| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-11000 | CodeAstro Real Estate Management System About Us Page aboutedit.php unrestricted upload | E | |
| CVE-2024-11002 | InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template | | |
| CVE-2024-11003 | Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Module... | S | |
| CVE-2024-11004 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before versi... | | |
| CVE-2024-11005 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Iva... | | |
| CVE-2024-11006 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Iva... | | |
| CVE-2024-11007 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Iva... | | |
| CVE-2024-11008 | Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11009 | Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) <= 1.2.1 - Authenticated (Administrator+) SQL Injection via post_id Parameter | | |
| CVE-2024-11010 | FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion | | |
| CVE-2024-11012 | Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text | | |
| CVE-2024-11013 | Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10... | | |
| CVE-2024-11014 | Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.... | | |
| CVE-2024-11015 | Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user | | |
| CVE-2024-11016 | Grand Vice info Webopac - SQL Injection | S | |
| CVE-2024-11017 | Grand Vice info Webopac - Arbitrary File Upload | S | |
| CVE-2024-11018 | Grand Vice info Webopac - Arbitrary File Upload | S | |
| CVE-2024-11019 | Grand Vice info Webopac7 - Reflected XSS | S | |
| CVE-2024-11020 | Grand Vice info Webopac7 - SQL Injection | S | |
| CVE-2024-11021 | Grand Vice info Webopac - Stored XSS | S | |
| CVE-2024-11022 | SICK InspectorP61x and SICK InspectorP62x are vulnerable for a replay attack | M | |
| CVE-2024-11023 | Session Hijacking in Firebase JavaScript SDK | | |
| CVE-2024-11024 | AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset | | |
| CVE-2024-11025 | SMA: SQL injection in Sunny Central UP | | |
| CVE-2024-11026 | Intelligent Apps Freenow App Keystore SSL.java hard-coded password | E | |
| CVE-2024-11028 | MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation | | |
| CVE-2024-11029 | Freeipa: administrative user data leaked through systemd journal | M | |
| CVE-2024-11030 | SSRF in binary-husky/gpt_academic | E | |
| CVE-2024-11031 | SSRF in binary-husky/gpt_academic | | |
| CVE-2024-11032 | Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter | | |
| CVE-2024-11033 | Denial of Service (DoS) in binary-husky/gpt_academic | | |
| CVE-2024-11034 | Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form | | |
| CVE-2024-11035 | Carbon Black Cloud Windows Sensor Information Leak | | |
| CVE-2024-11036 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings | | |
| CVE-2024-11037 | Path Traversal in binary-husky/gpt_academic | | |
| CVE-2024-11038 | WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form | | |
| CVE-2024-11039 | Deserialization of Untrusted Data in binary-husky/gpt_academic | | |
| CVE-2024-11040 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ... | R | |
| CVE-2024-11041 | Remote Code Execution in vllm-project/vllm | | |
| CVE-2024-11042 | Arbitrary File Delete in invoke-ai/invokeai | | |
| CVE-2024-11043 | Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai | E | |
| CVE-2024-11044 | Open Redirect in automatic1111/stable-diffusion-webui | | |
| CVE-2024-11045 | Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui | | |
| CVE-2024-11046 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp os command injection | E | |
| CVE-2024-11047 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow | E | |
| CVE-2024-11048 | D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow | E | |
| CVE-2024-11049 | ZKTeco ZKBio Time Image File photo direct request | E | |
| CVE-2024-11050 | AMTT Hotel Broadband Operation System language.php cross site scripting | E | |
| CVE-2024-11051 | AMTT Hotel Broadband Operation System online_status.php sql injection | E | |
| CVE-2024-11052 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations | | |
| CVE-2024-11053 | netrc and redirect credential leak | | |
| CVE-2024-11054 | SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload | E | |
| CVE-2024-11055 | 1000 Projects Beauty Parlour Management System admin-profile.php sql injection | E | |
| CVE-2024-11056 | Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow | E | |
| CVE-2024-11057 | Codezips Hospital Appointment System removeBranchResult.php sql injection | E | |
| CVE-2024-11058 | CodeAstro Real Estate Management System About Us Page aboutedit.php sql injection | E | |
| CVE-2024-11059 | Project Worlds Free Download Online Shopping System success.php sql injection | E | |
| CVE-2024-11060 | Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection | E | |
| CVE-2024-11061 | Tenda AC10 fast_setting_wifi_set FUN_0044db3c stack-based overflow | E | |
| CVE-2024-11062 | D-Link DSL6740C - OS Command Injection | S | |
| CVE-2024-11063 | D-Link DSL6740C - OS Command Injection | S | |
| CVE-2024-11064 | D-Link DSL6740C - OS Command Injection | S | |
| CVE-2024-11065 | D-Link DSL6740C - OS Command Injection | S | |
| CVE-2024-11066 | D-Link DSL6740C - OS Command Injection | S | |
| CVE-2024-11067 | D-Link DSL6740C - Arbitrary File Reading through Path Traversal | S | |
| CVE-2024-11068 | D-Link DSL6740C - Incorrect Use of Privileged APIs | S | |
| CVE-2024-11069 | WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion | | |
| CVE-2024-11070 | Sanluan PublicCMS Tag Type save cross site scripting | E | |
| CVE-2024-11071 | Improper Access Control In DestinyECM | | |
| CVE-2024-11073 | SourceCodester Hospital Management System delete-account.php improper authorization | E | |
| CVE-2024-11074 | itsourcecode Tailoring Management System incadd.php sql injection | E | |
| CVE-2024-11075 | SICK Incoming Goods Suite privilege escalation vulnerability | S | |
| CVE-2024-11076 | code-projects Job Recruitment activation.php sql injection | E | |
| CVE-2024-11077 | code-projects Job Recruitment index.php sql injection | E | |
| CVE-2024-11078 | code-projects Job Recruitment register.php cross site scripting | E | |
| CVE-2024-11079 | Ansible-core: unsafe tagging bypass via hostvars object in ansible-core | M | |
| CVE-2024-11081 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11082 | Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function | | |
| CVE-2024-11083 | ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11084 | Potential Username Enumeration in Helix ALM | | |
| CVE-2024-11085 | WP Log Viewer <= 1.2.1 - Missing Authorization | | |
| CVE-2024-11086 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11087 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass | | |
| CVE-2024-11088 | Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor | S | |
| CVE-2024-11089 | Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11090 | Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | S | |
| CVE-2024-11091 | Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload | | |
| CVE-2024-11092 | SVGPlus <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-11093 | SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-11094 | 404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure | | |
| CVE-2024-11095 | Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-11096 | code-projects Task Manager newProject.php sql injection | E | |
| CVE-2024-11097 | SourceCodester Student Record Management System Main Menu infinite loop | E | |
| CVE-2024-11098 | SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2024-11099 | code-projects Job Recruitment login.php sql injection | E | |
| CVE-2024-11100 | 1000 Projects Beauty Parlour Management System index.php sql injection | E | |
| CVE-2024-11101 | 1000 Projects Beauty Parlour Management System search-invoices.php sql injection | E | |
| CVE-2024-11102 | SourceCodester Hospital Management System edit-doc.php cross site scripting | E | |
| CVE-2024-11103 | Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover | S | |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | S | |
| CVE-2024-11106 | Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11107 | System Dashboard < 2.8.15 - Unauthenticated Stored XSS | E | |
| CVE-2024-11108 | Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2024-11109 | WP Google Review Slider < 15.6 - Admin+ Stored XSS | E | |
| CVE-2024-11110 | Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote ... | | |
| CVE-2024-11111 | Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote at... | E | |
| CVE-2024-11112 | Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker... | | |
| CVE-2024-11113 | Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker wh... | | |
| CVE-2024-11114 | Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a r... | | |
| CVE-2024-11115 | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed... | | |
| CVE-2024-11116 | Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attac... | | |
| CVE-2024-11117 | Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote ... | | |
| CVE-2024-11118 | 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function | | |
| CVE-2024-11119 | BNE Gallery Extended <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode | | |
| CVE-2024-11120 | GeoVision EOL devices - OS Command Injection | KEV E S | |
| CVE-2024-11121 | 上海灵当信息科技有限公司 Lingdang CRM index.php sql injection | E | |
| CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload | E | |
| CVE-2024-11123 | 上海灵当信息科技有限公司 Lingdang CRM pdf.php path traversal | E | |
| CVE-2024-11124 | TimGeyssens UIOMatic uioMaticObject.r sql injection | E | |
| CVE-2024-11125 | GetSimpleCMS profile.php cross-site request forgery | E | |
| CVE-2024-11126 | Digistar AG-30 Plus Login Page excessive authentication | | |
| CVE-2024-11127 | code-projects Job Recruitment admin.php sql injection | E | |
| CVE-2024-11128 | Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS | S | |
| CVE-2024-11129 | Generation of Error Message Containing Sensitive Information in GitLab | E S | |
| CVE-2024-11130 | ZZCMS msg.php cross site scripting | E | |
| CVE-2024-11131 | A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote att... | | |
| CVE-2024-11132 | Eventer <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2024-11133 | Eventer <= 3.9.9 - Missing Authorization to Unauthenticated Event Ticket Download | | |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export | | |
| CVE-2024-11135 | Eventer <= 3.9.8 - Unauthenticated SQL Injection | | |
| CVE-2024-11136 | Arbitrary file removal via path traversal in TCL Camera | | |
| CVE-2024-11137 | IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint in lunary-ai/lunary | | |
| CVE-2024-11138 | DedeCMS friendlink_add.php unrestricted upload | E | |
| CVE-2024-11139 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exist... | | |
| CVE-2024-11140 | Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Admin+ Stored XSS | E | |
| CVE-2024-11141 | Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS | E | |
| CVE-2024-11142 | CSRF in Gosoft Software's Proticaret E-Commerce | | |
| CVE-2024-11143 | Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification | S | |
| CVE-2024-11144 | Race Condition with LightFTP | S | |
| CVE-2024-11145 | Easy Folder Listing Pro deserialization vulnerability | | |
| CVE-2024-11146 | TrueFiling authorization bypass via user-controlled keys | | |
| CVE-2024-11147 | ECOVACS lawnmowers and vacuums deterministic root password | | |
| CVE-2024-11148 | OpenBSD httpd(8) null dereference | | |
| CVE-2024-11149 | OpenBSD vmm GDTR limits | | |
| CVE-2024-11150 | WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion | | |
| CVE-2024-11153 | Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11154 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | | |
| CVE-2024-11155 | Rockwell Automation Arena® Use After Free Vulnerability | S | |
| CVE-2024-11156 | Rockwell Automation Arena® Out of Bounds Write Vulnerability | S | |
| CVE-2024-11157 | Rockwell Automation Third Party Vulnerability in Arena | S | |
| CVE-2024-11158 | Rockwell Automation Arena® Uninitialized Vulnerability | S | |
| CVE-2024-11159 | Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vul... | | |
| CVE-2024-11160 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11165 | An information disclosure vulnerability exists in the backup configuration process where the SAS tok... | | |
| CVE-2024-11166 | Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability | M | |
| CVE-2024-11167 | Improper Access Control in danny-avila/librechat | | |
| CVE-2024-11168 | Improper validation of IPv6 and IPvFuture addresses | S | |
| CVE-2024-11169 | Unhandled Exception Leading to Server Crash in danny-avila/librechat | | |
| CVE-2024-11170 | Path Traversal in danny-avila/librechat | | |
| CVE-2024-11171 | Improper Input Validation in danny-avila/librechat | | |
| CVE-2024-11172 | Denial of Service in danny-avila/librechat | | |
| CVE-2024-11173 | Unhandled Exception in danny-avila/librechat | | |
| CVE-2024-11175 | Public CMS Voting Management save cross site scripting | E S | |
| CVE-2024-11176 | Incorrect calculation of effective permissions in M-Files Aino | S | |
| CVE-2024-11177 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-11178 | Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP | | |
| CVE-2024-11179 | MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection | S | |
| CVE-2024-11180 | ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11181 | Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure | | |
| CVE-2024-11182 | Stored XSS vulnerability in MDaemon Email Server | KEV | |
| CVE-2024-11183 | Simple Side Tab < 2.2.0 - Admin+ Stored XSS | E | |
| CVE-2024-11184 | WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG | E | |
| CVE-2024-11185 | On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries. | S | |
| CVE-2024-11186 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-prem | S | |
| CVE-2024-11187 | Many records in the additional section cause CPU exhaustion | S | |
| CVE-2024-11188 | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter | | |
| CVE-2024-11189 | Social Share And Social Locker – ARSocial < 1.4.2 - Admin+ Stored XSS | E | |
| CVE-2024-11190 | jwp-a11y <= 4.1.7 - Admin+ Stored XSS | E | |
| CVE-2024-11191 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-11192 | Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode | | |
| CVE-2024-11193 | An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is... | | |
| CVE-2024-11194 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update | | |
| CVE-2024-11195 | Email Subscription Popup <= 1.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via print_email_subscribe_form Shortcode | | |
| CVE-2024-11196 | Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode | | |
| CVE-2024-11197 | Lock User Account <= 1.0.5 - User Lock Bypass | | |
| CVE-2024-11198 | GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter | | |
| CVE-2024-11199 | Rescue Shortcodes <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rescue_progressbar Shortcode | | |
| CVE-2024-11200 | Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family' | | |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | | |
| CVE-2024-11202 | Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode | | |
| CVE-2024-11203 | EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' | S | |
| CVE-2024-11204 | ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter | | |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation | | |
| CVE-2024-11206 | Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the ... | | |
| CVE-2024-11207 | Apereo CAS login redirect | E | |
| CVE-2024-11208 | Apereo CAS login session expiration | E | |
| CVE-2024-11209 | Apereo CAS 2FA login improper authentication | E | |
| CVE-2024-11210 | EyouCMS FilemanagerLogic.php editFile path traversal | E | |
| CVE-2024-11211 | EyouCMS Website Logo unrestricted upload | E | |
| CVE-2024-11212 | SourceCodester Best Employee Management System fetch_product_details.php sql injection | E | |
| CVE-2024-11213 | SourceCodester Best Employee Management System edit_role.php sql injection | E | |
| CVE-2024-11214 | SourceCodester Best Employee Management System profile.php unrestricted upload | E | |
| CVE-2024-11215 | Path traversal vulnerability in EasyPHP | | |
| CVE-2024-11216 | Broken Access Control in PozitifIK's Pik Online | | |
| CVE-2024-11217 | Oauth-server-container: oauth-server-container logs client secret in debug level | | |
| CVE-2024-11218 | Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile | M | |
| CVE-2024-11219 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View | | |
| CVE-2024-11220 | Open Automation Software Incorrect Execution-Assigned Permissions | S | |
| CVE-2024-11221 | Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS | E | |
| CVE-2024-11223 | WPForms < 1.9.2.3 - Admin+ Stored XSS | E | |
| CVE-2024-11224 | Parallax Image <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via position Parameter | | |
| CVE-2024-11225 | Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg | | |
| CVE-2024-11226 | FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter | | |
| CVE-2024-11227 | Memberlite Shortcodes <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via memberlite_accordion Shortcode | | |
| CVE-2024-11228 | 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode | | |
| CVE-2024-11229 | 코드엠샵 소셜톡 <= 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via add_plus_friends and add_plus_talk Shortcodes | | |
| CVE-2024-11230 | Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget | S | |
| CVE-2024-11231 | 우커머스 네이버페이 <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via mnp_purchase Shortcode | | |
| CVE-2024-11233 | Single byte overread with convert.quoted-printable-decode filter | E | |
| CVE-2024-11234 | Configuring a proxy in a stream context might allow for CRLF injection in URIs | E | |
| CVE-2024-11235 | Reference counting in php_request_shutdown causes Use-After-Free | E | |
| CVE-2024-11236 | Integer overflow in the firebird and dblib quoters causing OOB writes | E | |
| CVE-2024-11237 | TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow | E | |
| CVE-2024-11238 | Landray EKP sysUiComponent.do delPreviewFile path traversal | E | |
| CVE-2024-11239 | Landray EKP API Interface import.do deleteFile path traversal | E | |
| CVE-2024-11240 | IBPhoenix ibWebAdmin Banco de Dados Tab database.php cross site scripting | E | |
| CVE-2024-11241 | code-projects Job Recruitment reset.php sql injection | E | |
| CVE-2024-11242 | ZZCMS Keyword Filtering ad_list.php sql injection | E | |
| CVE-2024-11243 | code-projects Online Shop Store signup.php cross site scripting | E | |
| CVE-2024-11244 | code-projects Farmacia editar-cliente.php sql injection | E | |
| CVE-2024-11245 | code-projects Farmacia editar-produto.php sql injection | E | |
| CVE-2024-11246 | code-projects Farmacia adicionar-cliente.php cross site scripting | E | |
| CVE-2024-11247 | SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting | E | |
| CVE-2024-11248 | Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow | E | |
| CVE-2024-11250 | code-projects Inventory Management editProduct.php sql injection | E | |
| CVE-2024-11251 | erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection | E | |
| CVE-2024-11252 | Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter | | |
| CVE-2024-11253 | A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic... | | |
| CVE-2024-11254 | AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11256 | 1000 Projects Portfolio Management System MCA login.php sql injection | E | |
| CVE-2024-11257 | 1000 Projects Beauty Parlour Management System forgot-password.php sql injection | E | |
| CVE-2024-11258 | 1000 Projects Beauty Parlour Management System index.php sql injection | E | |
| CVE-2024-11259 | code-projects Farmacia fornecedores.php cross site scripting | E | |
| CVE-2024-11260 | Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.3 - Unauthenticated SQL Injection via Event Status Parameter | | |
| CVE-2024-11261 | SourceCodester Student Record Management System Number of Students Menu StudentRecordManagementSystem.cpp memory corruption | E | |
| CVE-2024-11262 | SourceCodester Student Record Management System View All Student Marks main stack-based overflow | E | |
| CVE-2024-11263 | arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y | S | |
| CVE-2024-11264 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-11265 | Wp Maximum Upload File Size <= 1.1.3 - Authenticated (Author+) Full Path Disclosure | | |
| CVE-2024-11266 | Geocache Stat Bar Widget <= 0.911 - Admin+ Stored XSS | E | |
| CVE-2024-11267 | JSP Store Locator <= 1.0 - Contributor+ SQL Injection | E | |
| CVE-2024-11268 | PDF File Parsing Vulnerability in Autodesk Revit | | |
| CVE-2024-11269 | AHAthat Plugin <= 1.6 - Admin+ SQL Injection | E | |
| CVE-2024-11270 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation | S | |
| CVE-2024-11271 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates | S | |
| CVE-2024-11272 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS | E | |
| CVE-2024-11273 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS | E | |
| CVE-2024-11274 | URL Redirection to Untrusted Site ('Open Redirect') in GitLab | E S | |
| CVE-2024-11275 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion | | |
| CVE-2024-11276 | PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting | | |
| CVE-2024-11277 | 404 Solution <= 2.35.19 - Reflected Cross-Site Scripting | S | |
| CVE-2024-11278 | GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11279 | Schema App Structured Data <= 2.2.4 - Reflected Cross-Site Scripting | | |
| CVE-2024-11280 | PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11281 | WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change | | |
| CVE-2024-11282 | Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11283 | WP JobHunt <= 7.1 - Authentication Bypass to Candidate | | |
| CVE-2024-11284 | WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover | | |
| CVE-2024-11285 | WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover | | |
| CVE-2024-11286 | WP JobHunt <= 7.1 - Authentication Bypass | | |
| CVE-2024-11287 | Ebook Store <= 5.8001 - Reflected Cross-Site Scripting | | |
| CVE-2024-11288 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-11289 | Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion | | |
| CVE-2024-11290 | Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11291 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | S | |
| CVE-2024-11292 | WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11293 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider | | |
| CVE-2024-11294 | Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11295 | Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11296 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11297 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11298 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11299 | Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11300 | Improper Access Control in lunary-ai/lunary | E S | |
| CVE-2024-11301 | Improper Enforcement of Unique Constraint in lunary-ai/lunary | | |
| CVE-2024-11302 | Missing check_access in lollms_binding_infos in parisneo/lollms | | |
| CVE-2024-11303 | Path Traversal | E | |
| CVE-2024-11304 | Multiple Stored Cross-Site Scripting | | |
| CVE-2024-11305 | Altenergy Power Control Software status_zigbee get_status_zigbee sql injection | E | |
| CVE-2024-11306 | Altenergy Power Control Software database improper authorization | E | |
| CVE-2024-11308 | TRCore DVC - Use of Hard-coded Cryptographic Key | S | |
| CVE-2024-11309 | TRCore DVC - Arbitrary File Read through Path Traversal | S | |
| CVE-2024-11310 | TRCore DVC - Arbitrary File Read through Path Traversal | S | |
| CVE-2024-11311 | TRCore DVC - Arbitrary File Upload through Path Traversal | S | |
| CVE-2024-11312 | TRCore DVC - Arbitrary File Upload through Path Traversal | S | |
| CVE-2024-11313 | TRCore DVC - Arbitrary File Upload through Path Traversal | S | |
| CVE-2024-11314 | TRCore DVC - Arbitrary File Upload through Path Traversal | S | |
| CVE-2024-11315 | TRCore DVC - Arbitrary File Upload through Path Traversal | S | |
| CVE-2024-11316 | Filesize Check | | |
| CVE-2024-11317 | PHP Session Fixation | | |
| CVE-2024-11318 | IDOR vulnerability in AbsysNet | S | |
| CVE-2024-11319 | Stored XSS in Open Source Project "django-cms" | E S | |
| CVE-2024-11320 | Command Injection leading to RCE via LDAP Misconfiguration | S | |
| CVE-2024-11321 | Reflected XSS in Hi e-learning's Learning Management System (LMS) | | |
| CVE-2024-11322 | CyberPower PowerPanel Business Unauthenticated Restart DoS | | |
| CVE-2024-11323 | AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | | |
| CVE-2024-11324 | Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting | | |
| CVE-2024-11325 | AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting | | |
| CVE-2024-11326 | Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting | | |
| CVE-2024-11327 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11328 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11329 | Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11330 | Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11331 | isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting | | |
| CVE-2024-11332 | HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11333 | HLS Player <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11334 | My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export | | |
| CVE-2024-11335 | UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11336 | Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11337 | Horoscope And Tarot <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11338 | PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting | | |
| CVE-2024-11339 | Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11341 | Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect | | |
| CVE-2024-11342 | Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11343 | Telerik Document Processing Path Traversal | | |
| CVE-2024-11344 | Type confusion vulnerability in the Postscript interpreter in various Lexmark devices | M | |
| CVE-2024-11345 | Heap-based memory vulnerability in the Postscript interpreter in various Lexmark devices | S | |
| CVE-2024-11346 | Access of Resource Using Incompatible Type in Postscript interpreter | | |
| CVE-2024-11347 | Access of Resource Using Incompatible Type in Postscript interpreter | M | |
| CVE-2024-11348 | Reflected XSS in Eura7 CMSmanager | | |
| CVE-2024-11349 | AdForest <= 5.1.6 - Authentication Bypass | | |
| CVE-2024-11350 | AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover | | |
| CVE-2024-11351 | Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | | |
| CVE-2024-11352 | TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11353 | SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion | | |
| CVE-2024-11354 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion | | |
| CVE-2024-11355 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Exposure | | |
| CVE-2024-11356 | Tourmaster < 5.3.4 - Unauthenticated Stored XSS via Room Booking | E | |
| CVE-2024-11357 | Goodlayers Core < 2.0.10 - Contributor+ Stored XSS | E | |
| CVE-2024-11358 | Insecure Android File Provider Paths | S | |
| CVE-2024-11359 | Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting | | |
| CVE-2024-11360 | Page Parts <= 1.4.3 - Reflected Cross-Site Scripting | | |
| CVE-2024-11361 | PDF Invoices & Packing Slips Generator for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11362 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11363 | Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting | | |
| CVE-2024-11364 | Rockwell Automation Third Party Vulnerability in Arena® | S | |
| CVE-2024-11365 | Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting | | |
| CVE-2024-11366 | SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11367 | Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11368 | Splash Sync <= 2.0.6 - Reflected Cross-Site Scripting | | |
| CVE-2024-11369 | Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected Cross-Site Scripting | | |
| CVE-2024-11370 | Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11371 | Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting | S | |
| CVE-2024-11372 | Connexion Logs <= 3.0.2 - Admin+ SQL Injection | E | |
| CVE-2024-11373 | Connexion Logs <= 3.0.2 - Log Deletion via CSRF | E | |
| CVE-2024-11374 | TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting | | |
| CVE-2024-11375 | WC1C <= 0.23.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11376 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241216 - Reflected Cross-Site Scripting | S | |
| CVE-2024-11377 | Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11378 | Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting | | |
| CVE-2024-11379 | Broadcast <= 51.01 - Reflected Cross-Site Scripting | | |
| CVE-2024-11380 | Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11381 | Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11382 | Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11383 | CC Canadian Mortgage Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11384 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11385 | Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11386 | GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11387 | Easy Liveblogs <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11388 | Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11390 | Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS | | |
| CVE-2024-11391 | Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload | | |
| CVE-2024-11392 | Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2024-11393 | Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2024-11394 | Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2024-11395 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentiall... | | |
| CVE-2024-11396 | Event monster <= 1.4.3 - Information Exposure Via Visitors List Export | | |
| CVE-2024-11397 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-11398 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP ... | | |
| CVE-2024-11400 | HUSKY – Products Filter for WooCommerce <= 1.3.6.3 - Reflected Cross-Site Scripting via really_curr_tax Parameter | S | |
| CVE-2024-11401 | Rapid7 Insight Platform Privilege Escalation Vulnerability | | |
| CVE-2024-11402 | WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-11403 | Out of Bounds Memory Read/Write in libjxl | | |
| CVE-2024-11404 | File Upload Bypass in django Filer | | |
| CVE-2024-11406 | Stored XSS in django CMS Attributes Fields | | |
| CVE-2024-11407 | Denial of Service through Data corruption in gRPC-C++ | | |
| CVE-2024-11408 | Slotti Ajanvaraus <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11409 | Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection | | |
| CVE-2024-11410 | Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11411 | Spotlightr <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11412 | Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11413 | HostFact bestelformulier integratie <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11414 | RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11415 | WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation | | |
| CVE-2024-11416 | WIP Incoming Lite <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11417 | dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11418 | Additional Order Filters for WooCommerce <= 1.21 - Reflected Cross-Site Scripting | | |
| CVE-2024-11419 | Password for WP <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11420 | Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11421 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The developer has disputed t... | R | |
| CVE-2024-11422 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software | | |
| CVE-2024-11423 | Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch | | |
| CVE-2024-11424 | Slick Sitemap <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11425 | CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Servic... | | |
| CVE-2024-11426 | AutoListicle: Automatically Update Numbered List Articles <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11427 | Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11428 | Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11429 | Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion | | |
| CVE-2024-11430 | SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection | | |
| CVE-2024-11431 | Ragic Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11432 | SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11433 | Surbma | SalesAutopilot Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11434 | WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting | | |
| CVE-2024-11435 | salavat counter Plugin <= 0.9.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11436 | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting | | |
| CVE-2024-11437 | Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection | | |
| CVE-2024-11438 | StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11439 | ScanCircle <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11440 | Grey Owl Lightbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11441 | Stored XSS in Serge in serge-chat/serge | | |
| CVE-2024-11442 | Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11443 | de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update | | |
| CVE-2024-11444 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion | | |
| CVE-2024-11445 | Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11446 | Chessgame Shizzle <= 1.3.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11447 | Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11449 | Server-Side Request Forgery in haotian-liu/llava | | |
| CVE-2024-11450 | ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11451 | Zooom <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11452 | Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11453 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11454 | Untrusted Search Path vulnerability in Autodesk Revit | | |
| CVE-2024-11455 | Include Mastodon Feed <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11456 | Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting | | |
| CVE-2024-11457 | Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11458 | FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11459 | Country Blocker <= 3.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11460 | Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection | | |
| CVE-2024-11461 | Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting | | |
| CVE-2024-11462 | Filestack Official <= 2.0.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11463 | DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting | | |
| CVE-2024-11464 | Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11465 | Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection | | |
| CVE-2024-11466 | Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11467 | Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a ... | | |
| CVE-2024-11468 | Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a ... | | |
| CVE-2024-11477 | 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability | | |
| CVE-2024-11479 | Authenticated HTML Injection in Issuetrak Ticket Comment Function | S | |
| CVE-2024-11481 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This l... | | |
| CVE-2024-11482 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and ena... | | |
| CVE-2024-11483 | Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5 | | |
| CVE-2024-11484 | Code4Berry Decoration Management System User Image update_image.php access control | | |
| CVE-2024-11485 | Code4Berry Decoration Management System User userregister.php permission | | |
| CVE-2024-11486 | Code4Berry Decoration Management System User Permission user_permission.php | | |
| CVE-2024-11487 | Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection | | |
| CVE-2024-11488 | 115cms web_user.html cross site scripting | E | |
| CVE-2024-11489 | 115cms file.html cross site scripting | E | |
| CVE-2024-11490 | 115cms set.html cross site scripting | E | |
| CVE-2024-11491 | 115cms useradmin.html cross site scripting | E | |
| CVE-2024-11492 | 115cms appurladd.html cross site scripting | E | |
| CVE-2024-11493 | 115cms pageAE.html cross site scripting | E | |
| CVE-2024-11494 | **UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL mo... | E | |
| CVE-2024-11495 | Buffer overflow in OllyDbg | | |
| CVE-2024-11496 | Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update | | |
| CVE-2024-11497 | Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation | | |
| CVE-2024-11498 | Resource exhaustion via Stack overflow in libjxl | | |
| CVE-2024-11499 | A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an au... | | |
| CVE-2024-11501 | Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection | | |
| CVE-2024-11502 | Planning Center Online Giving <= 1.0.0 - Contributor+ XSS via Shortcode | E | |
| CVE-2024-11503 | WP Tabs < 2.2.7 - Admin+ Stored XSS | E | |
| CVE-2024-11504 | SQL Injection in Streamsoft Prestiż | | |
| CVE-2024-11506 | IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11507 | IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability | | |
| CVE-2024-11508 | IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability | | |
| CVE-2024-11509 | IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11510 | IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11511 | IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11512 | IrfanView WBZ Plugin WB1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11513 | IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11514 | IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11515 | IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11516 | IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11517 | IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11518 | IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11519 | IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11520 | IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11521 | IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-11522 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11523 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11524 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11525 | IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-11526 | IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11527 | IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11528 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11529 | IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11530 | IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11531 | IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11532 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11533 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11534 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11535 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11536 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11537 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11538 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11539 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11540 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11541 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11542 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11543 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11544 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11545 | IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-11546 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11547 | IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11548 | IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11549 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11550 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11551 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11552 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11553 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11554 | IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11555 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11556 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11557 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11558 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11559 | IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11560 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11561 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11562 | IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11563 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11564 | IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11565 | IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11566 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11567 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11568 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11569 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11570 | IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-11571 | IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11572 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11573 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11574 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11575 | IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11576 | Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11577 | Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11578 | Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11579 | Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11580 | Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11581 | Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-11582 | Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter | | |
| CVE-2024-11583 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion | | |
| CVE-2024-11585 | WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion | | |
| CVE-2024-11586 | Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset i... | | |
| CVE-2024-11587 | idcCMS classProvCity.php GetCityOptionJs cross site scripting | E | |
| CVE-2024-11588 | AVL-DiTEST-DiagDev libdoip DoIPConnection.cpp reactOnReceivedTcpMessage null pointer dereference | E | |
| CVE-2024-11589 | itsourcecode Tailoring Management System expcatedit.php sql injection | E | |
| CVE-2024-11590 | 1000 Projects Bookstore Management System forget_password_process.php sql injection | E | |
| CVE-2024-11591 | 1000 Projects Beauty Parlour Management System add-services.php sql injection | E | |
| CVE-2024-11592 | 1000 Projects Beauty Parlour Management System about-us.php sql injection | E | |
| CVE-2024-11595 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark | S | |
| CVE-2024-11596 | Buffer Over-read in Wireshark | E S | |
| CVE-2024-11597 | Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024... | | |
| CVE-2024-11598 | Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024... | | |
| CVE-2024-11599 | Domain Restriction Bypass on Registration | S | |
| CVE-2024-11600 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Authenticated (Administrator+) Remote Code Execution | S | |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update | S | |
| CVE-2024-11602 | CORS Vulnerability in feast-dev/feast | | |
| CVE-2024-11603 | Server-Side Request Forgery in lm-sys/fastchat | | |
| CVE-2024-11605 | WP Publications <= 1.2 - Admin+ Stored XSS | E | |
| CVE-2024-11606 | Tabs Shortcode <= 2.0.2 - Contributor+ XSS via Shortcode | E | |
| CVE-2024-11607 | GTPayment Donations <= 1.0.0 - Stored XSS via CSRF | E | |
| CVE-2024-11608 | A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a ... | | |
| CVE-2024-11609 | AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11610 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11611 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-11612 | 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability | | |
| CVE-2024-11613 | WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion | S | |
| CVE-2024-11614 | Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library | | |
| CVE-2024-11615 | Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion | | |
| CVE-2024-11616 | Double-fetch heap overflow | S | |
| CVE-2024-11617 | Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file | | |
| CVE-2024-11618 | IPC Unigy Management System HTTP Request server-side request forgery | E | |
| CVE-2024-11619 | macrozheng mall JWT Token default key | | |
| CVE-2024-11620 | WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-11621 | Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux a... | | |
| CVE-2024-11622 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote ... | | |
| CVE-2024-11623 | Stored XSS in authentik | S | |
| CVE-2024-11624 | there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to loca... | | |
| CVE-2024-11625 | Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefin... | | |
| CVE-2024-11626 | Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS... | | |
| CVE-2024-11627 | : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.Thi... | | |
| CVE-2024-11628 | Prototype Pollution in Progress® Telerik® Kendo UI for Vue | | |
| CVE-2024-11629 | Telerik Document Processing RTF Export of Arbitrary File Path | | |
| CVE-2024-11630 | E-Lins H685/H685f/H700/H720/H750/H820/H820Q/H820Q0/H900 OEM Backend hard-coded credentials | E | |
| CVE-2024-11631 | itsourcecode Tailoring Management System expedit.php sql injection | E | |
| CVE-2024-11632 | code-projects Simple Car Rental System book_car.php sql injection | E | |
| CVE-2024-11633 | Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated at... | | |
| CVE-2024-11634 | Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before v... | | |
| CVE-2024-11635 | WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution | | |
| CVE-2024-11636 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | E | |
| CVE-2024-11637 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11638 | Gtbabel < 6.6.9 - Unauthenticated Admin Account Takeover | E | |
| CVE-2024-11639 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthe... | | |
| CVE-2024-11640 | VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload | S | |
| CVE-2024-11641 | VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload | S | |
| CVE-2024-11642 | Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion | | |
| CVE-2024-11643 | Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update | | |
| CVE-2024-11644 | WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2024-11645 | Float Block <= 1.7 - Admin+ Stored XSS via Widget | E | |
| CVE-2024-11646 | 1000 Projects Beauty Parlour Management System edit-services.php sql injection | E | |
| CVE-2024-11647 | 1000 Projects Beauty Parlour Management System view-appointment.php sql injection | E | |
| CVE-2024-11648 | 1000 Projects Beauty Parlour Management System add-customer.php sql injection | E | |
| CVE-2024-11649 | 1000 Projects Beauty Parlour Management System search-appointment.php sql injection | E | |
| CVE-2024-11650 | Tenda i9 GetIPTV websReadEvent null pointer dereference | E | |
| CVE-2024-11651 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT wifi_schedule command injection | E | |
| CVE-2024-11652 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT sn_https command injection | E | |
| CVE-2024-11653 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_traceroute command injection | E | |
| CVE-2024-11654 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_traceroute6 command injection | E | |
| CVE-2024-11655 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_pinginterface command injection | E | |
| CVE-2024-11656 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_ping6 command injection | E | |
| CVE-2024-11657 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_nslookup command injection | E | |
| CVE-2024-11658 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT ajax_getChannelList command injection | E | |
| CVE-2024-11659 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection | E | |
| CVE-2024-11660 | code-projects Farmacia usuario.php cross site scripting | E | |
| CVE-2024-11661 | Codezips Free Exam Hall Seating Management System Profile Image profile.php unrestricted upload | E | |
| CVE-2024-11662 | welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization | E | |
| CVE-2024-11663 | Codezips E-Commerce Site search.php sql injection | E | |
| CVE-2024-11664 | eNMS TGZ File controller.py multiselect_filtering path traversal | E S | |
| CVE-2024-11665 | Unauthenticated Remote Command Injection | E | |
| CVE-2024-11666 | Unauthenticated Remote Command Injection in eCharge Salia PLCC | E | |
| CVE-2024-11667 | A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware ver... | KEV | |
| CVE-2024-11668 | Insufficient Session Expiration in GitLab | S | |
| CVE-2024-11669 | Incorrect Authorization in GitLab | S | |
| CVE-2024-11670 | Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager... | | |
| CVE-2024-11671 | Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024... | | |
| CVE-2024-11672 | Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2... | | |
| CVE-2024-11673 | 1000 Projects Bookstore Management System cross-site request forgery | E | |
| CVE-2024-11674 | CodeAstro Hospital Management System his_doc_update-account.php unrestricted upload | E M | |
| CVE-2024-11675 | CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting | E M | |
| CVE-2024-11676 | CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting | E M | |
| CVE-2024-11677 | CodeAstro Hospital Management System Add Vendor Details Page his_admin_add_vendor.php cross site scripting | E M | |
| CVE-2024-11678 | CodeAstro Hospital Management System his_doc_register_patient.php cross site scripting | E | |
| CVE-2024-11679 | An input validation weakness was reported in the TpmSetup module for some legacy System x server pro... | S | |
| CVE-2024-11680 | ProjectSend Unauthenticated Configuration Modification | KEV E S | |
| CVE-2024-11681 | Remote Code Execution in MacPorts | | |
| CVE-2024-11682 | G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11683 | Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11684 | Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting | | |
| CVE-2024-11685 | Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' | | |
| CVE-2024-11686 | WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting | | |
| CVE-2024-11687 | Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11688 | LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting | | |
| CVE-2024-11689 | HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update | | |
| CVE-2024-11690 | Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting | | |
| CVE-2024-11691 | Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write... | | |
| CVE-2024-11692 | An attacker could cause a select dropdown to be shown over another tab; this could have led to user ... | | |
| CVE-2024-11693 | The executable file warning was not presented when downloading .library-ms files. *Note: This issu... | | |
| CVE-2024-11694 | Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass a... | | |
| CVE-2024-11695 | A crafted URL containing Arabic script and whitespace characters could have hidden the true origin o... | | |
| CVE-2024-11696 | The application failed to account for exceptions thrown by the `loadManifestFromFile` method during ... | | |
| CVE-2024-11697 | When handling keypress events, an attacker may have been able to trick a user into bypassing the "Op... | | |
| CVE-2024-11698 | A flaw in handling fullscreen transitions may have inadvertently caused the application to become st... | | |
| CVE-2024-11699 | Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these b... | | |
| CVE-2024-11700 | Malicious websites may have been able to perform user intent confirmation through tapjacking. This c... | | |
| CVE-2024-11701 | The incorrect domain may have been displayed in the address bar during an interrupted navigation att... | | |
| CVE-2024-11702 | Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have ina... | | |
| CVE-2024-11703 | On Android, Firefox may have inadvertently allowed viewing saved passwords without the required devi... | | |
| CVE-2024-11704 | A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an erro... | | |
| CVE-2024-11705 | `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was pas... | | |
| CVE-2024-11706 | A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `S... | | |
| CVE-2024-11707 | My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting | | |
| CVE-2024-11708 | Missing thread synchronization primitives could have led to a data race on members of the PlaybackPa... | | |
| CVE-2024-11709 | AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion | | |
| CVE-2024-11710 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection | S | |
| CVE-2024-11711 | WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection | S | |
| CVE-2024-11712 | WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download | S | |
| CVE-2024-11713 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() | S | |
| CVE-2024-11714 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() | S | |
| CVE-2024-11715 | WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation | S | |
| CVE-2024-11716 | While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registr... | E S | |
| CVE-2024-11717 | Tokens in CTFd used for account activation and password resetting can be used interchangeably for th... | E S | |
| CVE-2024-11718 | tarteaucitron.js for WordPress < 0.3.0 - Author+ Stored XSS | E | |
| CVE-2024-11719 | tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF | E | |
| CVE-2024-11720 | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting | | |
| CVE-2024-11721 | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation | | |
| CVE-2024-11722 | Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection | | |
| CVE-2024-11723 | kvCORE IDX <= 2.3.35 - Reflected Cross-Site Scripting | | |
| CVE-2024-11724 | Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Whitelist Script | | |
| CVE-2024-11725 | SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | | |
| CVE-2024-11726 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | | |
| CVE-2024-11727 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting | | |
| CVE-2024-11728 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection | S | |
| CVE-2024-11729 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection | S | |
| CVE-2024-11730 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection | S | |
| CVE-2024-11731 | Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode | | |
| CVE-2024-11732 | BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter | | |
| CVE-2024-11733 | WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution | | |
| CVE-2024-11734 | Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers | M | |
| CVE-2024-11736 | Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables | M | |
| CVE-2024-11737 | CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a ... | | |
| CVE-2024-11738 | Rustls: rustls network-reachable panic in `acceptor::accept` | | |
| CVE-2024-11740 | Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution | | |
| CVE-2024-11741 | Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps... | | |
| CVE-2024-11742 | SourceCodester Best House Rental Management System ajax.php cross site scripting | E | |
| CVE-2024-11743 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery | E | |
| CVE-2024-11744 | 1000 Projects Portfolio Management System MCA register.php sql injection | E | |
| CVE-2024-11745 | Tenda AC8 SetStaticRouteCfg route_static_check stack-based overflow | E | |
| CVE-2024-11746 | Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11747 | Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11748 | Taeggie Feed <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11749 | App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11750 | ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11751 | TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11752 | Eveeno <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11753 | UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11754 | Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11755 | IMS Countdown <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11756 | SweepWidget Contests, Giveaways, Photo Contests, Competitions <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11757 | WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11758 | WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11759 | Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11760 | Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11761 | LegalWeb Cloud <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11763 | Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11764 | Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11765 | WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11766 | WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11767 | NewsmanApp <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11768 | Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files | S | |
| CVE-2024-11769 | Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11770 | Post Carousel & Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11771 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access... | | |
| CVE-2024-11772 | Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authen... | | |
| CVE-2024-11773 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authentica... | | |
| CVE-2024-11774 | Outdooractive Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11775 | Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11776 | PCRecruiter Extensions <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11777 | Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11778 | CanadaHelps Embedded Donation <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11779 | WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11780 | Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11781 | Smart Agenda – Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11782 | WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11783 | Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11784 | Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11785 | Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11786 | Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11787 | Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11788 | StreamWeasels YouTube Integration <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11789 | Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11790 | Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11791 | Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11792 | Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11793 | Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11794 | Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11795 | Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11796 | Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11797 | Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11798 | Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11799 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11800 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11801 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11802 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11803 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-11804 | Planaday API <= 11.4 - Reflected Cross-Site Scripting | | |
| CVE-2024-11805 | Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting | | |
| CVE-2024-11806 | PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11807 | NPS computy <= 2.8.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11808 | Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting | | |
| CVE-2024-11809 | Primer MyData for Woocommerce <= 4.2.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11810 | PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting | | |
| CVE-2024-11811 | Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting | | |
| CVE-2024-11812 | Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11813 | Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2024-11814 | Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting | | |
| CVE-2024-11815 | Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting | | |
| CVE-2024-11816 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution | S | |
| CVE-2024-11817 | PHPGurukul User Registration & Login and User Management System index.php sql injection | E | |
| CVE-2024-11818 | PHPGurukul User Registration & Login and User Management System signup.php sql injection | E | |
| CVE-2024-11819 | 1000 Projects Portfolio Management System MCA forgot_password_process.php sql injection | E | |
| CVE-2024-11820 | code-projects Crud Operation System add.php cross site scripting | E | |
| CVE-2024-11821 | Privilege Escalation in langgenius/dify | | |
| CVE-2024-11822 | Server-Side Request Forgery (SSRF) in langgenius/dify | E | |
| CVE-2024-11823 | Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11824 | Stored XSS in langgenius/dify | | |
| CVE-2024-11825 | Broadstreet <= 1.50.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter | | |
| CVE-2024-11826 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11827 | Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode | | |
| CVE-2024-11828 | Inefficient Algorithmic Complexity in GitLab | E S | |
| CVE-2024-11829 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11830 | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | M | |
| CVE-2024-11832 | Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11833 | Arbitrary Directory Write via Runbooks Artifact Upload | | |
| CVE-2024-11834 | Arbitrary File Write via PTRAC Import | | |
| CVE-2024-11835 | Denial of Service | | |
| CVE-2024-11836 | Server-side Request Forgery | | |
| CVE-2024-11837 | N1QL Injection | | |
| CVE-2024-11838 | Local File Inclusion | | |
| CVE-2024-11839 | Insecure Deserialization via Runbooks Imports | | |
| CVE-2024-11840 | RapidLoad – Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification and SQL Injection | | |
| CVE-2024-11841 | Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2024-11842 | DN Shipping by Weight for WooCommerce < 1.2 - Settings Update via CSRF | E | |
| CVE-2024-11843 | Panorama – WordPress Project Management Plugin <= 1.5.1 - Admin+ Stored XSS | E | |
| CVE-2024-11844 | IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion | | |
| CVE-2024-11846 | Travel Tour < 5.2.4 - Reflected XSS | E | |
| CVE-2024-11847 | WP SVG Upload <= 1.0.0 - Author+ Stored XSS via SVG | E | |
| CVE-2024-11848 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | | |
| CVE-2024-11849 | Pods – Custom Content Types and Fields < 3.2.8.1 - Admin+ Stored XSS | E | |
| CVE-2024-11850 | Stored XSS in langgenius/dify | | |
| CVE-2024-11851 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update | | |
| CVE-2024-11852 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization | S | |
| CVE-2024-11853 | jAlbum Bridge <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter | | |
| CVE-2024-11854 | Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter | | |
| CVE-2024-11855 | Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter | | |
| CVE-2024-11856 | HPE IceWall Products, Remote Unauthorized Data Modification | S | |
| CVE-2024-11858 | Radare2: command injection via pebble application files in radare2 | | |
| CVE-2024-11859 | DLL Search Order Hijacking in ESET products for Windows | | |
| CVE-2024-11860 | SourceCodester Best House Rental Management System POST Request ajax.php improper authorization | E | |
| CVE-2024-11861 | Command injection in EnerSys AMPA 22.09 and prior versions | | |
| CVE-2024-11862 | Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an at... | | |
| CVE-2024-11863 | SCP-Firmware Vulnerability | | |
| CVE-2024-11864 | SCP-Firmware Vulnerability | | |
| CVE-2024-11865 | Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11866 | BMLT Tabbed Map <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11867 | Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11868 | LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API | | |
| CVE-2024-11869 | Buk for WordPress <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11870 | Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11871 | Social Media Shortcodes <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11872 | Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability | | |
| CVE-2024-11873 | glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11874 | Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11875 | Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11876 | Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11877 | Cricket Live Score <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11878 | Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11879 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53752. Reason: ... | R | |
| CVE-2024-11880 | B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11881 | Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11882 | FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11883 | Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11884 | Wp photo text slider 50 <= 8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11885 | NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11886 | Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11887 | Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11888 | IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11889 | My IDX Home Search <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11890 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-11891 | Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11892 | Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11893 | Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11894 | The Permalinker <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11895 | Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11896 | Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11897 | Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11898 | Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11899 | Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11900 | Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11901 | PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11902 | Slope Widgets <= 4.2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11903 | WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11904 | 코드엠샵 소셜톡 <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11905 | Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11906 | TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11907 | Skyword API Plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11910 | WP Crowdfunding <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2024-11911 | WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation | S | |
| CVE-2024-11912 | Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id | | |
| CVE-2024-11913 | Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery | | |
| CVE-2024-11914 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11915 | RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure | | |
| CVE-2024-11916 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | S | |
| CVE-2024-11917 | JobSearch WP Job Board <= 2.8.8 - Authentication Bypass via Social Logins | | |
| CVE-2024-11918 | Image Alt Text <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update | | |
| CVE-2024-11921 | Give < 3.19.0 - Reflected XSS | E | |
| CVE-2024-11922 | Input Validation vulnerability in Web Client emails that do not go through Secure Mail | S | |
| CVE-2024-11923 | Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3 | S | |
| CVE-2024-11924 | Email Subscribers < 5.7.52 - Admin+ Stored XSS | E | |
| CVE-2024-11925 | WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation | | |
| CVE-2024-11926 | Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions | | |
| CVE-2024-11928 | iChart – Easy Charts and Graphs <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter | | |
| CVE-2024-11929 | Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting | | |
| CVE-2024-11930 | Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode | S | |
| CVE-2024-11931 | Insufficient Granularity of Access Control in GitLab | S | |
| CVE-2024-11933 | Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-11934 | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter | | |
| CVE-2024-11935 | Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter | | |
| CVE-2024-11936 | Zox News <= 3.16.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | | |
| CVE-2024-11938 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | | |
| CVE-2024-11939 | Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data | | |
| CVE-2024-11940 | Property Hive Mortgage Calculator <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via price Parameter | | |
| CVE-2024-11941 | Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 | | |
| CVE-2024-11942 | Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 | | |
| CVE-2024-11943 | 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter | | |
| CVE-2024-11944 | iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2024-11945 | Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | | |
| CVE-2024-11946 | iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability | | |
| CVE-2024-11947 | GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2024-11948 | GFI Archiver Telerik Web UI Remote Code Execution Vulnerability | | |
| CVE-2024-11949 | GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2024-11950 | XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability | | |
| CVE-2024-11951 | Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register | | |
| CVE-2024-11952 | Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion | | |
| CVE-2024-11953 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2024-11954 | Pimcore Search Document cross site scripting | E | |
| CVE-2024-11955 | GLPI index.php redirect | E S | |
| CVE-2024-11956 | Pimcore customer-data-framework list sql injection | E S | |
| CVE-2024-11957 | Arbitrary Code Execution in WPS Office | | |
| CVE-2024-11958 | SQL Injection in run-llama/llama_index | | |
| CVE-2024-11959 | D-Link DIR-605L formResetStatistic buffer overflow | E | |
| CVE-2024-11960 | D-Link DIR-605L formSetPortTr buffer overflow | E | |
| CVE-2024-11961 | Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure | E | |
| CVE-2024-11962 | code-projects Simple Car Rental System login.php sql injection | E | |
| CVE-2024-11963 | code-projects Responsive Hotel Site room.php sql injection | E | |
| CVE-2024-11964 | PHPGurukul Complaint Management system index.php sql injection | E | |
| CVE-2024-11965 | PHPGurukul Complaint Management system reset-password.php sql injection | E | |
| CVE-2024-11966 | PHPGurukul Complaint Management system index.php sql injection | E | |
| CVE-2024-11967 | PHPGurukul Complaint Management system reset-password.php sql injection | E | |
| CVE-2024-11968 | code-projects Farmacia pagamento.php sql injection | E | |
| CVE-2024-11969 | Incorrect default permissions in Cradlepoint NetCloud Exchange | S | |
| CVE-2024-11970 | code-projects Concert Ticket Ordering System tour(cor).php sql injection | E | |
| CVE-2024-11971 | Guizhou Xiaoma Technology jpress Avatar upload cross site scripting | E | |
| CVE-2024-11972 | Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation | E | |
| CVE-2024-11973 | Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters | | |
| CVE-2024-11974 | Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters | S | |
| CVE-2024-11975 | Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | | |
| CVE-2024-11977 | kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution | | |
| CVE-2024-11978 | Interinfo DreamMaker - Arbitrary File Reading through Path Traversal | S | |
| CVE-2024-11979 | Interinfo DreamMaker - Unrestricted File Upload through Path Traversal | S | |
| CVE-2024-11980 | Billion Electric router - Missing Authentication | S | |
| CVE-2024-11981 | Billion Electric router - Authentication Bypass | S | |
| CVE-2024-11982 | Billion Electric router - Plaintext Storage of a Password | S | |
| CVE-2024-11983 | Billion Electric router - OS Command Injection | S | |
| CVE-2024-11984 | SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type | | |
| CVE-2024-11985 | An improper input validation vulnerability leads to device crashes in certain ASUS router models. R... | | |
| CVE-2024-11986 | Stored XSS in CrushFTP | | |
| CVE-2024-11990 | Cross-Site Scripting (XSS) en SurgeMail de NetWin | S | |
| CVE-2024-11991 | Uninitialized memory access in Motoko incremental garbage collector | M | |
| CVE-2024-11992 | Path traversal vulnerability in Quick.CMS | | |
| CVE-2024-11993 | Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Lif... | | |
| CVE-2024-11994 | APM Server Insertion of Sensitive Information into Log File | | |
| CVE-2024-11995 | code-projects Farmacia pagamento.php cross site scripting | E | |
| CVE-2024-11996 | code-projects Farmacia editar-fornecedor.php cross site scripting | E | |
| CVE-2024-11997 | code-projects Farmacia vendas.php cross site scripting | E | |
| CVE-2024-11998 | code-projects Farmacia visualizer-forneccedor.chp sql injection | E | |
| CVE-2024-11999 | CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete ... | |