| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-10000 | Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality | | |
| CVE-2024-10001 | Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling | | |
| CVE-2024-10002 | Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator | S | |
| CVE-2024-10003 | Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions | S | |
| CVE-2024-10004 | Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS ... | | |
| CVE-2024-10005 | Consul L7 Intentions Vulnerable To URL Path Bypass | | |
| CVE-2024-10006 | Consul L7 Intentions Vulnerable To Headers Bypass | | |
| CVE-2024-10007 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation | | |
| CVE-2024-10008 | Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation | | |
| CVE-2024-10009 | Website File Changes < 2.1.0 - Admin+ Authenticated SQL Injection | E | |
| CVE-2024-10010 | LearnPress < 4.2.7.2 - Admin+ Stored XSS | E | |
| CVE-2024-10011 | BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal | | |
| CVE-2024-10012 | Progress UI for WPF format provider unsafe deserialization vulnerability | | |
| CVE-2024-10013 | Progress UI for WinForms format provider unsafe deserialization vulnerability | | |
| CVE-2024-10014 | Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode | | |
| CVE-2024-10015 | ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter | | |
| CVE-2024-10016 | File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-10017 | PJW Mime Config <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-10018 | Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to t... | | |
| CVE-2024-10019 | Path Traversal and OS Command Injection in parisneo/lollms-webui | E | |
| CVE-2024-10020 | Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider | S | |
| CVE-2024-10021 | code-projects Pharmacy Management System manage_purchase.php sql injection | E | |
| CVE-2024-10022 | code-projects Pharmacy Management System manage_supplier.php sql injection | E | |
| CVE-2024-10023 | code-projects Pharmacy Management System add_new_medicine.php sql injection | E | |
| CVE-2024-10024 | code-projects Pharmacy Management System manage_medicine_stock.php sql injection | E | |
| CVE-2024-10025 | Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx | S | |
| CVE-2024-10026 | Improved Seeding and Hashing In gVisor | E S | |
| CVE-2024-10027 | WP Booking Calendar < 10.6.3 - Admin+ Stored XSS | E | |
| CVE-2024-10028 | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log | S | |
| CVE-2024-10029 | In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in... | | |
| CVE-2024-10031 | In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by mo... | | |
| CVE-2024-10032 | In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in th... | | |
| CVE-2024-10033 | Aap-gateway: xss on aap-gateway | M | |
| CVE-2024-10034 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting | | |
| CVE-2024-10035 | Code Injection in BG-TEK's CoslatV3 | | |
| CVE-2024-10037 | A vulnerability exists in the RTU500 web server component that can cause a denial of service to the ... | | |
| CVE-2024-10038 | WP-Strava <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | | |
| CVE-2024-10040 | Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update | | |
| CVE-2024-10041 | Pam: libpam: libpam vulnerable to read hashed password | M | |
| CVE-2024-10042 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10043 | Incorrect Authorization in GitLab | E S | |
| CVE-2024-10044 | SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat | E | |
| CVE-2024-10045 | Transients Manager <= 2.0.6 - Cross-Site Request Forgery | S | |
| CVE-2024-10046 | افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting | | |
| CVE-2024-10047 | Directory Listing Vulnerability in parisneo/lollms-webui | E | |
| CVE-2024-10048 | Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page | | |
| CVE-2024-10049 | Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page | | |
| CVE-2024-10050 | Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode | | |
| CVE-2024-10051 | Unauthenticated Denial of Service in shaunwei/realchar | | |
| CVE-2024-10054 | Happyforms < 1.26.3 - Admin+ Stored XSS | E | |
| CVE-2024-10055 | Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode | S | |
| CVE-2024-10056 | Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode | | |
| CVE-2024-10057 | RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode | S | |
| CVE-2024-10068 | OpenSight Software FlashFXP FlashFXP.exe uncontrolled search path | | |
| CVE-2024-10069 | ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection | E | |
| CVE-2024-10070 | ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection | E | |
| CVE-2024-10071 | ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection | E | |
| CVE-2024-10072 | ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection | E | |
| CVE-2024-10073 | flairNLP flair Mode File Loader clustering.py ClusteringModel code injection | E | |
| CVE-2024-10074 | Liteos_a has an use after free vulnerability | | |
| CVE-2024-10075 | Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution | E | |
| CVE-2024-10076 | Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS | E | |
| CVE-2024-10078 | WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions | | |
| CVE-2024-10079 | WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection | | |
| CVE-2024-10080 | WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta | | |
| CVE-2024-10081 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyz... | | |
| CVE-2024-10082 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyz... | | |
| CVE-2024-10083 | CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of enginee... | | |
| CVE-2024-10084 | Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode | | |
| CVE-2024-10086 | Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation | | |
| CVE-2024-10087 | XSS in iKSORIS | | |
| CVE-2024-10088 | XSS in iKSORIS | | |
| CVE-2024-10089 | XSS in iKSORIS | | |
| CVE-2024-10090 | XSS in iKSORIS | | |
| CVE-2024-10091 | ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget | | |
| CVE-2024-10092 | Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation | | |
| CVE-2024-10093 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path | | |
| CVE-2024-10094 | Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Gene... | | |
| CVE-2024-10095 | Progress UI for WPF format provider unsafe deserialization vulnerability | | |
| CVE-2024-10096 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10097 | Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider | S | |
| CVE-2024-10098 | ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access | E | |
| CVE-2024-10099 | Stored XSS in comfyanonymous/comfyui | E | |
| CVE-2024-10100 | Path Traversal in binary-husky/gpt_academic | E | |
| CVE-2024-10101 | Stored XSS in binary-husky/gpt_academic | E | |
| CVE-2024-10102 | Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS | E | |
| CVE-2024-10103 | MailPoet < 5.3.2 - Admin+ Stored XSS | E | |
| CVE-2024-10104 | Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS | E | |
| CVE-2024-10105 | Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS | E | |
| CVE-2024-10106 | Ember ZNet buffer overflow in 'packet handoff' plugin | | |
| CVE-2024-10107 | Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS | E | |
| CVE-2024-10108 | WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode | | |
| CVE-2024-10109 | Incorrect Authorization in mintplex-labs/anything-llm | E S | |
| CVE-2024-10110 | Denial of Service in aimhubio/aim | E | |
| CVE-2024-10111 | OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass | | |
| CVE-2024-10112 | Simple News <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode | | |
| CVE-2024-10113 | WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode | | |
| CVE-2024-10114 | Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider | | |
| CVE-2024-10115 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9884. Reason: T... | R | |
| CVE-2024-10116 | Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter | S | |
| CVE-2024-10117 | WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode | S | |
| CVE-2024-10118 | SECOM WRTR-304GN-304TW-UPSC - OS Command Injection | S | |
| CVE-2024-10119 | SECOM WRTM326 - OS Command Injection | S | |
| CVE-2024-10120 | wfh45678 Radar upload unrestricted upload | E | |
| CVE-2024-10121 | wfh45678 Radar Interface authorization | E | |
| CVE-2024-10122 | Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking | | |
| CVE-2024-10123 | Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow | E | |
| CVE-2024-10124 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | | |
| CVE-2024-10125 | Lack of JWT issuer and signer validation | | |
| CVE-2024-10126 | Local file inclusion vulnerability in M-Files Server | S | |
| CVE-2024-10127 | Support for authentication bypass condition in M-Files LDAP authentication | S | |
| CVE-2024-10128 | Topdata Inner Rep Plus WebServer td.js.gz risky encryption | E | |
| CVE-2024-10129 | HFO4 shudong-share Share create_share.php sql injection | E | |
| CVE-2024-10130 | Tenda AC8 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow | E | |
| CVE-2024-10131 | Remote Code Execution in infiniflow/ragflow | E | |
| CVE-2024-10133 | ESAFENET CDG NetSecPolicyAjax.java updateNetSecPolicyPriority sql injection | E | |
| CVE-2024-10134 | ESAFENET CDG MultiServerAjax.java connectLogout sql injection | E | |
| CVE-2024-10135 | ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection | E | |
| CVE-2024-10136 | code-projects Pharmacy Management System manage_invoice.php sql injection | E | |
| CVE-2024-10137 | code-projects Pharmacy Management System manage_medicine.php sql injection | E | |
| CVE-2024-10138 | code-projects Pharmacy Management System add_new_purchase.php sql injection | E | |
| CVE-2024-10139 | code-projects Pharmacy Management System add_new_supplier.php sql injection | E | |
| CVE-2024-10140 | code-projects Pharmacy Management System manage_supplier.php sql injection | E | |
| CVE-2024-10141 | jsbroks COCO Annotator Session predictable state | E | |
| CVE-2024-10142 | code-projects Blood Bank System viewrequest.php cross site scripting | E | |
| CVE-2024-10143 | MB Custom Post Types & Custom Taxonomies < 2.7.7 - Admin+ Stored XSS | E | |
| CVE-2024-10144 | Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS | E | |
| CVE-2024-10145 | Hubbub Lite < 1.34.4 - Admin+ Stored XSS | E | |
| CVE-2024-10146 | Simple File List < 6.1.13 - Reflected Cross-Site Scripting | E | |
| CVE-2024-10147 | Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode | | |
| CVE-2024-10148 | Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode | | |
| CVE-2024-10149 | Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets | E | |
| CVE-2024-10150 | Bamazoo – Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgs Shortcode | | |
| CVE-2024-10151 | Auto iFrame < 2.0 - Contributor+ XSS via Shortcode | E | |
| CVE-2024-10152 | Simple Certain Time to Show Content < 1.3.1 - Reflected XSS | E | |
| CVE-2024-10153 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php sql injection | E | |
| CVE-2024-10154 | PHPGurukul Boat Booking System Check Booking Status Page status.php sql injection | E | |
| CVE-2024-10155 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php cross site scripting | E M | |
| CVE-2024-10156 | PHPGurukul Boat Booking System Sign In Page index.php sql injection | E | |
| CVE-2024-10157 | PHPGurukul Boat Booking System Reset Your Password Page password-recovery.php sql injection | E | |
| CVE-2024-10158 | PHPGurukul Boat Booking System session_start session fixiation | E | |
| CVE-2024-10159 | PHPGurukul Boat Booking System My Profile Page profile.php sql injection | E | |
| CVE-2024-10160 | PHPGurukul Boat Booking System BW Dates Report Page bwdates-report-details.php sql injection | E | |
| CVE-2024-10161 | PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload | E | |
| CVE-2024-10162 | PHPGurukul Boat Booking System Edit Subdomain Details Page edit-subadmin.php sql injection | E | |
| CVE-2024-10163 | SourceCodester Sentiment Based Movie Rating System movie_details.php sql injection | E | |
| CVE-2024-10164 | Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode | | |
| CVE-2024-10165 | Codezips Sales Management System deletecustcom.php sql injection | E | |
| CVE-2024-10166 | Codezips Sales Management System checkuser.php sql injection | E | |
| CVE-2024-10167 | Codezips Sales Management System deletecustind.php sql injection | E | |
| CVE-2024-10168 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode | | |
| CVE-2024-10169 | code-projects Hospital Management System change-password.php sql injection | E | |
| CVE-2024-10170 | code-projects Hospital Management System get_doctor.php sql injection | E | |
| CVE-2024-10171 | code-projects Blood Bank System massage.php sql injection | E | |
| CVE-2024-10172 | WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode | | |
| CVE-2024-10173 | didi DDMQ Console Module improper authentication | E | |
| CVE-2024-10174 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass | S | |
| CVE-2024-10175 | Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wdo_pricing_tables Shortcode | | |
| CVE-2024-10176 | Compact WP Audio Player <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode | | |
| CVE-2024-10177 | Beds24 Online Booking <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode | | |
| CVE-2024-10178 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | S | |
| CVE-2024-10179 | Slickstream: Engagement and Conversions <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode | | |
| CVE-2024-10180 | Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode | | |
| CVE-2024-10181 | Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode | S | |
| CVE-2024-10182 | Cognito Forms <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | | |
| CVE-2024-10183 | Arbitrary File Write Vulnerability in Jamf Remote Assist Leading to Privilege Escalation | S | |
| CVE-2024-10184 | SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode | | |
| CVE-2024-10185 | StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode | | |
| CVE-2024-10186 | Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode | | |
| CVE-2024-10187 | myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode | S | |
| CVE-2024-10188 | Denial of Service in BerriAI/litellm | | |
| CVE-2024-10189 | Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode | S | |
| CVE-2024-10190 | Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod | | |
| CVE-2024-10191 | PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting | E | |
| CVE-2024-10192 | PHPGurukul IFSC Code Finder Project search.php cross site scripting | E | |
| CVE-2024-10193 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection | E | |
| CVE-2024-10194 | WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow | E | |
| CVE-2024-10195 | Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection | | |
| CVE-2024-10196 | code-projects Pharmacy Management System add_new_invoice.php sql injection | E | |
| CVE-2024-10197 | code-projects Pharmacy Management System Manage Supplier Page manage_supplier.php cross site scripting | E | |
| CVE-2024-10198 | code-projects Pharmacy Management System Manage Customer Page manage_customer.php cross site scripting | E | |
| CVE-2024-10199 | code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting | E | |
| CVE-2024-10200 | Wellchoose Administrative Management System - Arbitrary File Read through Path Traversal | S | |
| CVE-2024-10201 | Wellchoose Administrative Management System - Arbitrary File Upload | S | |
| CVE-2024-10202 | Wellchoose Administrative Management System - OS Command Injection | S | |
| CVE-2024-10203 | Agent Arbitrary File Deletion | | |
| CVE-2024-10204 | Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025 | | |
| CVE-2024-10205 | Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | | |
| CVE-2024-10206 | Server-Side Request Forgery (unauthenticated) in APROL Web Portal | | |
| CVE-2024-10207 | Server-Side Request Forgery (authenticated) in APROL Web Portal | | |
| CVE-2024-10208 | Cross Site Scripting vulnerability in APROL Web Portal | | |
| CVE-2024-10209 | Incorrect Permission Assignment in APROL file system | | |
| CVE-2024-10210 | Path traversal in APROL Web Portal | | |
| CVE-2024-10212 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10214 | Incorrect Session Creation with Desktop SSO | S | |
| CVE-2024-10215 | WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change | | |
| CVE-2024-10216 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal | S | |
| CVE-2024-10217 | TIBCO Hawk Stored-XSS Vulnerability | | |
| CVE-2024-10218 | TIBCO Hawk Stored-XEE Vulnerability | | |
| CVE-2024-10219 | Incorrect Authorization in GitLab | E S | |
| CVE-2024-10220 | Arbitrary command execution through gitRepo volume | | |
| CVE-2024-10222 | SVG Support <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | E S | |
| CVE-2024-10223 | HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode | | |
| CVE-2024-10224 | Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before vers... | E M | |
| CVE-2024-10225 | Denial of Service in haotian-liu/llava | E | |
| CVE-2024-10226 | Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode | S | |
| CVE-2024-10227 | affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode | | |
| CVE-2024-10228 | Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user | | |
| CVE-2024-10229 | Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote ... | | |
| CVE-2024-10230 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentiall... | | |
| CVE-2024-10231 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentiall... | | |
| CVE-2024-10232 | AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode | | |
| CVE-2024-10233 | SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode | S | |
| CVE-2024-10234 | Wildfly: wildfly vulnerable to cross-site scripting (xss) | | |
| CVE-2024-10237 | SMC BMC Firmware Image Authentication Design Issue | | |
| CVE-2024-10238 | fld->used_bytes without sanity check causes stack overflow | | |
| CVE-2024-10239 | fld->used_bytes without sanity check causes stack overflow | | |
| CVE-2024-10240 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab | S | |
| CVE-2024-10241 | Private channel names leaked with Ctrl+K when ElasticSearch is enabled | S | |
| CVE-2024-10243 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10244 | SQLi in ISDO Software's Web Software | | |
| CVE-2024-10245 | Relais 2FA <= 1.0 - Authentication Bypass | | |
| CVE-2024-10247 | YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection | S | |
| CVE-2024-10249 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10250 | Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s | | |
| CVE-2024-10251 | Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4... | | |
| CVE-2024-10252 | Code Injection in langgenius/dify | E S | |
| CVE-2024-10253 | A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store th... | S | |
| CVE-2024-10254 | A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App... | S | |
| CVE-2024-10256 | Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated att... | M | |
| CVE-2024-10260 | Tripetto <= 8.0.3 - Unauthentiated Stored Cross-Site Scripting via Form File Upload | | |
| CVE-2024-10261 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution | S | |
| CVE-2024-10262 | Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | | |
| CVE-2024-10263 | Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution | S | |
| CVE-2024-10264 | HTTP Request Smuggling in netease-youdao/qanything | E | |
| CVE-2024-10265 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter | S | |
| CVE-2024-10266 | Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget | S | |
| CVE-2024-10267 | Information Disclosure in transformeroptimus/superagi | E | |
| CVE-2024-10268 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode | S | |
| CVE-2024-10269 | Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | S | |
| CVE-2024-10270 | Org.keycloak:keycloak-services: keycloak denial of service | | |
| CVE-2024-10272 | Broken Access Control in lunary-ai/lunary | E S | |
| CVE-2024-10273 | Improper Privilege Management in lunary-ai/lunary | E S | |
| CVE-2024-10274 | Improper Authorization in lunary-ai/lunary | E S | |
| CVE-2024-10275 | Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary | E S | |
| CVE-2024-10276 | Telestream Sentry Reports Page page cross site scripting | E M | |
| CVE-2024-10277 | ESAFENET CDG UsbKeyAjax.java sql injection | E | |
| CVE-2024-10278 | ESAFENET CDG ReUserOrganiseService.java sql injection | E | |
| CVE-2024-10279 | ESAFENET CDG PrintPolicyService.java sql injection | E | |
| CVE-2024-10280 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference | E | |
| CVE-2024-10281 | Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow | E | |
| CVE-2024-10282 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow | E | |
| CVE-2024-10283 | Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow | E | |
| CVE-2024-10284 | CE21 Suite <= 2.2.0 - Authentication Bypass | S | |
| CVE-2024-10285 | CE21 Suite <= 2.2.0 - JWT Token Disclosure | | |
| CVE-2024-10286 | Cross-Site Scripting (XSS) vulnerability in LocalServer | | |
| CVE-2024-10287 | Cross-Site Scripting (XSS) vulnerability in LocalServer | | |
| CVE-2024-10288 | Cross-Site Scripting (XSS) vulnerability in LocalServer | | |
| CVE-2024-10289 | Cross-Site Scripting (XSS) vulnerability in LocalServer | | |
| CVE-2024-10290 | ZZCMS inc.php information disclosure | E | |
| CVE-2024-10291 | ZZCMS phome.php Ebak_DotranExecutSQL sql injection | E | |
| CVE-2024-10292 | ZZCMS ChangeTable.php unrestricted upload | E | |
| CVE-2024-10293 | ZZCMS functions.php Ebak_SetGotoPak unrestricted upload | E | |
| CVE-2024-10294 | CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change | | |
| CVE-2024-10295 | Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request | | |
| CVE-2024-10296 | PHPGurukul Medical Card Generation System Report of Medical Card Page card-bwdates-reports-details.php sql injection | | |
| CVE-2024-10297 | PHPGurukul Medical Card Generation System Managecard Edit Image Page changeimage.php sql injection | | |
| CVE-2024-10298 | PHPGurukul Medical Card Generation System Managecard Edit Card Detail Page edit-card-detail.php sql injection | | |
| CVE-2024-10299 | PHPGurukul Medical Card Generation System Managecard View Detail Page view-card-detail.php sql injection | | |
| CVE-2024-10300 | PHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injection | | |
| CVE-2024-10301 | PHPGurukul Medical Card Generation System Search search-medicalcard.php sql injection | | |
| CVE-2024-10305 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10306 | Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests | M | |
| CVE-2024-10307 | Allocation of Resources Without Limits or Throttling in GitLab | E S | |
| CVE-2024-10308 | Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget | S | |
| CVE-2024-10309 | Tracking Code Manager < 2.4.0 - Contributor+ Stored XSS | E | |
| CVE-2024-10310 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget | S | |
| CVE-2024-10311 | External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass | | |
| CVE-2024-10312 | Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | S | |
| CVE-2024-10313 | iniNet Solutions SpiderControl SCADA PC HMI Editor Path Traversal | S | |
| CVE-2024-10314 | Unauthenticated Denial of Service via Auto Generation Function | | |
| CVE-2024-10315 | Insecure Configuration in Gliffy Online | | |
| CVE-2024-10316 | Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | | |
| CVE-2024-10318 | NGINX OpenID Connect Vulnerability | M | |
| CVE-2024-10319 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | S | |
| CVE-2024-10320 | Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode | | |
| CVE-2024-10321 | All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | | |
| CVE-2024-10322 | Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | S | |
| CVE-2024-10323 | JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | S | |
| CVE-2024-10324 | RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | S | |
| CVE-2024-10325 | Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | S | |
| CVE-2024-10326 | RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets | S | |
| CVE-2024-10327 | A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows pus... | S | |
| CVE-2024-10329 | Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure | S | |
| CVE-2024-10330 | Improper Access Control in lunary-ai/lunary | E S | |
| CVE-2024-10331 | PHPGurukul Vehicle Record System search-vehicle.php sql injection | E | |
| CVE-2024-10332 | A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerabili... | S | |
| CVE-2024-10334 | Camera passwords stored in clear text | | |
| CVE-2024-10335 | SourceCodester Garbage Collection Management System login.php sql injection | E | |
| CVE-2024-10336 | SourceCodeHero Clothes Recommendation System Admin Login Page index.php sql injection | | |
| CVE-2024-10337 | SourceCodeHero Clothes Recommendation System home.php sql injection | E | |
| CVE-2024-10338 | SourceCodeHero Clothes Recommendation System home.php sql injection | E | |
| CVE-2024-10339 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10340 | Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2024-10341 | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode | | |
| CVE-2024-10342 | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2024-10343 | Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2024-10344 | Unauthenticated Denial of Service via Refuse Function | | |
| CVE-2024-10345 | Unauthenticated Denial of Service via Shutdown Function | | |
| CVE-2024-10347 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10348 | SourceCodester Best House Rental Management System Manage Tenant Details index.php cross site scripting | E | |
| CVE-2024-10349 | SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection | E | |
| CVE-2024-10350 | code-projects Hospital Management System add-doctor.php sql injection | E | |
| CVE-2024-10351 | Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow | E | |
| CVE-2024-10352 | Magical Addons For Elementor <= 1.2.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | S | |
| CVE-2024-10353 | SourceCodester Online Exam System admin-dashboard access control | E | |
| CVE-2024-10354 | SourceCodester Petrol Pump Management Software print.php sql injection | E | |
| CVE-2024-10355 | SourceCodester Petrol Pump Management Software invoice.php sql injection | E | |
| CVE-2024-10356 | ElementsReady Addons for Elementor <= 6.4.8 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | S | |
| CVE-2024-10357 | Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | | |
| CVE-2024-10359 | Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat | E S | |
| CVE-2024-10360 | Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | S | |
| CVE-2024-10361 | Arbitrary File Deletion via Path Traversal in danny-avila/librechat | E S | |
| CVE-2024-10362 | Social Media Share Buttons < 2.9.0 - Admin+ Stored XSS | E | |
| CVE-2024-10363 | Improper Access Control in danny-avila/LibreChat | E S | |
| CVE-2024-10365 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | S | |
| CVE-2024-10366 | IDOR in delete attachments in danny-avila/librechat | E S | |
| CVE-2024-10367 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-10368 | Codezips Sales Management System addstock.php sql injection | E | |
| CVE-2024-10369 | Codezips Sales Management System addcustcom.php sql injection | E | |
| CVE-2024-10370 | Codezips Sales Management System addcustind.php sql injection | E | |
| CVE-2024-10371 | SourceCodester Payroll Management System main login buffer overflow | E | |
| CVE-2024-10372 | chidiwilliams buzz model_loader.py download_model temp file | E | |
| CVE-2024-10374 | WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode | S | |
| CVE-2024-10376 | ESAFENET CDG AutoSignService.java actionPassOrNotAutoSign sql injection | E | |
| CVE-2024-10377 | ESAFENET CDG DecryptApplicationService.java actionPassDecryptApplication1 sql injection | E | |
| CVE-2024-10378 | ESAFENET CDG CDGRenewApplicationService.java actionViewCDGRenewFile sql injection | E | |
| CVE-2024-10379 | ESAFENET CDG DecryptApplicationService.java actionViewDecyptFile path traversal | E | |
| CVE-2024-10380 | SourceCodester Petrol Pump Management Software ajax_product.php sql injection | E | |
| CVE-2024-10381 | Authentication Bypass Vulnerability in Matrix Door Controller | S | |
| CVE-2024-10382 | Arbitrary Code execution in Car App Android Jetpack Library | | |
| CVE-2024-10383 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork | E S | |
| CVE-2024-10385 | Stored XSS in DirectAdmin Evo Skin | | |
| CVE-2024-10386 | Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability | S | |
| CVE-2024-10387 | Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability | S | |
| CVE-2024-10388 | WordPress GDPR <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting | | |
| CVE-2024-10389 | Path Traversal in Safearchive | S | |
| CVE-2024-10390 | Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | | |
| CVE-2024-10391 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10392 | AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload | | |
| CVE-2024-10393 | Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration | S | |
| CVE-2024-10394 | A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client | | |
| CVE-2024-10395 | net: lib: http_server: Buffer Under-read | E | |
| CVE-2024-10396 | An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash | | |
| CVE-2024-10397 | A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly exec... | | |
| CVE-2024-10399 | Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure | | |
| CVE-2024-10400 | Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter | S | |
| CVE-2024-10401 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-10402 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation | | |
| CVE-2024-10403 | SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav | | |
| CVE-2024-10404 | Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave | | |
| CVE-2024-10405 | Weak TLS Ciphers on Brocade SANnav port 443 & 18082 | | |
| CVE-2024-10406 | SourceCodester Petrol Pump Management Software edit_fuel.php sql injection | E | |
| CVE-2024-10407 | SourceCodester Petrol Pump Management Software edit_customer.php sql injection | E | |
| CVE-2024-10408 | code-projects Blood Bank Management abs.php sql injection | E | |
| CVE-2024-10409 | code-projects Blood Bank Management accept.php sql injection | E | |
| CVE-2024-10410 | SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload | E | |
| CVE-2024-10411 | SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection | E | |
| CVE-2024-10412 | Poco-z Guns-Medical File Upload upload cross site scripting | E | |
| CVE-2024-10413 | SourceCodester Online Hotel Reservation System update.php upload unrestricted upload | E | |
| CVE-2024-10414 | PHPGurukul Vehicle Record System edit-brand.php cross site scripting | E | |
| CVE-2024-10415 | code-projects Blood Bank Management System accept.php sql injection | E | |
| CVE-2024-10416 | code-projects Blood Bank Management System cancel.php sql injection | E | |
| CVE-2024-10417 | code-projects Blood Bank Management System delete.php sql injection | E | |
| CVE-2024-10418 | code-projects Blood Bank Management System infoAdd.php sql injection | E M | |
| CVE-2024-10419 | code-projects Blood Bank Management System bloodrequest.php cross site scripting | E M | |
| CVE-2024-10420 | SourceCodester Attendance and Payroll System update.php upload unrestricted upload | E | |
| CVE-2024-10421 | SourceCodester Attendance and Payroll System overtime_row.php sql injection | E | |
| CVE-2024-10422 | SourceCodester Attendance and Payroll System overtime_add.php sql injection | E | |
| CVE-2024-10423 | Project Worlds Student Project Allocation System Project Selection Page project_selection.php sql injection | E | |
| CVE-2024-10424 | Project Worlds Student Project Allocation System Project Selection Page remove_project.php sql injection | E | |
| CVE-2024-10425 | Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection | E | |
| CVE-2024-10426 | Codezips Pet Shop Management System animalsadd.php sql injection | E | |
| CVE-2024-10427 | Codezips Pet Shop Management System deleteanimal.php sql injection | E | |
| CVE-2024-10428 | WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection | E | |
| CVE-2024-10429 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection | E | |
| CVE-2024-10430 | Codezips Pet Shop Management System animalsupdate.php sql injection | E | |
| CVE-2024-10431 | Codezips Pet Shop Management System deletebird.php sql injection | E | |
| CVE-2024-10432 | Project Worlds Simple Web-Based Chat Application index.php sql injection | E | |
| CVE-2024-10433 | Project Worlds Simple Web-Based Chat Application index.php cross site scripting | E | |
| CVE-2024-10434 | Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow | E | |
| CVE-2024-10435 | didi Super-Jacoco triggerEnvCov command injection | E | |
| CVE-2024-10436 | WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion | | |
| CVE-2024-10437 | WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation | | |
| CVE-2024-10438 | Sunnet eHRD CTMS - Authentication Bypass | S | |
| CVE-2024-10439 | Sunnet eHRD CTMS - Insecure Direct Object Reference | S | |
| CVE-2024-10440 | Sunnet eHRD CTMS - SQL Injection | S | |
| CVE-2024-10441 | Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeSta... | | |
| CVE-2024-10442 | Off-by-one error vulnerability in the transmission component in Synology Replication Service before ... | | |
| CVE-2024-10443 | Improper neutralization of special elements used in a command ('Command Injection') vulnerability in... | | |
| CVE-2024-10444 | Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager ... | | |
| CVE-2024-10445 | Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS ... | | |
| CVE-2024-10446 | Project Worlds Online Time Table Generator admindashboard.php sql injection | E | |
| CVE-2024-10447 | Project Worlds Online Time Table Generator staffdashboard.php sql injection | E S | |
| CVE-2024-10448 | code-projects Blood Bank Management System delete.php cross-site request forgery | E | |
| CVE-2024-10449 | Codezips Hospital Appointment System loginAction.php sql injection | E | |
| CVE-2024-10450 | SourceCodester Kortex Lite Advocate Office Management System POST Pa |