CVE-2024-1xxx

There are 955 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-1000 Totolink N200RE cstecgi.cgi setTracerouteCfg stack-based overflow
E
CVE-2024-1001 Totolink N200RE cstecgi.cgi main stack-based overflow
E
CVE-2024-1002 Totolink N200RE cstecgi.cgi setIpPortFilterRules stack-based overflow
E
CVE-2024-1003 Totolink N200RE cstecgi.cgi setLanguageCfg stack-based overflow
E
CVE-2024-1004 Totolink N200RE cstecgi.cgi loginAuth stack-based overflow
E
CVE-2024-1005 Shanxi Diankeyun Technology NODERP log file access
E
CVE-2024-1006 Shanxi Diankeyun Technology NODERP Cookie common.php improper authentication
E
CVE-2024-1007 SourceCodester Employee Management System edit_profile.php sql injection
E
CVE-2024-1008 SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload
E
CVE-2024-1009 SourceCodester Employee Management System login.php sql injection
E
CVE-2024-1010 SourceCodester Employee Management System edit-profile.php cross site scripting
E M
CVE-2024-1011 SourceCodester Employee Management System Leave delete-leave.php access control
E
CVE-2024-1012 Wanhu ezOFFICE wf_printnum.jsp sql injection
E
CVE-2024-1013 Unixodbc: out of bounds stack write due to pointer-to-integer types conversion
CVE-2024-1014 Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3
E
CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3
CVE-2024-1016 Solar FTP Server PASV Command denial of service
E
CVE-2024-1017 Gabriels FTP Server denial of service
E
CVE-2024-1018 PbootCMS cross site scripting
E
CVE-2024-1019 WAF bypass of the ModSecurity v3 release line
S
CVE-2024-1020 Rebuild proxy-download getStorageFile cross site scripting
E
CVE-2024-1021 Rebuild HTTP Request readRawText server-side request forgery
E
CVE-2024-1022 CodeAstro Simple Student Result Management System Add Class Page add_classes.php cross site scripting
E
CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
M
CVE-2024-1024 SourceCodester Facebook News Feed Like New Account cross site scripting
CVE-2024-1026 Cogites eReserv config.php cross site scripting
CVE-2024-1027 SourceCodester Facebook News Feed Like Post unrestricted upload
CVE-2024-1028 SourceCodester Facebook News Feed Like Post cross site scripting
CVE-2024-1029 Cogites eReserv tenancyDetail.php cross site scripting
CVE-2024-1030 Cogites eReserv tenancyDetail.php cross site scripting
CVE-2024-1031 CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting
E
CVE-2024-1032 openBI Test Connection Databasesource.php testConnection deserialization
E
CVE-2024-1033 openBI Datament.php agent information disclosure
E
CVE-2024-1034 openBI File.php uploadFile unrestricted upload
E
CVE-2024-1035 openBI Icon.php uploadIcon unrestricted upload
E
CVE-2024-1036 openBI Icon Screen.php uploadIcon unrestricted upload
E
CVE-2024-1037 The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflect...
S
CVE-2024-1038 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflecte...
S
CVE-2024-1039 Use of weak credentials in Gessler GmbH WEB-MASTER
S
CVE-2024-1040 Use of weak hash in Gessler GmbH WEB-MASTER
S
CVE-2024-1041 The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulne...
CVE-2024-1042 The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulne...
CVE-2024-1043 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of...
S
CVE-2024-1044 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification...
CVE-2024-1046 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1047 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data d...
S
CVE-2024-1048 Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
CVE-2024-1049 The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site...
S
CVE-2024-1050 The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modific...
CVE-2024-1051 The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl...
CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
CVE-2024-1053 The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data...
S
CVE-2024-1054 The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
S
CVE-2024-1055 The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is ...
S
CVE-2024-1056 Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post
CVE-2024-1057 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (fo...
CVE-2024-1058 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
S
CVE-2024-1059 Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker...
CVE-2024-1060 Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to poten...
CVE-2024-1061 The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL in...
E
CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
M
CVE-2024-1063 Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon...
CVE-2024-1064 Improper Neutralization of HTTP Headers for Scripting Syntax in Crafty Controller 4
E S
CVE-2024-1065 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2024-1066 Allocation of Resources Without Limits or Throttling in GitLab
S
CVE-2024-1067 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2024-1068 404 Solution < 2.35.8 - Admin+ SQL Injection
E
CVE-2024-1069 The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insuffi...
S
CVE-2024-1070 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
S
CVE-2024-1071 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem...
S
CVE-2024-1072 The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance...
S
CVE-2024-1073 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fi...
S
CVE-2024-1074 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-1075 The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode by...
S
CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access
E
CVE-2024-1077 Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to pote...
CVE-2024-1078 The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
S
CVE-2024-1079 The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing ca...
S
CVE-2024-1080 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-1081 The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scr...
S
CVE-2024-1082 Path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file read with a specially crafted GitHub Pages artifact upload
CVE-2024-1083 The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all vers...
S
CVE-2024-1084 Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Se...
CVE-2024-1085 Use-after-free in Linux kernel's netfilter: nf_tables component
S
CVE-2024-1086 Use-after-free in Linux kernel's netfilter: nf_tables component
KEV E S
CVE-2024-1087 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2024-1088 The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Informa...
CVE-2024-1089 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modifica...
CVE-2024-1090 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modifica...
CVE-2024-1091 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modifica...
CVE-2024-1092 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2024-1093 The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due ...
CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation
CVE-2024-1095 The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to...
CVE-2024-1096 Twister Antivirus v8.17 - Denial of Service
CVE-2024-1097 Stored XSS in craigk5n/webcalendar
E
CVE-2024-1098 Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
E
CVE-2024-1099 Rebuild read-raw getFileOfData cross site scripting
E
CVE-2024-1100 SQLi in Vadi Corporate Information Systems' DIGIKENT GIS
CVE-2024-1102 Jberet: jberet-core logging database credentials
M
CVE-2024-1103 CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting
E
CVE-2024-1104 Temporary denial of service during a brute force attack
CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
E
CVE-2024-1107 IDOR in Talya Informatics' Travel APPS
CVE-2024-1108 The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a m...
S
CVE-2024-1109 The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due ...
S
CVE-2024-1110 The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of dat...
S
CVE-2024-1111 SourceCodester QR Code Login System add-user.php cross site scripting
CVE-2024-1112 Buffer Overflow Vulnerability in Resource Hacker
S
CVE-2024-1113 openBI Unity.php uploadUnity unrestricted upload
E
CVE-2024-1114 openBI Screen.php dlfile access control
E
CVE-2024-1115 openBI Setting.php dlfile os command injection
E
CVE-2024-1116 openBI Upload.php index unrestricted upload
E
CVE-2024-1117 openBI Screen.php index code injection
E
CVE-2024-1118 The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the...
S
CVE-2024-1119 The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due ...
CVE-2024-1120 The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discoun...
S
CVE-2024-1121 The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to ...
S
CVE-2024-1122 The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is...
S
CVE-2024-1123 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho...
S
CVE-2024-1124 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho...
S
CVE-2024-1125 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho...
S
CVE-2024-1126 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho...
S
CVE-2024-1127 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho...
S
CVE-2024-1128 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Inje...
S
CVE-2024-1129 The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerab...
S
CVE-2024-1130 The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerab...
S
CVE-2024-1132 Keycloak: path transversal in redirection validation
M
CVE-2024-1133 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori...
CVE-2024-1134 SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn
CVE-2024-1136 The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of...
S
CVE-2024-1137 TIBCO ActiveSpaces Information Leak Vulnerability
S
CVE-2024-1138 TIBCO FTL Privilege Escalation
S
CVE-2024-1139 Cluster-monitoring-operator: credentials leak
CVE-2024-1140 Twister Antivirus v8.17 - Out-of-bounds Read
CVE-2024-1141 Glance-store: glance store access key logged in debug log level
M
CVE-2024-1142 Sonatype IQ Server - Path Traversal
CVE-2024-1143 Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allo...
CVE-2024-1144 Improper Access Control at Alma Devklan Blog
S
CVE-2024-1145 Observable Response Discrepancy at Alma Devklan Blog
S
CVE-2024-1146 Cross-site Scripting at Alma Devklan Blog
S
CVE-2024-1147 Weak Access Control - Arbitrary file download
S
CVE-2024-1148 Weak Access Control - Arbitrary file upload
S
CVE-2024-1149 Improper validation of update packages
CVE-2024-1150 Improper validation of update packages
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
S
CVE-2024-1153 Improper Access Control in Talya Informatics' Travel APPS
CVE-2024-1155 Incorrect permissions for shared NI SystemLink Elixir based services
E
CVE-2024-1156 Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated u...
E
CVE-2024-1157 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-1158 The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User...
S
CVE-2024-1159 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-1160 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-1161 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
S
CVE-2024-1162 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v...
S
CVE-2024-1163 Path traversal vulnerability in mapshaper
E S
CVE-2024-1164 Brizy – Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality
S
CVE-2024-1165 The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions u...
S
CVE-2024-1166 Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget
CVE-2024-1167 SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference
M
CVE-2024-1168 SEOPress – On-site SEO <= 7.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL
CVE-2024-1169 The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User...
CVE-2024-1170 The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User...
CVE-2024-1171 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-1172 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
CVE-2024-1173 The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plu...
S
CVE-2024-1174 Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vu...
CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment
CVE-2024-1176 The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthoriz...
CVE-2024-1177 The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorize...
S
CVE-2024-1178 The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized mo...
S
CVE-2024-1179 TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-1180 TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability
CVE-2024-1181 The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable...
CVE-2024-1182 Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electri...
CVE-2024-1183 SSRF Vulnerability in gradio-app/gradio
CVE-2024-1184 Nsasoft Network Sleuth Registration denial of service
E
CVE-2024-1185 Nsasoft NBMonitor Network Bandwidth Monitor Registration denial of service
E
CVE-2024-1186 Munsoft Easy Archive Recovery Registration Key denial of service
E
CVE-2024-1187 Munsoft Easy Outlook Express Recovery Registration Key denial of service
E
CVE-2024-1188 Rizone Soft Notepad3 Encryption Passphrase denial of service
E
CVE-2024-1189 AMPPS Encryption Passphrase denial of service
E
CVE-2024-1190 Global Scape CuteFTP denial of service
E
CVE-2024-1191 Hyper CdCatalog HCF File denial of service
E
CVE-2024-1192 South River WebDrive New Secure WebDAV denial of service
E
CVE-2024-1193 Navicat MySQL Conecction denial of service
E
CVE-2024-1194 Armcode AlienIP Locate Host denial of service
E
CVE-2024-1195 iTop VPN IOCTL ITopVpnCallbackProcess.sys denial of service
CVE-2024-1196 SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting
CVE-2024-1197 SourceCodester Testimonial Page Manager HTTP GET Request delete-testimonial.php sql injection
CVE-2024-1198 openBI Phar User.php addxinzhi deserialization
E
CVE-2024-1199 CodeAstro Employee Task Management System attendance-info.php denial of service
E
CVE-2024-1200 Jspxcms information disclosure
E
CVE-2024-1201 PanteraSoft HDD Health search path or unquoted item vulnerability
CVE-2024-1202 Authentication Bypass in XPodas' Octopod
CVE-2024-1203 The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce ...
CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
E
CVE-2024-1205 The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime ...
CVE-2024-1206 The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter ...
S
CVE-2024-1207 The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_reques...
S
CVE-2024-1208 The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio...
E
CVE-2024-1209 The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio...
E
CVE-2024-1210 The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio...
E
CVE-2024-1211 Cross-Site Request Forgery (CSRF) in GitLab
E S
CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection
KEV
CVE-2024-1213 The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerab...
S
CVE-2024-1214 The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerab...
S
CVE-2024-1215 SourceCodester CRUD without Page Reload fetch_data.php cross site scripting
E
CVE-2024-1216 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1217 The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnera...
S
CVE-2024-1218 The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnera...
S
CVE-2024-1219 Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
E
CVE-2024-1220 NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability
S
CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF
CVE-2024-1222 Incorrect authorization controls in PaperCut NG/MF APIs
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF
CVE-2024-1224 Information Disclosure Vulnerability in CDAC USB Pratirodh
S
CVE-2024-1225 QiboSoft QiboCMS X1 Pay.php rmb_pay deserialization
E
CVE-2024-1226 Multiple vulnerabilities in Rejetto's Http File Server
S
CVE-2024-1227 Multiple vulnerabilities in Rejetto's Http File Server
S
CVE-2024-1228 Hardcoded password in Eurosoft Przychodnia
CVE-2024-1229 SimpleShop <= 2.10.2 - Missing Authorization
CVE-2024-1230 SimpleShop <= 2.10.0 - Cross-Site Request Forgery
CVE-2024-1231 CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
E
CVE-2024-1232 CM Download Manager < 2.9.0 - Download Deletion via CSRF
E
CVE-2024-1233 Eap: wildfly-elytron has a ssrf security issue
M
CVE-2024-1234 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-1235 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1236 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-1237 The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Script...
S
CVE-2024-1238 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1239 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1240 Open Redirection in pyload/pyload
E S
CVE-2024-1241 Watchdog Antivirus v1.6.415 - Denial of Service
CVE-2024-1242 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes
CVE-2024-1246 Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature
CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field
CVE-2024-1249 Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
M
CVE-2024-1250 Privilege Chaining in GitLab
S
CVE-2024-1251 Tongda OA 2017 delete.php sql injection
E
CVE-2024-1252 Tongda OA 2017 delete.php sql injection
E
CVE-2024-1253 Byzoro Smart S40 Management Platform Import web.php unrestricted upload
E
CVE-2024-1254 Byzoro Smart S20 Management Platform sysmanageajax.php sql injection
E
CVE-2024-1255 sepidz SepidzDigitalMenu Waiters information disclosure
CVE-2024-1256 Jspxcms filter_text.do cross site scripting
E
CVE-2024-1257 Jspxcms find_text.do cross site scripting
E
CVE-2024-1258 Juanpao JPShop API params.php hard-coded key
E
CVE-2024-1259 Juanpao JPShop API AppController.php unrestricted upload
E
CVE-2024-1260 Juanpao JPShop API ComboController.php actionIndex unrestricted upload
E
CVE-2024-1261 Juanpao JPShop API ComboController.php actionIndex unrestricted upload
E
CVE-2024-1262 Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload
E
CVE-2024-1263 Juanpao JPShop API PosterController.php actionUpdate unrestricted upload
E
CVE-2024-1264 Juanpao JPShop UploadsController.php actionUpdate unrestricted upload
E
CVE-2024-1265 CodeAstro University Management System Attendance Management att_add.php cross site scripting
E
CVE-2024-1266 CodeAstro University Management System Student Registration Form st_reg.php cross site scripting
E
CVE-2024-1267 CodeAstro Restaurant POS System create_account.php cross site scripting
E
CVE-2024-1268 CodeAstro Restaurant POS System update_product.php unrestricted upload
E
CVE-2024-1269 SourceCodester Product Management System supplier.php cross site scripting
E
CVE-2024-1271 Rejected reason: This CVE was previously published at https://bugzilla.redhat.com/show_bug.cgi?id=22...
R
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
CVE-2024-1273 Starbox < 3.5.0 - Contributor+ Stored XSS
E
CVE-2024-1274 My Calendar < 3.4.24 - Authenticated Stored XSS
E
CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor
S
CVE-2024-1276 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
CVE-2024-1277 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields ...
S
CVE-2024-1278 The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerab...
CVE-2024-1279 Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure
E
CVE-2024-1282 The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to ...
S
CVE-2024-1283 Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to p...
CVE-2024-1284 Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potenti...
CVE-2024-1285 The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerab...
CVE-2024-1286 Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure
E
CVE-2024-1287 Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure and SQLi
E
CVE-2024-1288 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modific...
S
CVE-2024-1289 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object R...
CVE-2024-1290 Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover
E
CVE-2024-1291 The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the C...
CVE-2024-1292 WPB Show Core < 2.6 - Reflected XSS
E
CVE-2024-1293 The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the e...
CVE-2024-1294 The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable ...
S
CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
E
CVE-2024-1296 The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p...
CVE-2024-1297 Loomio 2.22.0 - Code injection
E
CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension
CVE-2024-1299 Privilege Chaining in GitLab
E S
CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
M
CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool
S
CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool
S
CVE-2024-1303 Multiple Vulnerabilities in Badger Meter's Monitool
S
CVE-2024-1304 Multiple Vulnerabilities in Badger Meter's Monitool
S
CVE-2024-1305 tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming wri...
CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF
E
CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
E
CVE-2024-1308 The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modificatio...
CVE-2024-1309 Resource Consumption Identified in NTP before 4.2.4p8 and 4.2.5
CVE-2024-1310 WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
E
CVE-2024-1311 The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
S
CVE-2024-1312 Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu
S
CVE-2024-1313 Users outside an organization can delete a snapshot with its key
CVE-2024-1315 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerab...
CVE-2024-1316 Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
E
CVE-2024-1317 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2024-1318 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2024-1319 Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
E
CVE-2024-1320 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored ...
S
CVE-2024-1321 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment...
S
CVE-2024-1322 The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPr...
S
CVE-2024-1323 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
S
CVE-2024-1324 QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval
CVE-2024-1325 The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-S...
CVE-2024-1326 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag...
CVE-2024-1327 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
CVE-2024-1328 The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ ...
CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack
CVE-2024-1330 Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
E
CVE-2024-1331 Team Members < 5.3.2 - Author+ Stored XSS
E
CVE-2024-1332 Custom Fonts – Host Your Fonts Locally <= 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting
S
CVE-2024-1333 Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
E
CVE-2024-1334 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Fo...
CVE-2024-1335 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Fo...
CVE-2024-1336 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Fo...
CVE-2024-1337 The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to ...
S
CVE-2024-1338 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Fo...
CVE-2024-1339 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Fo...
S
CVE-2024-1340 The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of...
S
CVE-2024-1341 The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
S
CVE-2024-1342 Rejected reason: Unable to reproduce....
R
CVE-2024-1343 Weak permission vulnerability in LaborOfficeFree
CVE-2024-1344 Encrypted database credentials in LaborOfficeFree
CVE-2024-1345 Weak MySQL database root password in LaborOfficeFree
CVE-2024-1346 Weak MySQL database root password in LaborOfficeFree
CVE-2024-1347 Authentication Bypass by Spoofing in GitLab
E S
CVE-2024-1348 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross...
CVE-2024-1349 The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents...
S
CVE-2024-1350 WordPress Honeypot for WP Comment plugin <= 2.2.3 - Arbitrary File Deletion vulnerability
CVE-2024-1351 MongoDB Server may allow successful untrusted connection
S
CVE-2024-1352 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerab...
CVE-2024-1353 PHPEMS index.api.php index deserialization
E
CVE-2024-1354 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1356 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success...
CVE-2024-1357 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross...
CVE-2024-1358 The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versio...
S
CVE-2024-1359 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1360 The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to...
S
CVE-2024-1361 The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver...
S
CVE-2024-1362 The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver...
S
CVE-2024-1363 The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to S...
S
CVE-2024-1364 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-1365 The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t...
S
CVE-2024-1366 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
CVE-2024-1367 Command Injection Vulnerability in Tenable Security Center
S
CVE-2024-1368 The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a...
S
CVE-2024-1369 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1370 The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a miss...
S
CVE-2024-1371 The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due...
CVE-2024-1372 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1373 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-46209. Reason: ...
R
CVE-2024-1374 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1375 Event post <= 5.9.5 - Cross-Site Request Forgery
CVE-2024-1376 Event post <= 5.9.4 - Missing Authorization
S
CVE-2024-1377 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
CVE-2024-1378 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CVE-2024-1379 The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-1380 The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data d...
S
CVE-2024-1381 The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerab...
S
CVE-2024-1382 The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versio...
S
CVE-2024-1383 The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v...
S
CVE-2024-1384 Premium Portfolio Features for Phlox theme <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-1385 The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of d...
S
CVE-2024-1386 The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scr...
CVE-2024-1387 The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due...
S
CVE-2024-1388 The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing cap...
S
CVE-2024-1389 The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction...
S
CVE-2024-1390 The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction...
S
CVE-2024-1391 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-1392 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-1393 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-1394 Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
M
CVE-2024-1395 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2024-1396 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross...
CVE-2024-1397 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-1398 The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Sit...
CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-1400 The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to ...
S
CVE-2024-1401 Profile Box Shortcode And Widget < 1.2.1 Admin+ Stored XSS
E
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions
S
CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
CVE-2024-1404 Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure
E
CVE-2024-1405 Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure
E
CVE-2024-1406 Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure
E
CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification
S
CVE-2024-1408 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1409 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1410 Unbounded storage of information related to connection ID retirement, in quiche
CVE-2024-1411 The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-1412 The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘messag...
CVE-2024-1413 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-1414 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-1415 The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to C...
CVE-2024-1416 The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to u...
CVE-2024-1417 Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari
CVE-2024-1418 The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
CVE-2024-1419 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
S
CVE-2024-1420 Rejected reason: **REJECT** This is a duplicate of CVE-2024-1049. Please use CVE-2024-1049 instead....
R
CVE-2024-1421 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-1422 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-1423 Rejected reason: Accidental Request...
R
CVE-2024-1424 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored C...
S
CVE-2024-1425 The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents...
S
CVE-2024-1426 The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Para...
S
CVE-2024-1427 The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag
S
CVE-2024-1428 The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Para...
S
CVE-2024-1429 The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Para...
S
CVE-2024-1430 Netgear R7000 Web Management Interface currentsetting.htm information disclosure
E
CVE-2024-1431 Netgear R7000 Web Management Interface debuginfo.htm information disclosure
E
CVE-2024-1432 DeepFaceLab main.py apply_xseg deserialization
E
CVE-2024-1433 KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal
S
CVE-2024-1434 WordPress Media Alt Renamer Plugin 0.0.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2024-1435 WordPress Tainacan Plugin <= 0.20.6 is vulnerable to Sensitive Data Exposure
CVE-2024-1436 WordPress WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit Plugin <= 1.0.9 is vulnerable to Sensitive Data Exposure
CVE-2024-1437 WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2024-1438 WordPress Rolo Slider plugin <= 1.0.9 - Broken Access Control vulnerability
CVE-2024-1439 Inadequate access control vulnerability in Moodle
S
CVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()
M
CVE-2024-1442 User with permissions to create a data source can CRUD all data sources
CVE-2024-1443 MSI Afterburner v4.6.5.16370 - Denial of Service
CVE-2024-1444 Rejected reason: Erroneous assignment...
R
CVE-2024-1445 The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-1446 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion
S
CVE-2024-1447 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'...
S
CVE-2024-1448 The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2024-1449 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-1450 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
S
CVE-2024-1451 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-1452 The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versi...
S
CVE-2024-1453 Santesoft Sante DICOM Viewer Pro Out-of-Bounds Read
S
CVE-2024-1454 Opensc: memory use after free in authentic driver when updating token info
S
CVE-2024-1455 Billion Laughs Attack leading to DoS in langchain-ai/langchain
CVE-2024-1456 S3 Bucket Takeover in h2oai/h2o-3
CVE-2024-1457 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1458 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1459 Undertow: directory traversal vulnerability
M
CVE-2024-1460 MSI Afterburner v4.6.5.16370 - Kernel Memory Leak
CVE-2024-1461 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1462 The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all version...
S
CVE-2024-1463 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script...
CVE-2024-1464 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1465 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1466 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1467 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery
CVE-2024-1468 The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitra...
CVE-2024-1469 Rejected reason: ** REJECT ** Duplicate assignment. Please use CVE-2024-0845 instead....
R
CVE-2024-1470 Elevation of Privilege attack on NetIQ Client login extension
CVE-2024-1471 HTML Injection Vulnerability
S
CVE-2024-1472 The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to,...
S
CVE-2024-1473 The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exp...
CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface
CVE-2024-1475 The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposur...
S
CVE-2024-1476 The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitiv...
CVE-2024-1477 The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in al...
CVE-2024-1478 The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all ver...
CVE-2024-1479 The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio...
S
CVE-2024-1480 Unitronics Vision Standard Unauthenticated Password Retrieval
CVE-2024-1481 Freeipa: specially crafted http requests potentially lead to denial of service
M
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
E
CVE-2024-1484 The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Refl...
S
CVE-2024-1485 Registry-support: decompress can delete files outside scope via relative paths
S
CVE-2024-1486 Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
CVE-2024-1487 Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting
E
CVE-2024-1488 Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
S
CVE-2024-1489 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Req...
S
CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
M
CVE-2024-1492 The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missi...
S
CVE-2024-1493 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-1495 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-1496 The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-1497 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
S
CVE-2024-1498 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-1499 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
S
CVE-2024-1500 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr...
CVE-2024-1501 The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions ...
S
CVE-2024-1502 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori...
CVE-2024-1503 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Sit...
CVE-2024-1504 The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request For...
CVE-2024-1505 The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnera...
S
CVE-2024-1506 The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri...
CVE-2024-1507 The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri...
S
CVE-2024-1508 The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri...
CVE-2024-1509 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
CVE-2024-1510 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui
CVE-2024-1512 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vuln...
CVE-2024-1514 The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_...
S
CVE-2024-1515 Rejected reason: Erroneous assignement...
R
CVE-2024-1516 The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a...
S
CVE-2024-1519 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1520 OS Command Injection in parisneo/lollms-webui
CVE-2024-1521 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
CVE-2024-1523 EC-WEB FS-EZViewer(Web) - SQL Injection
S
CVE-2024-1525 Authentication Bypass Using an Alternate Path or Channel in GitLab
S
CVE-2024-1526 Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access
E
CVE-2024-1527 Unrestricted Upload of File with Dangerous Type in CMS Made Simple
S
CVE-2024-1528 Cross-site Scripting in CMS Made Simple
S
CVE-2024-1529 Cross-site Scripting in CMS Made Simple
S
CVE-2024-1530 ECshop view_sendlist.php sql injection
E
CVE-2024-1531 A vulnerability exists in the stb-language file handling that affects the RTU500 series product vers...
CVE-2024-1532 A vulnerability exists in the stb-language file handling that affects the RTU500 series product vers...
CVE-2024-1533 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross...
CVE-2024-1534 The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
CVE-2024-1535 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1536 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-1537 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-1538 The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up...
S
CVE-2024-1539 Missing Authorization in GitLab
E S
CVE-2024-1540 Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow
CVE-2024-1541 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to...
CVE-2024-1543 AES T-Table sub-cache-line leakage
CVE-2024-1544 ECDSA nonce bias caused by truncation
CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt
CVE-2024-1546 When storing and re-accessing data on a networking channel, the length of buffers may have been conf...
CVE-2024-1547 Through a series of API calls and redirects, an attacker-controlled alert dialog could have been dis...
CVE-2024-1548 A website could have obscured the fullscreen notification by using a dropdown select input element. ...
CVE-2024-1549 If a website set a large custom cursor, portions of the cursor could have overlapped with the permis...
CVE-2024-1550 A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock...
CVE-2024-1551 Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attack...
E
CVE-2024-1552 Incorrect code generation could have led to unexpected numeric conversions and potential undefined b...
CVE-2024-1553 Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these b...
CVE-2024-1554 The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include...
E
CVE-2024-1555 When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly r...
CVE-2024-1556 The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid m...
CVE-2024-1557 Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption a...
CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow
E
CVE-2024-1559 The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_recip...
S
CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow
E
CVE-2024-1561 Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
CVE-2024-1562 The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modificati...
S
CVE-2024-1563 An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when...
CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access
E
CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL
S
CVE-2024-1566 The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missi...
CVE-2024-1567 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads ...
S
CVE-2024-1568 The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all...
S
CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui
CVE-2024-1570 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1571 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video ...
S
CVE-2024-1572 The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_...
S
CVE-2024-1573 Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions...
CVE-2024-1574 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in ...
CVE-2024-1575 The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) a...
CVE-2024-1576 SQL Injection in MegaBIP
CVE-2024-1577 Remote Code Execution in MegaBIP
CVE-2024-1578 Multiple MiCard PLUS card reader dropped characters
M
CVE-2024-1579 Insufficient seeding of random number generator
CVE-2024-1580 Integer overflow in VideoLAN dav1d
CVE-2024-1582 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scr...
S
CVE-2024-1584 The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPr...
CVE-2024-1585 The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site S...
S
CVE-2024-1586 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Sc...
S
CVE-2024-1587 The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up...
CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings
E
CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
E
CVE-2024-1590 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St...
S
CVE-2024-1591 Privilege Management for Windows < 24.1 Information Leak
CVE-2024-1592 The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Fo...
S
CVE-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow
E
CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow
E
CVE-2024-1595 Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Element
S
CVE-2024-1596 Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload
CVE-2024-1597 pgjdbc SQL Injection via line comment generation
M
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
CVE-2024-1599 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui
CVE-2024-1601 SQL Injection in parisneo/lollms-webui
CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui
CVE-2024-1603 confirmed
E
CVE-2024-1604 Incorrect authorization in BMC Control-M
CVE-2024-1605 DLL side-loading in BMC Control-M
CVE-2024-1606 HTML injection in BMC Control-M
CVE-2024-1608 OPPO Usercenter Credit sdk
CVE-2024-1609 OPPO Store APP has a WebView component privilege escalation vulnerability.
CVE-2024-1610 OPPO Store app include remote account token hijacking and sensitive information leakage
CVE-2024-1618 Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard
S
CVE-2024-1619 Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue ...
S
CVE-2024-1621 uniFLOW Online device registration susceptible to compromise
M
CVE-2024-1622 Routinator terminates when RTR connection is reset too quickly after opening
S
CVE-2024-1623 Insufficient session timeout vulnerability in Sagemcom router
S
CVE-2024-1624 OS Command Injection vulnerability affecting documentation server on certain Releases of 3DEXPERIENCE, SIMULIA Abaqus, SIMULIA Isight and CATIA Composer
CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary
E S
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary
E S
CVE-2024-1628 OS command injection vulnerabilities in GE HealthCare ultrasound devices
CVE-2024-1629 Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
CVE-2024-1630 Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
CVE-2024-1631 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
CVE-2024-1632 Incorrect access control in the Sitefinity backend
CVE-2024-1633 FIP Header Integer Overflow
CVE-2024-1634 Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection
CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
M
CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area
CVE-2024-1637 The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data du...
CVE-2024-1638 Bluetooth characteristic LESC security requirement not enforced without additional flags
E
CVE-2024-1639 License Manager for WooCommerce <= 3.0.7 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure
CVE-2024-1640 The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin b...
S
CVE-2024-1641 The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of ...
CVE-2024-1642 The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is ...
S
CVE-2024-1643 Unauthorized Organization Access in lunary-ai/lunary
CVE-2024-1644 Suite CRM v7.14.2 - RCE via Local File Inclusion
E
CVE-2024-1645 The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing ...
S
CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui
CVE-2024-1647 pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS
E
CVE-2024-1648 electron-pdf 20.0.0 - Local File Read via Server Side XSS
E
CVE-2024-1649 The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
S
CVE-2024-1650 The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
S
CVE-2024-1651 Torrentpier 2.4.1 - RCE
E
CVE-2024-1652 The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
S
CVE-2024-1653 The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
S
CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF
CVE-2024-1655 ASUS WiFi Router - OS Command Injection
S
CVE-2024-1656 Affected versions of Octopus Server had a weak content security policy....
CVE-2024-1657 Platform: insecure websocket used when interacting with eda server
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
E
CVE-2024-1659 Arbitrary File Upload in MegaBIP
CVE-2024-1660 Top Bar < 3.0.5 - Admin+ Stored XSS
E
CVE-2024-1661 Totolink X6000R shadow hard-coded credentials
E
CVE-2024-1662 Information Disclosure in Porty's PowerBank
CVE-2024-1663 Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS
E
CVE-2024-1664 Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS
E
CVE-2024-1665 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary
E S
CVE-2024-1668 The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensiti...
CVE-2024-1669 Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attack...
E
CVE-2024-1670 Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentia...
E
CVE-2024-1671 Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a rem...
CVE-2024-1672 Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allo...
E
CVE-2024-1673 Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker wh...
E
CVE-2024-1674 Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote ...
CVE-2024-1675 Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote...
E
CVE-2024-1676 Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote ...
E
CVE-2024-1677 The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plug...
CVE-2024-1678 The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposur...
CVE-2024-1679 The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plug...
CVE-2024-1680 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors
CVE-2024-1682 Unclaimed S3 Bucket Reference in psf/requests Documentation
CVE-2024-1683 DLL Injection in Tenable Identity Exposure Secure Relay
S
CVE-2024-1684 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is...
CVE-2024-1685 The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all ver...
CVE-2024-1686 The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerab...
S
CVE-2024-1687 The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerab...
S
CVE-2024-1688 The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missi...
CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation
S
CVE-2024-1690 The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refun...
S
CVE-2024-1691 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPres...
CVE-2024-1692 The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-...
CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
CVE-2024-1694 Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local ...
E
CVE-2024-1695 A potential security vulnerability has been identified in the HP Application Enabling Software Drive...
CVE-2024-1696 Santesoft Sante FFT Imaging Out-of-bounds Write
S
CVE-2024-1697 The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Sit...
CVE-2024-1698 The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With ...
E S
CVE-2024-1700 keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting
E
CVE-2024-1701 keerti1924 PHP-MYSQL-User-Login-System edit.php access control
E
CVE-2024-1702 keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection
E
CVE-2024-1703 ZhongBangKeJi CRMEB openfile absolute path traversal
E
CVE-2024-1704 ZhongBangKeJi CRMEB crud delete path traversal
E
CVE-2024-1705 Shopwind Installation DefaultController.php actionCreate code injection
E
CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting
E
CVE-2024-1707 GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings cross site scripting
E
CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
E
CVE-2024-1709 Authentication bypass using an alternate path or channel
KEV E S
CVE-2024-1710 The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing...
CVE-2024-1711 The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter i...
CVE-2024-1712 Carousel Slider < 2.2.7 - Editor+ Stored XSS
E
CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation
E
CVE-2024-1714 Access Request for Entitlement Values with Leading/Trailing Whitespace
CVE-2024-1715 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34802. Reason: ...
R
CVE-2024-1716 The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to...
CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval
CVE-2024-1718 Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update
CVE-2024-1719 The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request For...
S
CVE-2024-1720 The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plug...
S
CVE-2024-1721 Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allow...
CVE-2024-1722 Keycloak-core: dos via account lockout
M
CVE-2024-1723 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
S
CVE-2024-1724 snapd allows $HOME/bin symlink
E S
CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node
CVE-2024-1726 Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service
M
CVE-2024-1727 CSRF Vulnerability in gradio-app/gradio
CVE-2024-1728 Local File Inclusion in gradio-app/gradio
CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio
CVE-2024-1730 The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Dro...
CVE-2024-1731 The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versi...
CVE-2024-1732 The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to un...
CVE-2024-1733 The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to...
CVE-2024-1734 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1735 A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of m...
CVE-2024-1736 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name
S
CVE-2024-1738 Incorrect Authorization in lunary-ai/lunary
E S
CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary
CVE-2024-1740 Incorrect Authorization in lunary-ai/lunary
E S
CVE-2024-1741 Improper Authorization in lunary-ai/lunary
E S
CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin
CVE-2024-1743 WooCommerce Customers Manager < 29.8 - Reflected XSS
E
CVE-2024-1744 Information Disclosure in Ariva Computer's Accord ORS
CVE-2024-1745 Testimonial Slider < 2.3.7 - Author+ Settings Update
E
CVE-2024-1746 Testimonial Slider < 2.3.8 - Admin+ Stored XSS
E
CVE-2024-1747 WooCommerce Customers Manager < 30.2 - Subscriber+ Stored XSS
E
CVE-2024-1748 van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization
E
CVE-2024-1749 Bdtask Bhojon Best Restaurant Management Software Message Page message cross site scripting
E
CVE-2024-1750 TemmokuMVC Image Download images_get_down.php img_replace deserialization
E
CVE-2024-1751 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-base...
CVE-2024-1752 Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings
E
CVE-2024-1753 Buildah: full container escape at build time
M
CVE-2024-1754 NPS computy <= 2.7.5 - Admin+ Stored XSS
E
CVE-2024-1755 NPS computy <= 2.7.5 - Results Deletion via CSRF
E
CVE-2024-1756 WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
E
CVE-2024-1758 The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in al...
S
CVE-2024-1759 The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Store...
S
CVE-2024-1760 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress ...
S
CVE-2024-1761 The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's w...
S
CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent
S
CVE-2024-1763 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized m...
S
CVE-2024-1764 Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14...
CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche
CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
S
CVE-2024-1767 The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks...
S
CVE-2024-1768 Clever Fox <= 25.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-1769 The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up t...
CVE-2024-1770 The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up t...
CVE-2024-1771 The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing ca...
S
CVE-2024-1772 The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vuln...
CVE-2024-1773 The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object ...
S
CVE-2024-1774 The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
CVE-2024-1775 The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected C...
S
CVE-2024-1776 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection v...
CVE-2024-1777 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Requ...
CVE-2024-1778 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized mo...
CVE-2024-1779 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized mo...
CVE-2024-1780 The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ta...
CVE-2024-1781 Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg command injection
E
CVE-2024-1782 The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via ...
CVE-2024-1783 Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow
E
CVE-2024-1784 Limbas main_admin.php sql injection
E
CVE-2024-1785 The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
CVE-2024-1786 D-Link DIR-600M C1 Telnet Service buffer overflow
E
CVE-2024-1787 The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
CVE-2024-1788 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: T...
R
CVE-2024-1789 The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versio...
CVE-2024-1790 The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal ...
CVE-2024-1791 The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code...
CVE-2024-1792 The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and inclu...
CVE-2024-1793 The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newslet...
CVE-2024-1794 The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded fil...
S
CVE-2024-1795 The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL I...
S
CVE-2024-1796 The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Store...
CVE-2024-1797 The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL I...
S
CVE-2024-1798 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml
CVE-2024-1799 The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPre...
S
CVE-2024-1800 Progress Telerik Report Server Deserialization
CVE-2024-1801 Progress Telerik Reporting Local Deserialization Vulnerability
CVE-2024-1802 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed A...
S
CVE-2024-1803 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual
S
CVE-2024-1804 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml
CVE-2024-1805 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclic...
CVE-2024-1806 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-1807 The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modi...
CVE-2024-1808 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2024-1809 The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPr...
CVE-2024-1810 The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site ...
S
CVE-2024-1811 OpenText ArcSight Platform Remote Vulnerability
CVE-2024-1812 The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions ...
S
CVE-2024-1813 The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up t...
CVE-2024-1814 Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block
S
CVE-2024-1815 Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block
S
CVE-2024-1816 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-1817 Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication
E
CVE-2024-1818 CodeAstro Membership Management System Logo unrestricted upload
E
CVE-2024-1819 CodeAstro Membership Management System Add Members Tab unrestricted upload
E
CVE-2024-1820 code-projects Crime Reporting System inchargelogin.php sql injection
E
CVE-2024-1821 code-projects Crime Reporting System police_add.php sql injection
E
CVE-2024-1822 PHPGurukul Tourism Management System user-bookings.php cross site scripting
E
CVE-2024-1823 CodeAstro Simple Voting System Backend users.php access control
E
CVE-2024-1824 CodeAstro House Rental Management System signing.php sql injection
E
CVE-2024-1825 CodeAstro House Rental Management System User Registration Page cross site scripting
E
CVE-2024-1826 code-projects Library System login.php sql injection
E
CVE-2024-1827 code-projects Library System login.php sql injection
E
CVE-2024-1828 code-projects Library System registration.php sql injection
E
CVE-2024-1829 code-projects Library System registration.php sql injection
E
CVE-2024-1830 code-projects Library System lost-password.php sql injection
E
CVE-2024-1831 SourceCodester Complete File Management System Login Form index.php sql injection
E
CVE-2024-1832 SourceCodester Complete File Management System Admin Login Form sql injection
E
CVE-2024-1833 SourceCodester Employee Management System login.php sql injection
E
CVE-2024-1834 SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 cross site scripting
E
CVE-2024-1839 Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL in...
S
CVE-2024-1840 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author t...
CVE-2024-1841 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title ta...
CVE-2024-1842 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Headin...
CVE-2024-1843 The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due...
S
CVE-2024-1844 The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized...
CVE-2024-1845 VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery
E
CVE-2024-1846 Responsive Tabs < 4.0.7 - Contributor+ Stored XSS
E
CVE-2024-1847 Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
CVE-2024-1848 Multiple vulnerabilities exist in file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024
CVE-2024-1849 WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
E
CVE-2024-1850 The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modifi...
CVE-2024-1851 The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorize...
S
CVE-2024-1852 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-1853 Zemana AntiLogger v2.74.204.664 - Arbitrary Process Termination
CVE-2024-1854 The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v...
CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery
S
CVE-2024-1856 Progress Telerik Reporting Remote Deserialization Vulnerability
CVE-2024-1857 The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Per...
CVE-2024-1858 The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object I...
CVE-2024-1859 The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable...
S
CVE-2024-1860 The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugi...
S
CVE-2024-1861 The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugi...
S
CVE-2024-1862 The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modif...
S
CVE-2024-1863 Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability
CVE-2024-1864 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: T...
R
CVE-2024-1865 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: T...
R
CVE-2024-1866 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: T...
R
CVE-2024-1867 G DATA Total Security Link Following Local Privilege Escalation Vulnerability
CVE-2024-1868 G DATA Total Security Link Following Local Privilege Escalation Vulnerability
CVE-2024-1869 Certain HP DesignJet print products are potentially vulnerable to information disclosure related to ...
CVE-2024-1870 The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due...
S
CVE-2024-1871 SourceCodester Employee Management System Project Assignment Report assignp.php cross site scripting
E
CVE-2024-1872 The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and inc...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()
M
CVE-2024-1875 SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload
E
CVE-2024-1876 SourceCodester Employee Management System psubmit.php sql injection
E S
CVE-2024-1877 SourceCodester Employee Management System cancel.php sql injection
E
CVE-2024-1878 SourceCodester Employee Management System myprofile.php sql injection
E
CVE-2024-1879 CSRF to RCE in significant-gravitas/autogpt
E S
CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt
E S
CVE-2024-1881 Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt
S
CVE-2024-1882 Server-side resource injection in PaperCut NG/MF
CVE-2024-1883 Reflected XSS in PaperCut NG/MF
CVE-2024-1884 Server Side Request Forgery in PaperCut NG/MF
CVE-2024-1885 Remote Code Execution attack on LG Signage
CVE-2024-1886 Absolute path traversal attack on LG Signage
CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled
S
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission
S
CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller
CVE-2024-1890 Clickjacking vulnerability in Sunny Webbox
CVE-2024-1891 Stored Cross Site Scripting
S
CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider
E S
CVE-2024-1893 The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘p...
S
CVE-2024-1894 The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable t...
S
CVE-2024-1895 The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulner...
CVE-2024-1896 The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Tea...
CVE-2024-1897 The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injecti...
CVE-2024-1898 Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier al...
CVE-2024-1899 Showdownjs Denial of Service
CVE-2024-1900 Improper session management in the identity provider authentication flow in Devolutions Server 2023....
CVE-2024-1901 Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3....
CVE-2024-1902 Session Reuse Vulnerability in lunary-ai/lunary
E S
CVE-2024-1904 The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missi...
CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS
E
CVE-2024-1906 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...
S
CVE-2024-1907 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...
S
CVE-2024-1908 Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed Privilege Escalation
CVE-2024-1909 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...
S
CVE-2024-1910 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...
S
CVE-2024-1912 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...
S
CVE-2024-1913 An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make th...
CVE-2024-1914 An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the...
CVE-2024-1915 Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSE...
CVE-2024-1916 Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and ...
CVE-2024-1917 Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and ...
CVE-2024-1918 Byzoro Smart S42 Management Platform userattestation.php unrestricted upload
E
CVE-2024-1919 SourceCodester Online Job Portal Manage Walkin Page ManageWalkin.php cross site scripting
E
CVE-2024-1920 osuuu LightPicture TokenVerify.php handle hard-coded key
E
CVE-2024-1921 osuuu LightPicture Setup.php unrestricted upload
E
CVE-2024-1922 SourceCodester Online Job Portal Manage Job Page ManageJob.php cross site scripting
E
CVE-2024-1923 SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection
E
CVE-2024-1924 CodeAstro Membership Management System get_membership_amount.php sql injection
E
CVE-2024-1925 Ctcms Upsys.php unrestricted upload
E
CVE-2024-1926 SourceCodester Free and Open Source Inventory Management System search_sales_report.php sql injection
E
CVE-2024-1927 SourceCodester Web-Based Student Clearance System login.php sql injection
E
CVE-2024-1928 SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection
E
CVE-2024-1929 Local Root Exploit via Configuration Dictionary
CVE-2024-1930 No Limit on Number of Open Sessions / Bad Session Close Behaviour
CVE-2024-1931 Denial of service when trimming EDE text on positive replies
S
CVE-2024-1932 Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout
E S
CVE-2024-1933 Improper symlink resolution in TeamViewer Remote client for macOS
S
CVE-2024-1934 The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of...
CVE-2024-1935 The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social ...
S
CVE-2024-1936 The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitr...
CVE-2024-1937 Brizy – Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification
S
CVE-2024-1938 Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentiall...
E
CVE-2024-1939 Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentiall...
E
CVE-2024-1940 Brizy – Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting
S
CVE-2024-1941 Delta Electronics CNCSoft-B Stack-based Buffer Overflow
S
CVE-2024-1942 Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata ...
S
CVE-2024-1943 The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and ...
S
CVE-2024-1944 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1945 The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPr...
CVE-2024-1946 The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block c...
CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab
E S
CVE-2024-1948 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
S
CVE-2024-1949 A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authent...
S
CVE-2024-1950 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PH...
S
CVE-2024-1951 The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerab...
CVE-2024-1952 Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugi...
S
CVE-2024-1953 Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li...
S
CVE-2024-1954 The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site ...
S
CVE-2024-1955 Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification
CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS
E
CVE-2024-1957 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored C...
S
CVE-2024-1958 WPB Show Core < 2.7 - Reflected XSS
E
CVE-2024-1959 The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site S...
CVE-2024-1960 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (fo...
S
CVE-2024-1961 Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb
CVE-2024-1962 CM Download and File Manager < 2.9.1 - Download Edit via CSRF
E
CVE-2024-1963 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-1964 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-1965 Server-Side Request Forgery Vulnerability in Haivision Products
CVE-2024-1968 Authorization Header Leakage in scrapy/scrapy on Scheme Change Redirects
CVE-2024-1969 Heap buffer overflow
CVE-2024-1970 SourceCodester Online Learning System V2 index.php cross site scripting
E
CVE-2024-1971 Surya2Developer Online Shopping System POST Parameter login.php sql injection
E
CVE-2024-1972 SourceCodester Online Job Portal EditProfile.php cross site scripting
E
CVE-2024-1973 Elevation of privileges vulnerability
S
CVE-2024-1974 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversa...
S
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources
S
CVE-2024-1976 The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers...
CVE-2024-1977 The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripti...
E
CVE-2024-1978 The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to,...
S
CVE-2024-1979 Quarkus: information leak in annotation
M
CVE-2024-1980 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6876. Reason: T...
R
CVE-2024-1981 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the...
E S
CVE-2024-1982 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access d...
E S
CVE-2024-1983 Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
E
CVE-2024-1984 The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all ve...
CVE-2024-1985 The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Dis...
S
CVE-2024-1986 The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due t...
CVE-2024-1987 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-1989 The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2024-1990 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin...
S
CVE-2024-1991 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin...
S
CVE-2024-1992 Rejected reason: Rejected as duplicate of CVE-2024-2306...
R
CVE-2024-1993 The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's s...
CVE-2024-1994 The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a...
CVE-2024-1995 The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a m...
CVE-2024-1996 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu...
CVE-2024-1997 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pr...
CVE-2024-1998 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1795. Reason: T...
R
CVE-2024-1999 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to...
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.