CVE-2024-12xxx

There are 917 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-12000 code-projects Blood Bank System Setting updatesettings.php cross site scripting
E
CVE-2024-12001 code-projects Wazifa System Setting updatesettings.php cross site scripting
E
CVE-2024-12002 Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference
E
CVE-2024-12003 WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12004 WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12005 WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting
S
CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation
S
CVE-2024-12007 code-projects Farmacia visualizar-produto.php sql injection
E
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
S
CVE-2024-12009 A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 ...
CVE-2024-12010 A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel ...
CVE-2024-12011 A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware v...
CVE-2024-12012 A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130....
CVE-2024-12013 A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
S
CVE-2024-12015 SQL Injection in WordPress Project Manager Plugin
CVE-2024-12016 SQLi in CM Informatics' CM News
CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion
CVE-2024-12019 Arbitrary File Read via Document API
M
CVE-2024-12020 Reflected Cross-Site Scripting (XSS)
CVE-2024-12021 Stored Cross-Site Scripting
S
CVE-2024-12022 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: ...
R
CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection
CVE-2024-12024 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.5.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name
S
CVE-2024-12025 Collapsing Categories <= 3.0.8 - Unauthenticated SQL Injection
CVE-2024-12026 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation
CVE-2024-12027 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions
CVE-2024-12028 Friends <= 3.2.1 - Missing Authorization
CVE-2024-12029 Remote Code Execution via Model Deserialization in invoke-ai/invokeai
E
CVE-2024-12030 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection
S
CVE-2024-12031 Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection
CVE-2024-12032 Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection
CVE-2024-12033 Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync
S
CVE-2024-12034 Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock
CVE-2024-12035 CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2024-12036 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read
CVE-2024-12037 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode
S
CVE-2024-12039 Improper Restriction of Excessive Authentication Attempts in langgenius/dify
CVE-2024-12040 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme'
CVE-2024-12041 Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure
S
CVE-2024-12042 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting)
S
CVE-2024-12043 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12044 Remote Code Execution by Pickle Deserialization in open-mmlab/mmdetection
CVE-2024-12045 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
S
CVE-2024-12046 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
CVE-2024-12047 WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter
CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi
E
CVE-2024-12049 Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters
CVE-2024-12053 Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potential...
CVE-2024-12054 ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness
M
CVE-2024-12055 DoS using malicious gguf model file in ollama/ollama
E
CVE-2024-12056 Client Secret not checked with OAuth Password grant type
S
CVE-2024-12057 User credentials recorded in log files
S
CVE-2024-12058 External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy S...
CVE-2024-12059 ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read
S
CVE-2024-12060 WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters
CVE-2024-12061 Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure
CVE-2024-12062 Charity Addon for Elementor <= 1.3.2 - Authenticated (Contributor+) Post Disclosure
CVE-2024-12063 Denial of Service in imartinez/privategpt
CVE-2024-12064 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-12065 Local File Inclusion in haotian-liu/llava
CVE-2024-12066 SMSA Shipping(official) <= 2.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2024-12067 WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection
CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava
CVE-2024-12069 Lexicata <= 1.0.16 - Reflected Cross-Site Scripting
CVE-2024-12070 Denial of Service in haotian-liu/llava
E
CVE-2024-12071 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
S
CVE-2024-12072 Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting
CVE-2024-12073 Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12074 Denial of Service in automatic1111/stable-diffusion-webui
CVE-2024-12076 Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id'
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key
CVE-2024-12079 ECOVACS lawnmowers cleartext storage of anti-theft PIN
CVE-2024-12082 Ability Runtime has an out-of-bounds read permission bypass vulnerability
CVE-2024-12083 Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers
S
CVE-2024-12084 Rsync: heap buffer overflow in rsync due to improper checksum length handling
E M
CVE-2024-12085 Rsync: info leak via uninitialized stack contents
E M
CVE-2024-12086 Rsync: rsync server leaks arbitrary client files
E M
CVE-2024-12087 Rsync: path traversal vulnerability in rsync
E M
CVE-2024-12088 Rsync: --safe-links option bypass leads to path traversal
E M
CVE-2024-12089 Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-12090 Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x
CVE-2024-12091 Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-12092 Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x
CVE-2024-12093 Improper Validation of Consistency within Input in GitLab
E S
CVE-2024-12094 Information Disclosure Vulnerability in Tinxy
S
CVE-2024-12095 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12096 Exhibit to WP Gallery <= 0.0.2 - Reflected XSS
E
CVE-2024-12097 SQLi in Boceksoft Informatics' E-Travel
CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting
CVE-2024-12099 Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure
CVE-2024-12100 Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting
CVE-2024-12101 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-12102 Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure
CVE-2024-12103 Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure
CVE-2024-12104 Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion
S
CVE-2024-12105 WhatsUp Gold - SnmpExtendedActiveMonitor path traversal
CVE-2024-12106 WhatsUp Gold - LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication
CVE-2024-12107 Double Free in µD3TN
S
CVE-2024-12108 WhatsUp Gold - Public API signing key rotation issue
CVE-2024-12109 Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi
E
CVE-2024-12110 Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation
CVE-2024-12111 Potential LDAP authentication vulnerabilities in OpenText Privileged Access Manager
CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-12113 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion
CVE-2024-12114 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates
S
CVE-2024-12115 Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication
S
CVE-2024-12116 Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.1 - Authenticated (Contributor+) Post Disclosure
CVE-2024-12117 Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12119 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size
CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12121 Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery
CVE-2024-12122 ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters
CVE-2024-12123 Unauthorized Modification of Ticket Requester
S
CVE-2024-12124 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54290. Reason: ...
R
CVE-2024-12126 SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter
CVE-2024-12127 Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter
CVE-2024-12128 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter
CVE-2024-12129 Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2024-12130 Rockwell Automation Arena® Out of Bounds Read Vulnerability
S
CVE-2024-12131 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference
CVE-2024-12132 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference
S
CVE-2024-12133 Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
CVE-2024-12136 Improper Access Control in Elfatek Elektronics' ANKA JPD-00028
CVE-2024-12137 Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028
CVE-2024-12138 horilla create_skills deserialization
E
CVE-2024-12140 Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure
CVE-2024-12142 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could ...
CVE-2024-12144 SQLi in Finder Fire Safety's Finder ERP/CRM (Old System)
CVE-2024-12146 SQLi in Finder Fire Safety's Finder ERP/CRM (New System)
CVE-2024-12147 Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow
E
CVE-2024-12148 Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earl...
CVE-2024-12149 Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop...
CVE-2024-12151 Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and e...
CVE-2024-12152 MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download
CVE-2024-12153 GDY Modular Content <= 0.9.91 - Reflected Cross-Site Scripting
CVE-2024-12155 SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update
CVE-2024-12156 AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting
CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
CVE-2024-12159 Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure
CVE-2024-12160 Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting
CVE-2024-12161 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12162 Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting
CVE-2024-12163 GoodLayers Core < 2.1.3 - Subscriber+ Stored XSS via SVG Upload
E
CVE-2024-12164 WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
S
CVE-2024-12165 Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting
CVE-2024-12166 Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via 'page'
CVE-2024-12167 Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce
CVE-2024-12169 A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 func...
CVE-2024-12170 ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
S
CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update
CVE-2024-12173 Master Slider < 3.10.5 - Editor+ Stored XSS
E
CVE-2024-12174 An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenti...
S
CVE-2024-12175 Rockwell Automation Code Execution Vulnerability in Arena
S
CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-12177 Ai Image Alt Text Generator for WP <= 1.0.2 - Reflected Cross-Site Scripting
CVE-2024-12178 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12179 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12180 DedeCMS article_add.php cross site scripting
E
CVE-2024-12181 DedeCMS SWF File uploads_add.php cross site scripting
E
CVE-2024-12182 DedeCMS soft_add.php cross site scripting
E
CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting
E
CVE-2024-12184 WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download
S
CVE-2024-12185 code-projects Hotel Management System Administrator Login Password stack-based overflow
E
CVE-2024-12186 code-projects Hotel Management System Available Room hotelnew.c stack-based overflow
E
CVE-2024-12187 1000 Projects Library Management System showbook.php sql injection
E
CVE-2024-12188 1000 Projects Library Management System stu.php sql injection
E
CVE-2024-12189 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure
CVE-2024-12191 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12192 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12193 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12194 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12195 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection
S
CVE-2024-12196 Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier all...
CVE-2024-12197 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12198 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12199 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12200 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12201 Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
S
CVE-2024-12202 Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax
CVE-2024-12203 RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization
CVE-2024-12205 Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion
CVE-2024-12207 Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-12208 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: ...
R
CVE-2024-12209 WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion
CVE-2024-12210 Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion
CVE-2024-12211 Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile....
CVE-2024-12212 Horner Automation Cscape Out-of-bounds Read
S
CVE-2024-12213 WP Job Board Pro <= 1.2.76 - Unauthenticated Privilege Escalation via process_register
CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter
CVE-2024-12215 Remote Code Execution in kedro-org/kedro
CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv
CVE-2024-12217 Path Traversal in gradio-app/gradio
E
CVE-2024-12218 Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12219 Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting
CVE-2024-12220 SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter
CVE-2024-12222 Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter
CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass
M
CVE-2024-12226 In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written...
CVE-2024-12227 MSI Dragon Center IOCTL NTIOLib_X64.sys MmUnMapIoSpace null pointer dereference
S
CVE-2024-12228 PHPGurukul Complaint Management System user-search.php sql injection
E
CVE-2024-12229 PHPGurukul Complaint Management System complaint-search.php sql injection
E
CVE-2024-12230 PHPGurukul Complaint Management System subcategory.php sql injection
E
CVE-2024-12231 CodeZips Project Management System index.php sql injection
E
CVE-2024-12232 code-projects Simple CRUD Functionality index.php cross site scripting
E
CVE-2024-12233 code-projects Online Notice Board Profile Picture registration.php unrestricted upload
E
CVE-2024-12234 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection
E
CVE-2024-12235 Shenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access control
E
CVE-2024-12236 Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration
CVE-2024-12237 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery
CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
CVE-2024-12239 PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter
CVE-2024-12240 Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter
CVE-2024-12242 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12243 Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos
CVE-2024-12244 Missing Authorization in GitLab
E S
CVE-2024-12245 Blind SQL Injection in Logout
CVE-2024-12246 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes
S
CVE-2024-12248 Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor
S
CVE-2024-12249 GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection
CVE-2024-12250 Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure
CVE-2024-12251 Improper neutralization special element in hyperlinks
CVE-2024-12252 SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution)
CVE-2024-12253 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access
CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()
S
CVE-2024-12255 Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure
CVE-2024-12256 Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting
CVE-2024-12257 CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting
CVE-2024-12258 WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting
CVE-2024-12259 CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation
CVE-2024-12260 Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting
CVE-2024-12261 SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting
CVE-2024-12262 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step'
CVE-2024-12263 Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete
CVE-2024-12264 PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation
CVE-2024-12265 Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure
CVE-2024-12266 ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization
CVE-2024-12267 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion
CVE-2024-12268 Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12269 Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export
S
CVE-2024-12270 Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection
CVE-2024-12271 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-12272 WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion
CVE-2024-12273 Calculated Fields Form < 5.2.62 - Admin+ Stored XSS
E
CVE-2024-12274 BookingPress < 1.1.23 - Unauthenticated Export File Download
E
CVE-2024-12275 CanvasFlow <= 1.5.5 - Reflected XSS
E
CVE-2024-12276 Ultimate Member <= 2.9.2 - Authenticated SQL Injection
S
CVE-2024-12278 Booster for WooCommerce <= 7.2.5 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2024-12279 WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12280 WP Customer Area <= 8.2.4 - Event Log Deletion via CSRF
E
CVE-2024-12281 Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile
CVE-2024-12282 WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF
E
CVE-2024-12283 WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter
CVE-2024-12284 Authenticated privilege escalation
CVE-2024-12285 SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter
CVE-2024-12286 MOBATIME Network Master Clock has a use of default credentials vulnerability
S
CVE-2024-12287 Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user
CVE-2024-12288 Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12289 Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
CVE-2024-12290 Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter
CVE-2024-12291 ViewMedica 9 <= 1.4.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab
S
CVE-2024-12293 User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation
CVE-2024-12294 Last Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information Exposure
CVE-2024-12295 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password
CVE-2024-12296 Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options
CVE-2024-12297 Frontend Authorization Logic Disclosure Vulnerability
S
CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer
S
CVE-2024-12299 System Dashboard <= 2.8.15 - Reflected Cross-Site Scripting via Filename Parameter
CVE-2024-12300 AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload
CVE-2024-12301 JSP Store Locator <= 1.0 - Deletion via Missing CSRF
E
CVE-2024-12302 Icegram Engage < 3.1.32 - Author+ Stored XSS
E
CVE-2024-12304 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link
S
CVE-2024-12305 Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform
E
CVE-2024-12306 Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
E
CVE-2024-12307 Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform
E
CVE-2024-12308 Logo Slider < 4.6.0 - Contributor+ Stored XSS
E
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts
CVE-2024-12311 Email Subscribers < 5.7.44 - Admin+ SQL Injection
E
CVE-2024-12312 Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection
CVE-2024-12313 Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection
CVE-2024-12314 Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning
CVE-2024-12315 Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory
S
CVE-2024-12316 Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export
S
CVE-2024-12320 Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab'
CVE-2024-12321 WC Affiliate <= 2.3.9 - Reflected XSS
E
CVE-2024-12322 ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12323 turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page'
CVE-2024-12324 Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page'
CVE-2024-12325 Waymark <= 1.4.1 - Reflected Cross-Site Scripting via 'content'
CVE-2024-12326 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
S
CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
CVE-2024-12328 MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
CVE-2024-12329 Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure
CVE-2024-12330 WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure
CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation
CVE-2024-12332 School Management System – WPSchoolPress <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection
CVE-2024-12333 WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-12334 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting
S
CVE-2024-12335 Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure
CVE-2024-12336 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all
CVE-2024-12337 Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids
CVE-2024-12338 Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username
CVE-2024-12339 Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting via 'channel'
CVE-2024-12340 Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template
CVE-2024-12341 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation
CVE-2024-12342 TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service
E
CVE-2024-12343 TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow
E
CVE-2024-12344 TP-Link VN020 F3v(T) FTP USER Command memory corruption
E
CVE-2024-12345 INW Krbyyyzo Daily Huddle Site gbo.aspx resource consumption
CVE-2024-12346 Talentera byt_cv_manager cross site scripting
CVE-2024-12347 Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization
E
CVE-2024-12348 Guizhou Xiaoma Technology jpress Attachment Upload upload AttachmentUtils.isUnSafe cross site scripting
E
CVE-2024-12349 JFinalCMS save cross-site request forgery
E
CVE-2024-12350 JFinalCMS Template TemplateController.java update command injection
E
CVE-2024-12351 JFinalCMS File Content ContentModel.java findPage sql injection
E
CVE-2024-12352 TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow
E
CVE-2024-12353 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation
E
CVE-2024-12354 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow
E
CVE-2024-12355 SourceCodester Phone Contact Manager System ContactBook.cpp adding input validation
E
CVE-2024-12356 Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
KEV E
CVE-2024-12357 SourceCodester Best House Rental Management System index.php file inclusion
E
CVE-2024-12358 WeiYe-Jing datax-web add os command injection
E
CVE-2024-12359 code-projects Admin Dashboard vendor_management.php cross site scripting
E
CVE-2024-12360 code-projects Online Class and Exam Scheduling System class_update.php sql injection
E
CVE-2024-12362 InvoicePlane invoices.php download path traversal
S
CVE-2024-12363 Insufficient permissions in the TeamViewer Patch & Asset Management component
CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery
S
CVE-2024-12366 CVE-2024-12366
CVE-2024-12368 Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 all...
E
CVE-2024-12369 Elytron-oidc-client: oidc authorization code injection
M
CVE-2024-12370 WP Hotel Booking <= 2.1.5 - Missing Authorization
S
CVE-2024-12371 Rockwell Automation PowerMonitor™ 1000 Remote Code Execution
S
CVE-2024-12372 Rockwell Automation PowerMonitor™ 1000 Denial of Service
S
CVE-2024-12373 Rockwell Automation PowerMonitor™ 1000 Denial of Service
S
CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui
CVE-2024-12375 Local File Inclusion in automatic1111/stable-diffusion-webui
CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat
CVE-2024-12378 On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
S
CVE-2024-12379 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-12380 Generation of Error Message Containing Sensitive Information in GitLab
E S
CVE-2024-12381 Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potential...
CVE-2024-12382 Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to po...
CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12384 Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page'
CVE-2024-12385 WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
S
CVE-2024-12386 WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion
S
CVE-2024-12387 Improper Input Validation in binary-husky/gpt_academic
E
CVE-2024-12388 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
CVE-2024-12389 Path Traversal in binary-husky/gpt_academic
CVE-2024-12390 Remote Code Execution in binary-husky/gpt_academic
CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic
CVE-2024-12393 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
CVE-2024-12394 Action Network <= 1.4.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12395 WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number'
CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling
M
CVE-2024-12398 An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 f...
CVE-2024-12399 CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vu...
CVE-2024-12400 Tourmaster < 5.3.5 - Reflected XSS
E
CVE-2024-12401 Cert-manager: potential dos when parsing specially crafted pem inputs
CVE-2024-12402 Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation
CVE-2024-12403 Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting
CVE-2024-12404 CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection
CVE-2024-12405 Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting
CVE-2024-12406 Library Management System <= 3.0.0 - Authenticated (Subscriber+) SQL Injection
CVE-2024-12407 Push Notification for Post and BuddyPress <= 2.06 - Reflected Cross-Site Scripting
CVE-2024-12408 WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting
CVE-2024-12409 Simple:Press Forum <= 6.10.11 - Reflected Cross-Site Scripting
CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
CVE-2024-12411 WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More <= 2.5.4 - Reflected Cross-Site Scripting
CVE-2024-12412 Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting
CVE-2024-12413 MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization
CVE-2024-12414 Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery
S
CVE-2024-12415 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection
CVE-2024-12417 Simple Link Directory <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-12419 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.0 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting
CVE-2024-12420 WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-12421 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting
CVE-2024-12422 Import Eventbrite Events <= 1.7.4 - Reflected Cross-Site Scripting
CVE-2024-12423 Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting
CVE-2024-12424 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24592. Reason: ...
R
CVE-2024-12425 Path traversal leading to arbitrary .ttf file write
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
CVE-2024-12427 Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload
S
CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection
CVE-2024-12429 An attacker who successfully exploited these vulnerabilities could grant read access to files. A vul...
CVE-2024-12430 An attacker who successfully exploited these vulnerabilities could cause enable command execution. A...
CVE-2024-12431 Missing Authorization in GitLab
E S
CVE-2024-12432 WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key
CVE-2024-12433 Remote Code Execution in infiniflow/ragflow
CVE-2024-12434 SureMembers <= 1.10.6 - Sensitive Information Exposure
CVE-2024-12435 Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting
CVE-2024-12436 WP Customer Area <= 8.2.4 - Bulk Delete via CSRF
E
CVE-2024-12437 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-12438 WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.74 - Reflected Cross-Site Scripting
CVE-2024-12439 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode
CVE-2024-12440 Candifly <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12441 BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting
CVE-2024-12442 Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive
CVE-2024-12443 CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12444 WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12445 RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12446 Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode
CVE-2024-12448 Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12449 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow
E S
CVE-2024-12451 HTML5 chat <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12452 Ziggeo <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12453 Uptodown APK Download Widget <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12454 Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-12457 Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12458 Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12460 Years Since – Timeless <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12462 YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12463 Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode
CVE-2024-12464 Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12465 Property Hive Stamp Duty Calculator <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12466 Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting
CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting
S
CVE-2024-12468 WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting
S
CVE-2024-12469 WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter
CVE-2024-12470 School Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation
CVE-2024-12471 Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-12472 Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure
CVE-2024-12473 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Authenticated (Contributor+) SQL Injection
CVE-2024-12474 GeoDataSource Country Region DropDown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12475 WP Multi Store Locator <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12476 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause...
CVE-2024-12477 Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
CVE-2024-12478 InvoicePlane 1 upload_file unrestricted upload
S
CVE-2024-12479 cjbi wetech-cms TopicDao.java searchTopicByKeyword sql injection
E
CVE-2024-12480 cjbi wetech-cms TopicDao.java searchTopic sql injection
E
CVE-2024-12481 cjbi wetech-cms UserDao.java findUser sql injection
E
CVE-2024-12482 cjbi wetech-cms Database Backup BackupFileUtil.java backup path traversal
E
CVE-2024-12483 Dromara UJCMS User ID id authorization
E
CVE-2024-12484 Codezips Technical Discussion Forum signuppost.php sql injection
E
CVE-2024-12485 code-projects Online Class and Exam Scheduling System department.php sql injection
E
CVE-2024-12486 code-projects Online Class and Exam Scheduling System rank_update.php sql injection
E S
CVE-2024-12487 code-projects Online Class and Exam Scheduling System room_update.php sql injection
E S
CVE-2024-12488 code-projects Online Class and Exam Scheduling System subject_update.php sql injection
E S
CVE-2024-12489 code-projects Online Class and Exam Scheduling System term.php sql injection
E
CVE-2024-12490 code-projects Online Class and Exam Scheduling System teacher_save.php sql injection
E
CVE-2024-12491 SimplyRETS Real Estate IDX <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12492 code-projects Farmacia visualizar-usuario.php sql injection
E
CVE-2024-12493 Files Download Delay <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12494 BMLT Meeting Map <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12495 Bootstrap Blocks for WP Editor v2 <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12496 Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12497 1000 Projects Attendance Tracking Management System check_admin_login.php sql injection
E
CVE-2024-12499 WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12500 Philantro – Donations and Donor Management <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12501 Simple Locator <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12502 My IDX Home Search <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12503 ClassCMS Model Management Page admin cross site scripting
E
CVE-2024-12504 Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12505 Trackserver <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12506 NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12507 Optio Dentistry <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12508 Glofox Shortcodes <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12509 Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12510 LDAP Authentication Sever Pass-back attack
CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack
CVE-2024-12512 Ask Me Anything (Anonymously) <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12513 Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12514 3DVieweronline <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12515 Muslim Prayer Time-Salah/Iqamah <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12516 Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12517 WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12518 shMapper by Teplitsa <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12519 TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12520 Dominion – Domain Checker for WPBakery <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12521 Slotti Ajanvaraus <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12522 Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12523 States Map US <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12524 Clinked Client Portal <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12525 Easy MLS Listings Import <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12526 Arena.IM – Live Blogging for real-time events <= 0.3.0 - Cross-Site Request Forgery to Settings Update
CVE-2024-12527 Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12528 WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12529 brodos.net Onlineshop Plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12530 Insecure Dynamic-Link Library (DLL) Load vulnerability
S
CVE-2024-12532 BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVE-2024-12533 Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology ...
CVE-2024-12534 Denial of Service (DoS) in open-webui/open-webui
CVE-2024-12535 Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure
CVE-2024-12536 SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting
CVE-2024-12537 Unauthenticated Denial of Service in open-webui/open-webui
E
CVE-2024-12538 Duplicate Post, Page and Any Custom Post <= 3.5.3 - Authenticated (Contributor+) Post Disclosure via Post Duplication
CVE-2024-12539 Elasticsearch Incorrect Authorization
CVE-2024-12540 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: ...
R
CVE-2024-12541 Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function
CVE-2024-12542 linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure
CVE-2024-12543 A user enumeration and subsequent data integrity vulnerability affecting barcode functionality
CVE-2024-12544 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile
CVE-2024-12545 Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function
CVE-2024-12546 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12547 Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-12548 Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2024-12549 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-12550 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-12551 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-12552 Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
CVE-2024-12553 GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
CVE-2024-12554 Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function
CVE-2024-12555 SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12556 Kibana Prototype Pollution can lead to code injection
CVE-2024-12557 Transporters.io <= 2.0.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db
CVE-2024-12559 ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal
CVE-2024-12560 Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication
S
CVE-2024-12561 Affiliate Sales in Google Analytics and other tools <= 1.4.9 - Open Redirect
CVE-2024-12562 s2Member Pro <= 241216 - Unauthenticated PHP Object Injection
CVE-2024-12563 s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode
CVE-2024-12564 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK before 2025.3
CVE-2024-12566 Email Subscribers < 5.7.45 - Admin+ Stored XSS
E
CVE-2024-12567 Email Subscribers < 5.7.45 - Admin+ Stored XSS
E
CVE-2024-12568 Email Subscribers < 5.7.45 - Admin+ Stored XSS
E
CVE-2024-12569 Sensitive Information in Driver’s Log File
S
CVE-2024-12570 Privilege Context Switching Error in GitLab
E S
CVE-2024-12571 Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion
CVE-2024-12572 Hello in All Languages <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-12576 GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address
CVE-2024-12577 GPU DDK - rgxfw_pcset_ungrab OOB write via psFWMemContext->uiPageCatBaseRegSet
CVE-2024-12578 Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure
CVE-2024-12579 Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat
CVE-2024-12581 Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting
E M
CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service
M
CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
CVE-2024-12584 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication
S
CVE-2024-12585 PropertyHive < 2.1.1 - Reflected XSS
E
CVE-2024-12586 Chalet Montagne Com Tools <= 2.7.8 - Reflected XSS
E
CVE-2024-12587 Contact Form Master <= 1.0.7 - Reflected XSS
E
CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget
CVE-2024-12589 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer
S
CVE-2024-12590 WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-12591 MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode
CVE-2024-12592 Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12593 PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode
CVE-2024-12594 ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation
CVE-2024-12595 AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI
E
CVE-2024-12596 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
CVE-2024-12597 HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css
S
CVE-2024-12598 MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter
CVE-2024-12599 HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
S
CVE-2024-12600 Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection
CVE-2024-12601 Calculated Fields Form <= 5.2.63 - Denial of Service
CVE-2024-12602 Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of th...
CVE-2024-12603 A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing th...
CVE-2024-12604 Improper Authentication in Tapandsign Technologies' Tap&Sign App
CVE-2024-12605 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Cross-Site Request Forgery to Settings Update
CVE-2024-12606 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-12607 School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task'
CVE-2024-12609 School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance'
CVE-2024-12610 School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
CVE-2024-12611 School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
CVE-2024-12613 Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection
S
CVE-2024-12614 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key
S
CVE-2024-12615 Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection
S
CVE-2024-12616 Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-12617 WC Price History for Omnibus <= 2.1.3 - Missing Authorization
CVE-2024-12618 Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset
CVE-2024-12619 Insufficient Granularity of Access Control in GitLab
E S
CVE-2024-12620 AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update
CVE-2024-12621 Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12622 WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12623 DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12624 Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ
S
CVE-2024-12626 AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value
CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection
CVE-2024-12628 bodi0’s Easy Cache <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-12629 Prototype Pollution in Progress® Telerik® KendoReact
CVE-2024-12632 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-55956. Reason: This candidat...
R
CVE-2024-12633 JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page
CVE-2024-12634 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-12635 WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id'
S
CVE-2024-12636 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery
CVE-2024-12637 Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure
CVE-2024-12638 Bulk Me Now <= 2.0 - Reflected XSS
E
CVE-2024-12641 Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE
S
CVE-2024-12642 Chunghwa Telecom TenderDocTransfer - Arbitrary File Write
S
CVE-2024-12643 Chunghwa Telecom tbm-client - Arbitrary File Delete
S
CVE-2024-12644 Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste
S
CVE-2024-12645 Chunghwa Telecom topm-client - Arbitrary File Read
S
CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete
S
CVE-2024-12647 Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Pr...
CVE-2024-12648 Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Pr...
CVE-2024-12649 Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printer...
CVE-2024-12650 Wago: Vulnerability in libwagosnmp
CVE-2024-12651 Sensitive Data Exposure in PTT Inc.'s HGS Mobile App
CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')
CVE-2024-12653 FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference
E
CVE-2024-12654 FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference
E
CVE-2024-12655 FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference
E
CVE-2024-12656 FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference
E
CVE-2024-12657 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E000 null pointer dereference
E
CVE-2024-12658 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E01C null pointer dereference
E
CVE-2024-12659 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E004 null pointer dereference
E
CVE-2024-12660 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E018 null pointer dereference
E
CVE-2024-12661 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E024 null pointer dereference
E
CVE-2024-12662 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E040 null pointer dereference
E
CVE-2024-12663 funnyzpc Mee-Admin Login login observable response discrepancy
E
CVE-2024-12664 ruifang-tech Rebuild Project Task Comment cross site scripting
E
CVE-2024-12665 ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting
E
CVE-2024-12666 ClassCMS User Management Page admin insufficient privileges
E
CVE-2024-12667 InvoicePlane view session expiration
S
CVE-2024-12668 Velocidex WinPmem Out of Bounds Write Vulnerability
CVE-2024-12669 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12670 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12671 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12672 Rockwell Automation Third Party Vulnerability in Arena®
S
CVE-2024-12673 An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage o...
S
CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data
S
CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens
CVE-2024-12679 Prisna GWT < 1.4.14 - Admin+ Stored XSS
E
CVE-2024-12680 Prisna GWT < 1.4.14 - Admin+ Stored XSS
E
CVE-2024-12682 Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS
E
CVE-2024-12683 Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS
E
CVE-2024-12686 Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
KEV
CVE-2024-12687 Insecure YAML Deserialization
CVE-2024-12692 Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potential...
CVE-2024-12693 Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker...
CVE-2024-12694 Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to ...
CVE-2024-12695 Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to exec...
CVE-2024-12696 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode
CVE-2024-12697 real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12698 Ose-olm-catalogd-container: incomplete fix for rapid reset (cve-2023-39325/cve-2023-44487)
M
CVE-2024-12699 Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12700 Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
S
CVE-2024-12701 WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting
CVE-2024-12703 CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confident...
CVE-2024-12704 Denial of Service (DoS) in run-llama/llama_index
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
S
CVE-2024-12706 SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.
S
CVE-2024-12708 Bulk Me Now <= 2.0 - Stored XSS via Shortcode
E
CVE-2024-12709 Bulk Me Now <= 2.0 - Message Deletion via CSRF
E
CVE-2024-12710 WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting
CVE-2024-12711 RSVP and Event Management <= 2.7.13 - Missing Authorization
CVE-2024-12712 Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
CVE-2024-12714 Backlink Monitoring Manager <= 0.1.3 - Reflected XSS
E
CVE-2024-12715 Asgard Security Scanner <= 0.7 - Reflected XSS
E
CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS
E
CVE-2024-12717 aklamator-infeed <= 2.0.0 - Admin+ Stored XSS
E
CVE-2024-12719 WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal
S
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E
CVE-2024-12721 Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection
CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode
E
CVE-2024-12723 Infility Global <= 2.9.8 - Reflected XSS
E
CVE-2024-12724 WP DeskLite <= 1.0.0 - Reflected XSS
E
CVE-2024-12725 Clasify Classified Listing <= 1.0.7 - Reflected XSS
E
CVE-2024-12726 ClipArt <= 0.2 - Reflected XSS
E
CVE-2024-12727 A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions o...
CVE-2024-12728 A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firew...
CVE-2024-12729 A post-auth code injection vulnerability in the User Portal allows authenticated users to execute co...
CVE-2024-12731 aklamator-infeed <= 2.0.0 - Reflected XSS
E
CVE-2024-12732 AffiliateImporterEb <= 1.0.6 - Reflected XSS
E
CVE-2024-12733 AffiliateImporterEb <= 1.0.6 - Reflected XSS via Search
E
CVE-2024-12734 Advance Post Prefix <= 1.1.1 - Reflected XSS
E
CVE-2024-12735 Advance Post Prefix <= 1.1.1 - Admin+ SQL Injection
E
CVE-2024-12736 BU Section Editing <= 0.9.9 - Reflected XSS
E
CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
E
CVE-2024-12738 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-12739 Mobile Contact Bar < 3.0.5 - Admin+ Stored XSS
E
CVE-2024-12740 Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
CVE-2024-12741 Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File
CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software
CVE-2024-12743 MailPoet < 5.5.2 - Admin+ Stored XSS
E
CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31
CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4
CVE-2024-12746 SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0
CVE-2024-12747 Rsync: race condition in rsync handling symbolic links
M
CVE-2024-12749 Competition Form <= 2.0 - Reflected XSS
E
CVE-2024-12750 Competition Form <= 2.0 - Competition Deletion via CSRF
E
CVE-2024-12751 Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-12752 Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability
CVE-2024-12753 Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability
CVE-2024-12754 AnyDesk Link Following Information Disclosure Vulnerability
CVE-2024-12755 Avaya Spaces XSS Vulnerability
CVE-2024-12756 Avaya Spaces HTML injection (HTMLi) Vulnerability
CVE-2024-12757 Nedap Librix Ecoreader Missing Authentication for Critical Function
M
CVE-2024-12759 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-12760 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-12761 Denial of Service in brycedrennan/imaginairy
CVE-2024-12763 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12764 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12765 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12766 SSRF in parisneo/lollms-webui
E
CVE-2024-12767 BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR
E
CVE-2024-12768 Responsive iframe <= 1.2.0 - Contributor+ Stored XSS
E
CVE-2024-12769 Simple Banner < 3.0.4 - Admin+ Stored XSS
E
CVE-2024-12770 WP ULike < 4.7.6 - Admin+ Stored XSS
E
CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset
CVE-2024-12772 Ninja Tables < 5.0.17 - Admin+ Stored XSS
E
CVE-2024-12773 Altra Side Menu <= 2.0 - Admin+ SQL Injection
E
CVE-2024-12774 Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF
E
CVE-2024-12775 SSRF in langgenius/dify
CVE-2024-12776 Authentication Bypass in langgenius/dify
CVE-2024-12777 Denial of Service in aimhubio/aim
E
CVE-2024-12778 Denial of Service in aimhubio/aim
CVE-2024-12779 SSRF in infiniflow/ragflow
E
CVE-2024-12781 Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import
CVE-2024-12782 Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization
CVE-2024-12783 itsourcecode Vehicle Management System billaction.php cross site scripting
E
CVE-2024-12784 itsourcecode Vehicle Management System editbill.php sql injection
E
CVE-2024-12785 itsourcecode Vehicle Management System sendmail.php sql injection
E
CVE-2024-12786 X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management
E
CVE-2024-12787 1000 Projects Attendance Tracking Management System check_student_login.php sql injection
E
CVE-2024-12788 Codezips Technical Discussion Forum signinpost.php sql injection
E
CVE-2024-12789 PbootCMS IndexController.php code injection
E
CVE-2024-12790 code-projects Hostel Management Site room-details.php cross site scripting
E
CVE-2024-12791 Codezips E-Commerce Site signin.php sql injection
E
CVE-2024-12792 Codezips E-Commerce Site newadmin.php sql injection
E
CVE-2024-12793 PbootCMS IndexController.php path traversal
E
CVE-2024-12794 Codezips E-Commerce Site editorder.php sql injection
E
CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected
S
CVE-2024-12798 JaninoEventEvaluator vulnerability
S
CVE-2024-12799 Insufficiently Protected Credentials
CVE-2024-12800 IP Based Login < 2.4.1 - Admin+ Stored XSS
E
CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
S
CVE-2024-12802 SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of ...
CVE-2024-12803 A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remot...
CVE-2024-12805 A post-authentication format string vulnerability in SonicOS management allows a remote attacker to ...
CVE-2024-12806 A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote at...
CVE-2024-12807 Social Share Buttons for WordPress <= 2.7 - Admin+ Stored XSS
E
CVE-2024-12808 WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS
E
CVE-2024-12809 Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12810 JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrative Actions
CVE-2024-12811 Traveler <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-12812 WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information
E
CVE-2024-12813 Open Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12814 Loan Comparison <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12815 Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12816 NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12817 Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12818 WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12819 Searchie <= 1.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12820 MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12821 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update
CVE-2024-12824 Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
CVE-2024-12825 Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates
S
CVE-2024-12826 GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update
CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability
CVE-2024-12829 Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability
CVE-2024-12830 Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability
CVE-2024-12831 Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability
CVE-2024-12832 Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability
CVE-2024-12833 Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability
CVE-2024-12834 Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2024-12835 Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-12836 Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2024-12837 GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size
CVE-2024-12838 Changing Information Technology CGFIDO - Authentication Bypass
S
CVE-2024-12839 Changing Information Technology CGFIDO - Authentication Bypass
S
CVE-2024-12840 Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. Th...
R
CVE-2024-12841 Emlog Pro tag.php cross site scripting
E
CVE-2024-12842 Emlog Pro user.php cross site scripting
E
CVE-2024-12843 Emlog Pro plugin.php cross site scripting
E
CVE-2024-12844 Emlog Pro store.php cross site scripting
E
CVE-2024-12845 Emlog Pro common.php cross site scripting
E
CVE-2024-12846 Emlog Pro link.php cross site scripting
E
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection
E
CVE-2024-12848 SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-12849 Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read
CVE-2024-12850 Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read
CVE-2024-12851 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12852 Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-12853 Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload
CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
CVE-2024-12855 AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion
CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection
E
CVE-2024-12857 AdForest <= 5.1.8 - Authentication Bypass
CVE-2024-12858 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. *** Dupl...
R
CVE-2024-12859 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-12860 CarSpot – Dealership Wordpress Classified Theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account Takeover
CVE-2024-12861 W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
S
CVE-2024-12862 REST API allows users without permissions to remove external collaborators
CVE-2024-12863 Stored XSS in Discussions functionality
CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything
CVE-2024-12866 Local File Inclusion in netease-youdao/qanything
CVE-2024-12867 Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data
S
CVE-2024-12868 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-12869 Improper Authentication in infiniflow/ragflow
E
CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow
CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow
E
CVE-2024-12872 Zalomení <= 1.5 - Admin+ Stored XSS
E
CVE-2024-12873 Custom Field Manager <= 1.0 - Reflected XSS Vulnerability
E
CVE-2024-12874 Top Comments <= 1.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download
S
CVE-2024-12876 Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change
CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
S
CVE-2024-12878 Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS
E
CVE-2024-12879 WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow
CVE-2024-12881 PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation
CVE-2024-12882 SSRF in comfyanonymous/comfyui
CVE-2024-12883 code-projects Job Recruitment _email.php cross site scripting
E
CVE-2024-12884 Codezips E-Commerce Website login.php sql injection
E
CVE-2024-12885 Connections Business Directory <= 10.4.66 - Authenticated (Admin+) Arbitrary Directory Deletion
CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama
CVE-2024-12890 code-projects Online Exam Mastering System update.php sql injection
E
CVE-2024-12891 code-projects Online Exam Mastering System account.php sql injection
E
CVE-2024-12892 code-projects Online Exam Mastering System sign.php cross site scripting
E
CVE-2024-12893 Portabilis i-Educar Tipo de Usuário Page 2 cross site scripting
E
CVE-2024-12894 TreasureHuntGame TreasureHunt acesso.php sql injection
S
CVE-2024-12895 TreasureHuntGame TreasureHunt checkflag.php console_log sql injection
S
CVE-2024-12896 Intelbras VIP S4320 G2 Web Interface webCapsConfig information disclosure
E
CVE-2024-12897 Intelbras VIP S4320 G2 Web Interface Sha1Account1 path traversal
E
CVE-2024-12898 1000 Projects Attendance Tracking Management System faculty_action.php sql injection
E
CVE-2024-12899 1000 Projects Attendance Tracking Management System course_action.php sql injection
E
CVE-2024-12900 FoxCMS Configuration File installdb.php code injection
E
CVE-2024-12901 FoxCMS API Endpoint Site.php improper authorization
E
CVE-2024-12902 Global Wisdom Software ANCHOR - Undocumented Privileged Account
S
CVE-2024-12903 Incorrect default permissions in Biamp Evoko Home
M
CVE-2024-12904 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-12905 An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathn...
S
CVE-2024-12907 XSS in Kentico 7
CVE-2024-12908 Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) wher...
E
CVE-2024-12909 SQL Injection to RCE in run-llama/llama_index
CVE-2024-12910 Denial of Service in run-llama/llama_index
E S
CVE-2024-12911 SQL Injection in run-llama/llama_index
CVE-2024-12912 An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary ...
CVE-2024-12916 SQLi in Agito Computer's Life4All
CVE-2024-12917 Improper Access Control in Agito Computer's Health4All
CVE-2024-12918 SQLi in Agito Computer's Health4All
CVE-2024-12919 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id
S
CVE-2024-12920 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions
CVE-2024-12921 EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode
CVE-2024-12922 Altair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current
CVE-2024-12926 Codezips Project Management System advanced.php sql injection
E
CVE-2024-12927 1000 Projects Attendance Tracking Management System check_faculty_login.php sql injection
E
CVE-2024-12928 code-projects Simple Admin Panel sql injection
E
CVE-2024-12929 code-projects Student Management System addCatController.php sql injection
E
CVE-2024-12930 code-projects Simple Admin Panel addCatController.php cross site scripting
E
CVE-2024-12931 code-projects Simple Admin Panel addCatController.php sql injection
E
CVE-2024-12932 code-projects Simple Admin Panel addSizeController.php cross site scripting
E
CVE-2024-12933 code-projects Simple Admin Panel updateItemController.php cross site scripting
E
CVE-2024-12934 code-projects Simple Admin Panel updateItemController.php sql injection
E
CVE-2024-12935 code-projects Simple Admin Panel editItemForm.php sql injection
E
CVE-2024-12936 code-projects Simple Admin Panel catDeleteController.php sql injection
E
CVE-2024-12937 code-projects Simple Admin Panel addVariationController.php sql injection
E
CVE-2024-12938 code-projects Simple Admin Panel updateOrderStatus.php sql injection
E
CVE-2024-12939 code-projects Job Recruitment _all_edits.php add_edu sql injection
E
CVE-2024-12940 1000 Projects Attendance Tracking Management System student_action.php sql injection
E
CVE-2024-12941 CodeAstro Blood Donor Management System deletedannounce.php sql injection
E
CVE-2024-12942 1000 Projects Portfolio Management System MCA admin_login.php sql injection
E
CVE-2024-12943 CodeAstro House Rental Management System ownersignup.php sql injection
E
CVE-2024-12944 CodeAstro House Rental Management System signin.php sql injection
E
CVE-2024-12945 code-projects Simple Car Rental System account.php sql injection
E
CVE-2024-12946 1000 Projects Attendance Tracking Management System admin_action.php sql injection
E
CVE-2024-12947 Codezips Hospital Management System invo.php sql injection
E
CVE-2024-12948 code-projects Travel Management System detail.php sql injection
E
CVE-2024-12949 code-projects Travel Management System package.php sql injection
E
CVE-2024-12950 code-projects/projectworlds Travel Management System subcat.php sql injection
E
CVE-2024-12951 1000 Projects Portfolio Management System MCA add_personal_details.php unrestricted upload
E
CVE-2024-12952 melMass comfy_mtb Dependency endpoint.py run_command code injection
E S
CVE-2024-12953 1000 Projects Portfolio Management System MCA update_pd_process.php unrestricted upload
E
CVE-2024-12954 1000 Projects Portfolio Management System MCA update_ach.php unrestricted upload
E
CVE-2024-12955 PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery
E
CVE-2024-12956 1000 Projects Portfolio Management System MCA add_achievement_details.php unrestricted upload
E
CVE-2024-12957 A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary f...
CVE-2024-12958 1000 Projects Portfolio Management System MCA update_pro_details.php sql injection
E
CVE-2024-12959 1000 Projects Portfolio Management System MCA update_personal_details.php sql injection
E
CVE-2024-12960 1000 Projects Portfolio Management System MCA update_edu_details.php sql injection
E
CVE-2024-12961 1000 Projects Portfolio Management System MCA update_ach_details.php sql injection
E
CVE-2024-12962 code-projects Job Recruitment _all_edits.php sql injection
E
CVE-2024-12963 code-projects Job Recruitment _all_edits.php add_xp sql injection
E
CVE-2024-12964 1000 Projects Daily College Class Work Report Book login.php sql injection
E
CVE-2024-12965 1000 Projects Portfolio Management System MCA update_ex_detail.php sql injection
E
CVE-2024-12966 code-projects Job Recruitment _all_edits.php cn_update sql injection
E
CVE-2024-12967 code-projects Job Recruitment _all_edits.php fln_update sql injection
E
CVE-2024-12968 code-projects Job Recruitment _all_edits.php edit_jobpost sql injection
E
CVE-2024-12969 code-projects Hospital Management System Login index.php sql injection
E
CVE-2024-12970 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
CVE-2024-12971 QuickShell Authenticated Command Injection
S
CVE-2024-12975 Silicon Labs CPC can leak information in full duplex SPI
CVE-2024-12976 CodeZips Hospital Management System staff.php sql injection
E
CVE-2024-12977 PHPGurukul Complaint Management System state.php sql injection
E
CVE-2024-12978 code-projects Job Recruitment _all_edits.php add_req sql injection
E
CVE-2024-12979 code-projects Job Recruitment _all_edits.php cn_update cross site scripting
E
CVE-2024-12980 code-projects Job Recruitment _all_edits.php fln_update cross site scripting
E
CVE-2024-12981 CodeAstro Car Rental System bookingconfirm.php sql injection
E
CVE-2024-12982 PHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scripting
E
CVE-2024-12983 code-projects Hospital Management System Edit Doctor Details Page manage-doctors.php cross site scripting
E
CVE-2024-12984 Amcrest IP2M-841B Web Interface webCapsConfig information disclosure
E
CVE-2024-12985 Overtek OT-E801G passwd os command injection
E
CVE-2024-12986 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection
E
CVE-2024-12987 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection
KEV E
CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow
E
CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery
CVE-2024-12990 ruifang-tech Rebuild Admin Verification Page admin-verify redirect
E
CVE-2024-12991 Beijing Longda Jushang Technology DBShop商城系统 home-order cross site scripting
E
CVE-2024-12992 Remote Code Execution leads to Command Injection
S
CVE-2024-12993 Location information exposure in Infinix Weather app
CVE-2024-12994 running-elephant Datart File Upload import extractModel deserialization
E
CVE-2024-12995 ruifang-tech Rebuild Project Tasks Section tasks cross site scripting
E
CVE-2024-12996 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-12997 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-12998 code-projects Online Car Rental System GET Parameter index.php cross site scripting
E
CVE-2024-12999 PHPGurukul Small CRM edit-user.php sql injection
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.