 | Unrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-3429 | 2024-06-06 | Path Traversal in parisneo/lollms |
| CVE-2024-3404 | 2024-06-06 | Improper Access Control in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-5187 | 2024-06-06 | Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx |
| CVE-2023-45192 | 2024-06-06 | IBM Engineering Requirements Management DOORS Next XML external entity injection |
| CVE-2024-2032 | 2024-06-06 | Race Condition Vulnerability in zenml-io/zenml |
| CVE-2024-5248 | 2024-06-06 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-37153 | 2024-06-06 | Evmos's contract balance not updating correctly after interchain transaction |
| CVE-2024-36732 | 2024-06-06 | An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot. |
| CVE-2024-2965 | 2024-06-06 | Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain |
| CVE-2024-3150 | 2024-06-06 | Privilege Escalation in mintplex-labs/anything-llm |
| CVE-2024-5328 | 2024-06-06 | SSRF Vulnerability in lunary-ai/lunary |
| CVE-2024-5124 | 2024-06-06 | Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-3408 | 2024-06-06 | Authentication Bypass and RCE in man-group/dtale |
| CVE-2024-2360 | 2024-06-06 | Path Traversal leading to Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-2359 | 2024-06-06 | Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui |
| CVE-2024-37154 | 2024-06-06 | Evmos allows unvested token delegations |
| CVE-2024-36730 | 2024-06-06 | Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter. |
| CVE-2024-22074 | 2024-06-06 | Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014,... |
| CVE-2024-36795 | 2024-06-06 | Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. |
| CVE-2024-32752 | 2024-06-06 | Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool |
| CVE-2024-36823 | 2024-06-06 | The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. |
| CVE-2023-49441 | 2024-06-06 | dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. |
| CVE-2024-24192 | 2024-06-06 | robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c. |
| CVE-2024-24194 | 2024-06-06 | robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c. |
| CVE-2024-24195 | 2024-06-06 | robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c. |
| CVE-2024-24198 | 2024-06-06 | smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c. |
| CVE-2024-24199 | 2024-06-06 | smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c. |
| CVE-2024-22524 | 2024-06-06 | dnspod-sr 0dfbd37 is vulnerable to buffer overflow. |
| CVE-2024-22525 | 2024-06-06 | dnspod-sr 0dfbd37 contains a SEGV. |
| CVE-2023-51847 | 2024-06-06 | An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component. |
| CVE-2024-4013 | 2024-06-06 | Failure to update BT Mesh Replay Protection List |
| CVE-2024-36774 | 2024-06-06 | An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-36775 | 2024-06-06 | A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the... |
| CVE-2023-37539 | 2024-06-06 | HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2023-49221 | 2024-06-07 | Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded... |
| CVE-2023-49222 | 2024-06-07 | Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. |
| CVE-2023-49223 | 2024-06-07 | Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to... |
| CVE-2023-49224 | 2024-06-07 | Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. |
| CVE-2024-30162 | 2024-06-07 | Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without properly verifying their... |
| CVE-2024-31958 | 2024-06-07 | An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds... |
| CVE-2024-31959 | 2024-06-07 | An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution. |
| CVE-2024-37384 | 2024-06-07 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences. |
| CVE-2024-37388 | 2024-06-07 | An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML... |
| CVE-2024-30163 | 2024-06-07 | Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute... |
| CVE-2024-32502 | 2024-06-07 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor... |
| CVE-2024-36827 | 2024-06-07 | An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML... |
| CVE-2024-37383 | 2024-06-07 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. |
| CVE-2022-4968 | 2024-06-07 | netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. |
| CVE-2024-1689 | 2024-06-07 | WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation |
| CVE-2023-6876 | 2024-06-07 | Clever Fox – One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme |
| CVE-2023-32475 | 2024-06-07 | Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system. |
| CVE-2024-1768 | 2024-06-07 | Clever Fox <= 25.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3987 | 2024-06-07 | WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt |
| CVE-2024-5607 | 2024-06-07 | GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting |
| CVE-2024-4887 | 2024-06-07 | Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-5425 | 2024-06-07 | WP jQuery Lightbox <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute |
| CVE-2024-1988 | 2024-06-07 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-37385 | 2024-06-07 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. |
| CVE-2024-36082 | 2024-06-07 | SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in... |
| CVE-2024-5612 | 2024-06-07 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget |
| CVE-2024-5640 | 2024-06-07 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget |