VULNMAP - Security Vulnerabilities

CVE List - 2024 / June

Showing 801 - 900 of 3082 CVEs for June 2024 (Page 9 of 31)

CVE ID Date Title
CVE-2024-32725 2024-06-09 WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability
CVE-2024-32715 2024-06-09 WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability
CVE-2024-32714 2024-06-09 WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability
CVE-2024-32713 2024-06-09 WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability
CVE-2024-32705 2024-06-09 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
CVE-2024-32704 2024-06-09 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
CVE-2024-31423 2024-06-09 WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability
CVE-2024-32703 2024-06-09 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability
CVE-2024-32701 2024-06-09 WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability
CVE-2024-31359 2024-06-09 WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability
CVE-2024-31352 2024-06-09 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability
CVE-2024-31350 2024-06-09 WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability
CVE-2024-31347 2024-06-09 WordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerability
CVE-2024-31307 2024-06-09 WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability
CVE-2024-31304 2024-06-09 WordPress MultiVendorX Marketplace <= 4.1.3 - Broken Access Control vulnerability
CVE-2024-31284 2024-06-09 WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability
CVE-2024-31283 2024-06-09 WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability
CVE-2024-31276 2024-06-09 WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability
CVE-2024-31275 2024-06-09 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
CVE-2024-5458 2024-06-09 Filter bypass in filter_var (FILTER_VALIDATE_URL)
CVE-2024-35662 2024-06-09 WordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerability
CVE-2024-35661 2024-06-09 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability
CVE-2024-34802 2024-06-09 WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability
CVE-2024-5585 2024-06-09 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
CVE-2024-32081 2024-06-09 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability
CVE-2024-35748 2024-06-09 WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability
CVE-2024-4577 2024-06-09 Argument Injection in PHP-CGI
CVE-2024-2408 2024-06-09 PHP is vulnerable to the Marvin Attack
CVE-2024-5389 2024-06-09 Insufficient Access Control in lunary-ai/lunary
CVE-2022-45176 2024-06-10 An issue was discovered in LIVEBOX Collaboration vDesk through v018....
CVE-2024-26507 2024-06-10 An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business,...
CVE-2024-31612 2024-06-10 Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF)...
CVE-2024-31613 2024-06-10 BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF)...
CVE-2024-33850 2024-06-10 Pexip Infinity before 34.1 has Improper Access Control for persons...
CVE-2024-34332 2024-06-10 An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before...
CVE-2024-35474 2024-06-10 A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8...
CVE-2024-36528 2024-06-10 nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have...
CVE-2024-36531 2024-06-10 nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are...
CVE-2024-37014 2024-06-10 Langflow through 0.6.19 allows remote code execution if untrusted users...
CVE-2024-37393 2024-06-10 Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514...
CVE-2024-37880 2024-06-10 The Kyber reference implementation before 9b8d306, when compiled by LLVM...
CVE-2022-45168 2024-06-10 An issue was discovered in LIVEBOX Collaboration vDesk through v018....
CVE-2024-31611 2024-06-10 SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
CVE-2024-32167 2024-06-10 Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary...
CVE-2024-4328 2024-06-10 CSRF in clear_personality_files_list in parisneo/lollms-webui
CVE-2024-35742 2024-06-10 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability
CVE-2024-35741 2024-06-10 WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability
CVE-2024-35735 2024-06-10 WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability
CVE-2024-35729 2024-06-10 WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability
CVE-2024-35727 2024-06-10 WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerability
CVE-2024-35726 2024-06-10 WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability
CVE-2024-35725 2024-06-10 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability
CVE-2024-35724 2024-06-10 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability
CVE-2024-35723 2024-06-10 WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability
CVE-2024-35722 2024-06-10 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability
CVE-2024-35721 2024-06-10 WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
CVE-2024-35720 2024-06-10 WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability
CVE-2024-35717 2024-06-10 WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability
CVE-2024-4746 2024-06-10 WordPress Netgsm plugin <= 2.9.16 - Broken Access Control vulnerability
CVE-2024-23524 2024-06-10 WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability
CVE-2024-21751 2024-06-10 WordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerability
CVE-2024-22298 2024-06-10 WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability
CVE-2024-22296 2024-06-10 WordPress 12 Step Meeting List plugin <= 3.14.28 - Broken Access Control vulnerability
CVE-2024-4745 2024-06-10 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability
CVE-2024-4744 2024-06-10 WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability
CVE-2024-36971 2024-06-10 net: fix __dst_negative_advice() race
CVE-2024-1228 2024-06-10 Hardcoded password in Eurosoft Przychodnia
CVE-2024-3699 2024-06-10 Hardcoded password in drEryk Gabinet
CVE-2024-3700 2024-06-10 Hardcoded password in Estomed Sp. z o.o. Simple Care software
CVE-2024-28833 2024-06-10 Missing brute-force protection for two factor authentication
CVE-2024-5785 2024-06-10 Command injection vulnerability in Comtrend router
CVE-2024-5786 2024-06-10 Cross-Site Request Forgery vulnerability in Comtrend router
CVE-2024-36405 2024-06-10 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
CVE-2024-35304 2024-06-10 System command injection through Netflow function
CVE-2024-35305 2024-06-10 Unauth Time-Based SQL Injection via API
CVE-2024-35306 2024-06-10 OS Command injection in Ajax PHP files through HTTP Request
CVE-2024-35307 2024-06-10 Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
CVE-2024-4403 2024-06-10 CSRF in restart_program in parisneo/lollms-webui
CVE-2024-36972 2024-06-10 af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
CVE-2024-36406 2024-06-10 SuiteCRM vulnerable to open redirects
CVE-2024-34761 2024-06-10 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability
CVE-2024-34762 2024-06-10 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability
CVE-2024-34800 2024-06-10 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability
CVE-2024-35650 2024-06-10 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability
CVE-2024-35658 2024-06-10 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
CVE-2024-35677 2024-06-10 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability
CVE-2024-35680 2024-06-10 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability
CVE-2024-35712 2024-06-10 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability
CVE-2024-37051 2024-06-10 GitHub access token could be exposed to third-party sites in...
CVE-2024-5102 2024-06-10 Elevation of Privelage via symlinked file in Avast Antivirus
CVE-2024-35728 2024-06-10 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability
CVE-2024-35743 2024-06-10 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability
CVE-2024-35744 2024-06-10 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
CVE-2024-35745 2024-06-10 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability
CVE-2024-35746 2024-06-10 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability
CVE-2024-35747 2024-06-10 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability
CVE-2024-36407 2024-06-10 SuiteCRM unauthenticated user password reset on php7
CVE-2024-35749 2024-06-10 WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability
CVE-2024-35754 2024-06-10 WordPress Ovic Importer plugin <= 1.6.3 - Arbitrary File Download vulnerability
CVE-2024-36408 2024-06-10 SuiteCRM authenticated SQL Injection in Alerts