CVE-2024-2xxx

There are 959 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-2000 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'na...
CVE-2024-2001 Cross-Site Scripting vulnerability in Cockpit CMS
S
CVE-2024-2002 Libdwarf: crashes randomly on fuzzed object
M
CVE-2024-2003 Local Privilege Escalation in Quarantine of ESET products for Windows
CVE-2024-2004 Usage of disabled protocol
CVE-2024-2005 SAML implementation allows privilege escalation
S
CVE-2024-2006 The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugi...
S
CVE-2024-2007 OpenBMB XAgent Privileged Mode sandbox
E
CVE-2024-2008 The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerabl...
CVE-2024-2009 Nway Pro Argument index.php ajax_login_submit_form information exposure
CVE-2024-2010 Reflected XSS in TE Informatics' V5 Software
CVE-2024-2011 A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will gener...
CVE-2024-2012 vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could ...
CVE-2024-2013 An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component t...
CVE-2024-2014 Panabit Panalog sprog_upstatus.php sql injection
E
CVE-2024-2015 ZhiCms mcontroller.php getindexdata sql injection
E
CVE-2024-2016 ZhiCms setcontroller.php index code injection
E
CVE-2024-2017 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection
S
CVE-2024-2018 The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles...
CVE-2024-2019 WP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database Access
CVE-2024-2020 The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE-2024-2021 Netentsec NS-ASG Application Security Gateway list_localuser.php sql injection
E
CVE-2024-2022 Netentsec NS-ASG Application Security Gateway list_ipAddressPolicy.php sql injection
E
CVE-2024-2023 Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
CVE-2024-2024 Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
CVE-2024-2025 The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for Word...
CVE-2024-2026 The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cont...
CVE-2024-2027 The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to St...
S
CVE-2024-2028 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-2029 Command Injection in mudler/localai
CVE-2024-2030 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stor...
CVE-2024-2031 The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-2032 Race Condition Vulnerability in zenml-io/zenml
S
CVE-2024-2033 The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposur...
CVE-2024-2035 Improper Authorization in zenml-io/zenml
E S
CVE-2024-2036 ApplyOnline – Application Form Builder and Manager <= 2.6 - Missing Authorization to Sensitive Information Exposure
CVE-2024-2037 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials
CVE-2024-2039 The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Sit...
CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
E
CVE-2024-2041 Rejected reason: ***DUPLICATE** Please use CVE-2024-3241 instead....
R
CVE-2024-2042 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-2043 The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulner...
S
CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4
M
CVE-2024-2045 Session 1.17.5 - LFR via chat attachment
E
CVE-2024-2047 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all v...
S
CVE-2024-2048 Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
CVE-2024-2049 Server-Side Request Forgery (SSRF)
CVE-2024-2050 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulner...
CVE-2024-2051 CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could ...
CVE-2024-2052 CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow ...
CVE-2024-2053 Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
CVE-2024-2054 Artica Proxy Unauthenticated PHP Deserialization Vulnerability
CVE-2024-2055 Artica Proxy Unauthenticated File Manager Vulnerability
CVE-2024-2056 Artica Proxy Loopback Services Remotely Accessible Unauthenticated
CVE-2024-2057 LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery
E S
CVE-2024-2058 SourceCodester Petrol Pump Management Software product.php unrestricted upload
E
CVE-2024-2059 SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload
E
CVE-2024-2060 SourceCodester Petrol Pump Management Software login_crud.php sql injection
E
CVE-2024-2061 SourceCodester Petrol Pump Management Software edit_supplier.php sql injection
E
CVE-2024-2062 SourceCodester Petrol Pump Management Software edit_categories.php sql injection
E
CVE-2024-2063 SourceCodester Petrol Pump Management Software profile_crud.php cross site scripting
E
CVE-2024-2064 rahman SelectCours Template CacheController.java getCacheNames injection
E
CVE-2024-2065 SourceCodester Barangay Population Monitoring System update-resident.php cross site scripting
E S
CVE-2024-2066 SourceCodester Computer Inventory System add-computer.php cross site scripting
E
CVE-2024-2067 SourceCodester Computer Inventory System delete-computer.php sql injection
E
CVE-2024-2068 SourceCodester Computer Inventory System update-computer.php cross site scripting
E
CVE-2024-2069 SourceCodester FAQ Management System delete-faq.php sql injection
E
CVE-2024-2070 SourceCodester FAQ Management System add-faq.php cross site scripting
E
CVE-2024-2071 SourceCodester FAQ Management System Update FAQ cross site scripting
E
CVE-2024-2072 SourceCodester Flashcard Quiz App update-flashcard.php cross site scripting
E S
CVE-2024-2073 SourceCodester Block Inserter for Dynamic Content view_post.php sql injection
E
CVE-2024-2074 Mini-Tmall 1 sql injection
E
CVE-2024-2075 SourceCodester Daily Habit Tracker update-tracker.php cross site scripting
E
CVE-2024-2076 CodeAstro House Rental Management System tenant.php missing authentication
E
CVE-2024-2077 SourceCodester Simple Online Bidding System index.php sql injection
E
CVE-2024-2078 Cross-Site Scripting vulnerability in HelpDeskZ
S
CVE-2024-2079 The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
CVE-2024-2080 The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sens...
CVE-2024-2081 The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si...
CVE-2024-2082 The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulner...
S
CVE-2024-2083 Directory Traversal in zenml-io/zenml
E S
CVE-2024-2084 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-2085 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-2086 The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your ...
CVE-2024-2087 Brizy – Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form
S
CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure
S
CVE-2024-2089 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-2090 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery
CVE-2024-2091 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-2092 Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget
S
CVE-2024-2093 The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposur...
S
CVE-2024-2097 Authenticated List control client can execute the LINQ query in SCM Server to present event as list ...
CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
S
CVE-2024-2101 WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2024-2102 Salon booking system < 9.6.3 - Unauthenticated Stored XSS
E
CVE-2024-2103 Inclusion of Undocumented Features
CVE-2024-2106 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vuln...
S
CVE-2024-2107 The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions ...
CVE-2024-2108 The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is ...
S
CVE-2024-2109 The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve...
CVE-2024-2110 The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cr...
S
CVE-2024-2111 The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to St...
S
CVE-2024-2112 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v...
S
CVE-2024-2113 The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is ...
S
CVE-2024-2114 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-2115 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forge...
CVE-2024-2116 The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the...
CVE-2024-2117 The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to ...
CVE-2024-2118 Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings
E
CVE-2024-2119 LuckyWP Table of Contents <= 2.1.4 - Reflected Cross-Site Scripting
CVE-2024-2120 The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to ...
CVE-2024-2121 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL
S
CVE-2024-2123 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem...
S
CVE-2024-2124 The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cr...
CVE-2024-2125 The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Re...
CVE-2024-2126 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
S
CVE-2024-2127 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St...
S
CVE-2024-2128 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed A...
S
CVE-2024-2129 The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site...
CVE-2024-2130 The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 ...
S
CVE-2024-2131 The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
CVE-2024-2132 The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Sit...
CVE-2024-2133 Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting
E
CVE-2024-2134 Bdtask Hospita AutoManager Investigation Report cross-site request forgery
E
CVE-2024-2135 Bdtask Hospita AutoManager Hospital Activities Page form cross site scripting
E
CVE-2024-2136 The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
S
CVE-2024-2137 The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-S...
CVE-2024-2138 The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-2139 The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...
CVE-2024-2140 The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Sit...
S
CVE-2024-2141 The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Sit...
S
CVE-2024-2142 The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Sit...
S
CVE-2024-2143 The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Sit...
S
CVE-2024-2144 The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Sit...
S
CVE-2024-2145 SourceCodester Online Mobile Management Store update-tracker.php cross site scripting
E
CVE-2024-2146 SourceCodester Online Mobile Management Store ?p=products cross site scripting
E
CVE-2024-2147 SourceCodester Online Mobile Management Store login.php sql injection
E
CVE-2024-2148 SourceCodester Online Mobile Management Store Users.php unrestricted upload
E
CVE-2024-2149 CodeAstro Membership Management System settings.php sql injection
E
CVE-2024-2150 SourceCodester Insurance Management System file inclusion
E
CVE-2024-2151 SourceCodester Online Mobile Management Store Product Price logic error
E
CVE-2024-2152 SourceCodester Online Mobile Management Store manage_product.php sql injection
E
CVE-2024-2153 SourceCodester Online Mobile Management Store view_order.php sql injection
E
CVE-2024-2154 SourceCodester Online Mobile Management Store view_product.php sql injection
E
CVE-2024-2155 SourceCodester Best POS Management System index.php file inclusion
E
CVE-2024-2156 SourceCodester Best POS Management System admin_class.php sql injection
E
CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
E
CVE-2024-2161 Use of Hard-coded Credentials in Kiloview NDI N series products API middleware
S
CVE-2024-2162 Authenticated Remote Code Execution in Kiloview NDI N series products
S
CVE-2024-2163 Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets
CVE-2024-2165 The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
S
CVE-2024-2166 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i...
CVE-2024-2167 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2041. Reason: T...
R
CVE-2024-2168 SourceCodester Online Tours & Travels Management System HTTP POST Request expense_category.php sql injection
E
CVE-2024-2169 Implementations of UDP application protocols are susceptible to network loops and denial of service
CVE-2024-2170 The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-2171 Stored XSS in zenml-io/zenml
E S
CVE-2024-2172 The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange...
CVE-2024-2173 Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker...
E
CVE-2024-2174 Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacke...
E
CVE-2024-2175 An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenov...
S
CVE-2024-2176 Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potent...
E
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
E S
CVE-2024-2178 Path Traversal Vulnerability in parisneo/lollms-webui
CVE-2024-2179 Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type
CVE-2024-2180 Zemana AntiLogger v2.74.204.664 - Kernel Memory Leak
E
CVE-2024-2181 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
S
CVE-2024-2182 Ovn: insufficient validation of bfd packets may lead to denial of service
CVE-2024-2183 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
S
CVE-2024-2184 Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Print...
CVE-2024-2185 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
S
CVE-2024-2186 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
S
CVE-2024-2187 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
S
CVE-2024-2188 Cross-Site Scripting vulnerability in TP-Link Archer AX50
S
CVE-2024-2189 Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS
E
CVE-2024-2191 Improper Access Control in GitLab
E S
CVE-2024-2193 Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
CVE-2024-2194 The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL sear...
CVE-2024-2195 Remote Code Execution in aimhubio/aim
CVE-2024-2196 CSRF Vulnerability in aimhubio/aim
CVE-2024-2197 Chirp Systems Chirp Access Use of Hard-coded Password
S
CVE-2024-2198 The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
M
CVE-2024-2200 The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
S
CVE-2024-2201 CVE-2024-2201
CVE-2024-2202 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
CVE-2024-2203 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all ...
S
CVE-2024-2204 Zemana AntiLogger v2.74.204.664 - Denial of Service (DoS)
E
CVE-2024-2206 SSRF Vulnerability in gradio-app/gradio
CVE-2024-2207 Sound Research SECOMN64 Escalation of Privilege
CVE-2024-2208 Sound Research SECOMN64 Escalation of Privilege
CVE-2024-2209 HP Printer Firmware Update Utility for Certain HP DeskJet Printers - Potential Execution of Arbitrary Code
CVE-2024-2210 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all ...
S
CVE-2024-2211 Cross-Site Scripting vulnerability in Gophish Admin Panel
S
CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
E S
CVE-2024-2213 Improper Authentication in zenml-io/zenml
E S
CVE-2024-2214 Missing array size check in _Mtxinit() in the Xtensa port
S
CVE-2024-2215 A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earli...
CVE-2024-2216 A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier ...
CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
E
CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS
E
CVE-2024-2221 Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant
CVE-2024-2222 The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of ...
CVE-2024-2223 Incorrect Regular Expression in GravityZone Update Server (VA-11465)
S
CVE-2024-2224 Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466)
S
CVE-2024-2226 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
CVE-2024-2228 IdentityIQ Authorization of QuickLink Target Identities Vulnerability
CVE-2024-2229 CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execut...
CVE-2024-2230 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
E
CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites
E
CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
E
CVE-2024-2234 Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
E
CVE-2024-2235 Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
E
CVE-2024-2236 Libgcrypt: vulnerable to marvin attack
CVE-2024-2237 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Glo...
CVE-2024-2238 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Cus...
CVE-2024-2239 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pre...
CVE-2024-2240 Docker implementation in Brocade SANnav is missing Audit Rules.
CVE-2024-2241 Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows a...
CVE-2024-2242 The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘act...
CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk
CVE-2024-2244 REST service authentication anomaly with “valid username/no password” credential combination for bat...
CVE-2024-2245 Cross-Site Scripting vulnerability in moziloCMS
S
CVE-2024-2247 JFrog Artifactory Cross-Site Scripting
CVE-2024-2248 JFrog Artifactory Header Injection
CVE-2024-2249 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri...
CVE-2024-2250 The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cro...
CVE-2024-2252 The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for Wor...
CVE-2024-2253 Testimonial Carousel For Elementor <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-2254 RT Easy Builder – Advanced addons for Elementor <= 2.2 - Authenticated (Contributor+) Stored Cross-site Scripting
CVE-2024-2255 The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v...
S
CVE-2024-2256 The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode...
S
CVE-2024-2257 Password Policy Bypass Vulnerability in Digisol Router
S
CVE-2024-2258 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v...
S
CVE-2024-2259 Reflected XXS Vulnerability in InstaRISPACS Software
S
CVE-2024-2260 Session Fixation Vulnerability in zenml-io/zenml
CVE-2024-2261 The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Expos...
CVE-2024-2262 WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
E
CVE-2024-2263 WooCommerce Product Filter < 1.4.4 - Reflected XSS
E
CVE-2024-2264 keerti1924 PHP-MYSQL-User-Login-System login.php sql injection
E
CVE-2024-2265 keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code
E
CVE-2024-2266 keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting
E
CVE-2024-2267 keerti1924 Online-Book-Store-Website shop.php logic error
E
CVE-2024-2268 keerti1924 Online-Book-Store-Website unrestricted upload
E S
CVE-2024-2269 keerti1924 Online-Book-Store-Website search.php sql injection
E
CVE-2024-2270 keerti1924 Online-Book-Store-Website signup.php cross site scripting
E
CVE-2024-2271 keerti1924 Online-Book-Store-Website HTTP POST Request shop.php sql injection
E
CVE-2024-2272 keerti1924 Online-Book-Store-Website HTTP POST Request home.php sql injection
E
CVE-2024-2273 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to...
CVE-2024-2274 Bdtask G-Prescription Gynaecology & OBS Consultation Software Prescription Dashboard Index cross site scripting
E
CVE-2024-2275 Bdtask G-Prescription Gynaecology & OBS Consultation Software OBS Patient/Gynee Prescription cross site scripting
E
CVE-2024-2276 Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting
E
CVE-2024-2277 Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery
E
CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
E
CVE-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-2280 The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
S
CVE-2024-2281 boyiddha Automated-Mess-Management-System Setting index.php access control
E
CVE-2024-2282 boyiddha Automated-Mess-Management-System Login Page index.php sql injection
E
CVE-2024-2283 boyiddha Automated-Mess-Management-System view.php sql injection
E
CVE-2024-2284 boyiddha Automated-Mess-Management-System Chat Book chat.php cross site scripting
E
CVE-2024-2285 boyiddha Automated-Mess-Management-System member_edit.php cross site scripting
CVE-2024-2286 The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carouse...
S
CVE-2024-2287 The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl...
CVE-2024-2288 CSRF File Upload Vulnerability in parisneo/lollms-webui
E S
CVE-2024-2289 The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Script...
CVE-2024-2290 Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection
CVE-2024-2291 MOVEit Transfer Logging Bypass Vulnerability
CVE-2024-2292 Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data
CVE-2024-2293 The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user disp...
CVE-2024-2294 The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Tr...
CVE-2024-2295 Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-2296 The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Sto...
S
CVE-2024-2297 Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave
CVE-2024-2298 The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorize...
S
CVE-2024-2299 Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui
CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure
CVE-2024-2301 Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack vi...
CVE-2024-2302 The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Eas...
S
CVE-2024-2303 The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
CVE-2024-2304 The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
CVE-2024-2305 The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-2306 The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in al...
CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories
M
CVE-2024-2308 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri...
S
CVE-2024-2309 WP Staging < 3.4.0, 5.4.0 (Pro Version) - Admin+ Stored XSS
E
CVE-2024-2310 WP Google Review Slider < 13.6 - Admin+ Stored XSS
E
CVE-2024-2311 The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcod...
E
CVE-2024-2312 GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 modu...
CVE-2024-2313 If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary director...
S
CVE-2024-2314 If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An...
S
CVE-2024-2315 SMM arbitrary code execution in Overclock
CVE-2024-2316 Bdtask Hospital AutoManager Update Bill Page cross-site request forgery
E
CVE-2024-2317 Bdtask Hospital AutoManager Prescription Page improper authorization
E
CVE-2024-2318 ZKTeco ZKBio Media Service Port 9999 download path traversal
E
CVE-2024-2319 Cross-Site Scripting vulnerability in Django MarkdownX
S
CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token
S
CVE-2024-2322 WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF
E
CVE-2024-2324 The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored ...
S
CVE-2024-2325 The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search...
S
CVE-2024-2326 The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordP...
S
CVE-2024-2327 The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
CVE-2024-2328 The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to St...
S
CVE-2024-2329 Netentsec NS-ASG Application Security Gateway sql injection
E
CVE-2024-2330 Netentsec NS-ASG Application Security Gateway index.php sql injection
E
CVE-2024-2331 SourceCodester Tourist Reservation System System.cpp ad_writedata buffer overflow
E
CVE-2024-2332 SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection
E
CVE-2024-2333 CodeAstro Membership Management System add_members.php sql injection
E
CVE-2024-2334 The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
CVE-2024-2335 The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple wi...
CVE-2024-2336 The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored C...
S
CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-2338 SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule
S
CVE-2024-2339 Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule
S
CVE-2024-2340 The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,...
CVE-2024-2341 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress ...
S
CVE-2024-2342 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress ...
S
CVE-2024-2343 The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-...
E
CVE-2024-2344 The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versio...
E
CVE-2024-2345 The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to ...
S
CVE-2024-2346 The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to ...
S
CVE-2024-2347 The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name...
CVE-2024-2348 The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Po...
S
CVE-2024-2349 The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
CVE-2024-2350 Clever Addons for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple CAFE Widgets
S
CVE-2024-2351 CodeAstro Ecommerce Site Search action.php sql injection
E
CVE-2024-2352 1Panel swap baseApi.UpdateDeviceSwap command injection
E S
CVE-2024-2353 Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection
E
CVE-2024-2354 Dreamer CMS toEdit cross-site request forgery
E
CVE-2024-2355 keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code
E
CVE-2024-2357 IKEv2 misconfiguration can cause libreswan to abort and restart
S
CVE-2024-2358 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
CVE-2024-2359 Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
E
CVE-2024-2360 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
E
CVE-2024-2361 Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui
CVE-2024-2362 Path Traversal in parisneo/lollms-webui
E
CVE-2024-2363 AOL AIM Triton Invite denial of service
E
CVE-2024-2364 Musicshelf Backup androidmanifest.xml backup
E
CVE-2024-2365 Musicshelf SHA-1 PinningTrustManager.java weak password hash
E
CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui
CVE-2024-2368 Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication
S
CVE-2024-2369 Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS
E
CVE-2024-2370 Rejected reason: DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2018-5341. Reason: This CVE Record ...
R
CVE-2024-2371 Information exposure vulnerability in Korenix JetI/O 6550
S
CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS
E
CVE-2024-2376 WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF
E
CVE-2024-2377 A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600....
CVE-2024-2378 A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker c...
CVE-2024-2379 QUIC certificate check bypass with wolfSSL
CVE-2024-2380 XSS in graph rendering
CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-2382 Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass
CVE-2024-2383 Clickjacking Vulnerability in zenml-io/zenml
E S
CVE-2024-2384 The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up ...
CVE-2024-2385 Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets
CVE-2024-2386 WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection
CVE-2024-2387 The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other pl...
CVE-2024-2388 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability
CVE-2024-2390 Local Privilege Escalation
S
CVE-2024-2391 EVE-NG Lab cross site scripting
E
CVE-2024-2392 The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-2393 SourceCodester CRUD without Page Reload add_user.php sql injection
E S
CVE-2024-2394 SourceCodester Employee Management System add-admin.php unrestricted upload
E
CVE-2024-2395 The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery i...
CVE-2024-2396 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-2397 infinite loop in the PPP printer of tcpdump
S
CVE-2024-2398 HTTP/2 push headers memory-leak
CVE-2024-2399 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu...
S
CVE-2024-2400 Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote atta...
E
CVE-2024-2401 The Admin Page Spider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin se...
CVE-2024-2402 Better Comments < 1.5.6 - Admin+ Stored XSS
E
CVE-2024-2403 Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1....
CVE-2024-2404 Better Comments < 1.5.6 - Subscriber+ Stored XSS
E
CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF
E
CVE-2024-2406 Gacjie Server Upload.php index unrestricted upload
E
CVE-2024-2408 PHP is vulnerable to the Marvin Attack
E S
CVE-2024-2409 The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to...
S
CVE-2024-2410 Use after free in C++ protobuf
CVE-2024-2411 The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to...
S
CVE-2024-2412 Heimavista Rpage and Epage - Broken Access Control
S
CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key
S
CVE-2024-2414 Unprotected Primary Channel vulnerability in Movistar 4G router
S
CVE-2024-2415 Command injection vulnerability in Movistar 4G router
S
CVE-2024-2416 Cross-Site Request Forgery vulnerability in Movistar 4G router
S
CVE-2024-2417 The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plug...
CVE-2024-2418 SourceCodester Best POS Management System view_order.php sql injection
E
CVE-2024-2419 Keycloak: path traversal in the redirect validation
M
CVE-2024-2420 LenelS2 NetBox Hardcoded Credentials
S
CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements
S
CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters
S
CVE-2024-2423 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W...
S
CVE-2024-2424 Rockwell Automation Input/Output Device Vulnerable to Major Nonrecoverable Fault
S
CVE-2024-2425 Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527
S
CVE-2024-2426 Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527
S
CVE-2024-2427 Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527
S
CVE-2024-2428 The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
E
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF
E
CVE-2024-2430 Website Content in Page or Post < 2024.04.09 - Contributor+ Stored Cross-Site Scripting
E
CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect
S
CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
S
CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
S
CVE-2024-2434 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
E S
CVE-2024-2435 Stored XSS in Timeline View
CVE-2024-2436 The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
S
CVE-2024-2437 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-41728. Reason: ...
R
CVE-2024-2438 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-47851. Reason: ...
R
CVE-2024-2439 Salon booking system <= 9.6.5 - Editor+ Stored XSS
E
CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions
CVE-2024-2441 VikBooking < 1.6.8 - Insecure Direct Object References
E
CVE-2024-2442 Path Traversal vulnerability in Franklin Fueling System EVO 550/5000
S
CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
CVE-2024-2444 Inline Related Posts < 3.5.0 - Admin+ Stored XSS
E
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin
S
CVE-2024-2446 Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9....
S
CVE-2024-2447 Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9....
S
CVE-2024-2448 LoadMaster Command Injection Vulnerability
CVE-2024-2449 LoadMaster Cross-Site Request Forgery (CSRF)
CVE-2024-2450 Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9....
S
CVE-2024-2451 Improper fingerprint validation in the TeamViewer Client
S
CVE-2024-2452 Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()
S
CVE-2024-2453 Advantech WebAccess/SCADA SQL Injection
S
CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-2455 Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL
CVE-2024-2456 The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-2457 The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site...
CVE-2024-2458 The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2024-2459 The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'butt...
CVE-2024-2460 The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu...
S
CVE-2024-2461 If exploited an attacker could traverse the file system to access files or directories that would o...
CVE-2024-2462 Allow attackers to intercept or falsify data exchanges between the client and the server...
CVE-2024-2463 Weak password recovery mechanism in CDeX
CVE-2024-2464 Application users enumeration in CDeX
CVE-2024-2465 Open redirection in CDeX
CVE-2024-2466 TLS certificate check bypass with mbedTLS
CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)
M
CVE-2024-2468 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed A...
S
CVE-2024-2469 Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
CVE-2024-2470 Simple Ajax Chat < 20240412 - Admin+ Stored XSS
E
CVE-2024-2471 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachmen...
S
CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR
CVE-2024-2473 WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
S
CVE-2024-2474 The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripti...
CVE-2024-2475 The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
CVE-2024-2476 The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capabi...
CVE-2024-2477 The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative ...
CVE-2024-2478 BradWenqiang HR Background Management register selectAll sql injection
E
CVE-2024-2479 MHA Sistemas arMHAzena Cadastro Page cross site scripting
E
CVE-2024-2480 MHA Sistemas arMHAzena Executa Page sql injection
E
CVE-2024-2481 Surya2Developer Hostel Management System manage-students.php access control
E
CVE-2024-2482 Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy
E
CVE-2024-2483 Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery
E
CVE-2024-2484 Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets
S
CVE-2024-2485 Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow
E
CVE-2024-2486 Tenda AC18 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-2487 Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow
E
CVE-2024-2488 Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow
E
CVE-2024-2489 Tenda AC18 SetNetControlList formSetQosBand stack-based overflow
E
CVE-2024-2490 Tenda AC18 openSchedWifi setSchedWifi stack-based overflow
E
CVE-2024-2491 The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-2492 The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-2493 Session Hijacking Vulnerability in Hitachi Ops Center Analyzer
CVE-2024-2494 Libvirt: negative g_new0 length can lead to unbounded memory allocation
M
CVE-2024-2495 Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt
CVE-2024-2496 Libvirt: null pointer dereference in udevconnectlistallinterfaces()
S
CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection
E M
CVE-2024-2499 The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site S...
CVE-2024-2500 The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display N...
CVE-2024-2501 The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Ob...
CVE-2024-2502 Failure to update the tamper reset cause register when a tamper event occurs
CVE-2024-2503 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
CVE-2024-2504 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St...
S
CVE-2024-2505 GamiPress < 6.8.9 - Broken Access Control
E
CVE-2024-2506 Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS
CVE-2024-2507 The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
CVE-2024-2508 WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification
CVE-2024-2509 Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
E
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3
S
CVE-2024-2513 The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt'...
S
CVE-2024-2514 MAGESH-K21 Online-College-Event-Hall-Reservation-System login.php sql injection
E
CVE-2024-2515 MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php cross site scripting
E
CVE-2024-2516 MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php sql injection
E
CVE-2024-2517 MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php sql injection
E
CVE-2024-2518 MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php cross site scripting
E
CVE-2024-2519 MAGESH-K21 Online-College-Event-Hall-Reservation-System navbar.php cross site scripting
E
CVE-2024-2520 MAGESH-K21 Online-College-Event-Hall-Reservation-System bookdate.php sql injection
E
CVE-2024-2521 MAGESH-K21 Online-College-Event-Hall-Reservation-System bookdate.php cross site scripting
E
CVE-2024-2522 MAGESH-K21 Online-College-Event-Hall-Reservation-System booktime.php sql injection
E
CVE-2024-2523 MAGESH-K21 Online-College-Event-Hall-Reservation-System booktime.php cross site scripting
E
CVE-2024-2524 MAGESH-K21 Online-College-Event-Hall-Reservation-System receipt.php sql injection
E
CVE-2024-2525 MAGESH-K21 Online-College-Event-Hall-Reservation-System receipt.php cross site scripting
E
CVE-2024-2526 MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php cross site scripting
E
CVE-2024-2527 MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php sql injection
E
CVE-2024-2528 MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php sql injection
E S
CVE-2024-2529 MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php unrestricted upload
E
CVE-2024-2530 MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php cross site scripting
E S
CVE-2024-2531 MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php unrestricted upload
E S
CVE-2024-2532 MAGESH-K21 Online-College-Event-Hall-Reservation-System update-users.php sql injection
E S
CVE-2024-2533 MAGESH-K21 Online-College-Event-Hall-Reservation-System update-users.php cross site scripting
E S
CVE-2024-2534 MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection
E
CVE-2024-2535 MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php cross site scripting
E
CVE-2024-2536 The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
CVE-2024-2537 Electron Code Injection in Logi Tune macOS Application
CVE-2024-2538 The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data d...
E S
CVE-2024-2539 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-2541 Popup Builder <= 4.3.3 - Sensitive Information Exposure via Imported Subscribers CSV File
CVE-2024-2542 The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPre...
CVE-2024-2543 The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to ...
E S
CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions
S
CVE-2024-2545 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: T...
R
CVE-2024-2546 Tenda AC18 fromSetWirelessRepeat stack-based overflow
E
CVE-2024-2547 Tenda AC18 R7WebsSecurityHandler stack-based overflow
E
CVE-2024-2548 Path Traversal in parisneo/lollms-webui
E S
CVE-2024-2550 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet
S
CVE-2024-2551 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
S
CVE-2024-2552 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
S
CVE-2024-2553 SourceCodester Product Review Rating System Rate Product cross site scripting
E
CVE-2024-2554 SourceCodester Employee Task Management System update-employee.php sql injection
E S
CVE-2024-2555 SourceCodester Employee Task Management System update-admin.php sql injection
E S
CVE-2024-2556 SourceCodester Employee Task Management System attendance-info.php sql injection
E
CVE-2024-2557 kishor-23 Food Waste Management System admin.php improper authorization
E
CVE-2024-2558 Tenda AC18 execCommand formexeCommand stack-based overflow
E
CVE-2024-2559 Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery
E
CVE-2024-2560 Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery
E
CVE-2024-2561 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload
E
CVE-2024-2562 PandaXGO PandaX role_menu.go InsertRole sql injection
E
CVE-2024-2563 PandaXGO PandaX upload.go DeleteImage path traversal
E S
CVE-2024-2564 PandaXGO PandaX user.go ExportUser path traversal
E
CVE-2024-2565 PandaXGO PandaX File Extension upload.go unrestricted upload
E
CVE-2024-2566 Fujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injection
E S
CVE-2024-2567 jurecapuder AndroidWeatherApp Backup File androidmanifest.xml backup
E
CVE-2024-2568 heyewei JFinalCMS Custom Data Page sql injection
E
CVE-2024-2569 SourceCodester Employee Task Management System admin-manage-user.php redirect
E
CVE-2024-2570 SourceCodester Employee Task Management System edit-task.php redirect
E
CVE-2024-2571 SourceCodester Employee Task Management System manage-admin.php redirect
E
CVE-2024-2572 SourceCodester Employee Task Management System task-details.php redirect
E
CVE-2024-2573 SourceCodester Employee Task Management System task-info.php redirect
E
CVE-2024-2574 SourceCodester Employee Task Management System edit-task.php authorization
E
CVE-2024-2575 SourceCodester Employee Task Management System task-details.php authorization
E
CVE-2024-2576 SourceCodester Employee Task Management System update-admin.php authorization
E S
CVE-2024-2577 SourceCodester Employee Task Management System update-employee.php authorization
E S
CVE-2024-2578 WordPress WP Coder plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-2579 WordPress Tracking Code Manager plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-2580 WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-2581 Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow
E
CVE-2024-2583 Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
E
CVE-2024-2584 SQL injection vulnerability in AMSS++
CVE-2024-2585 SQL injection vulnerability in AMSS++
CVE-2024-2586 SQL injection vulnerability in AMSS++
CVE-2024-2587 SQL injection vulnerability in AMSS++
CVE-2024-2588 SQL injection vulnerability in AMSS++
CVE-2024-2589 SQL injection vulnerability in AMSS++
CVE-2024-2590 SQL injection vulnerability in AMSS++
CVE-2024-2591 SQL injection vulnerability in AMSS++
CVE-2024-2592 SQL injection vulnerability in AMSS++
CVE-2024-2593 Cross-Site Scripting (XSS) in AMSS++
CVE-2024-2594 Cross-Site Scripting (XSS) in AMSS++
CVE-2024-2595 Cross-Site Scripting (XSS) in AMSS++
CVE-2024-2596 Cross-Site Scripting (XSS) in AMSS++
CVE-2024-2597 Cross-Site Scripting (XSS) in AMSS++
CVE-2024-2598 Cross-Site Scripting (XSS) in AMSS++
CVE-2024-2599 Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++
CVE-2024-2602 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
CVE-2024-2603 Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings
E
CVE-2024-2604 SourceCodester File Manager App update-file.php unrestricted upload
E S
CVE-2024-2605 An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system esca...
CVE-2024-2606 Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers...
E
CVE-2024-2607 Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *N...
E
CVE-2024-2608 `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` c...
E
CVE-2024-2609 The permission prompt input delay could expire while the window is not in focus. This makes it vulne...
E
CVE-2024-2610 Using a markup injection an attacker could have stolen nonce values. This could have been used to by...
E
CVE-2024-2611 A missing delay on when pointer lock was used could have allowed a malicious page to trick a user in...
E
CVE-2024-2612 If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have tri...
CVE-2024-2613 Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted ...
S
CVE-2024-2614 Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these b...
CVE-2024-2615 Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption a...
CVE-2024-2616 To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash i...
CVE-2024-2617 A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass s...
CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-2619 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML Injection
S
CVE-2024-2620 Fujian Kelixin Communication Command and Dispatch Platform down_file.php sql injection
E S
CVE-2024-2621 Fujian Kelixin Communication Command and Dispatch Platform pwd_update.php sql injection
E S
CVE-2024-2622 Fujian Kelixin Communication Command and Dispatch Platform editemedia.php sql injection
E S
CVE-2024-2623 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui
E S
CVE-2024-2625 Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to po...
CVE-2024-2626 Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker ...
CVE-2024-2627 Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potent...
CVE-2024-2628 Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote a...
CVE-2024-2629 Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to pe...
CVE-2024-2630 Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacke...
CVE-2024-2631 Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacke...
CVE-2024-2632 Information Exposure Vulnerability on Meta4 HR
S
CVE-2024-2633 Multiple vulnerabilities on Meta4 HR from Cegid
S
CVE-2024-2634 Multiple vulnerabilities on Meta4 HR from Cegid
S
CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid
S
CVE-2024-2636 Multiple vulnerabilities on Meta4 HR from Cegid
S
CVE-2024-2637 Insecure Loading of Code in B&R Products
CVE-2024-2639 Bdtask Wholesale Inventory Management System session fixiation
E
CVE-2024-2640 Watu Quiz < 3.4.1.2 - Author+ Stored XSS
E
CVE-2024-2641 Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization
E
CVE-2024-2642 Ruijie RG-NBS2009G-P EXCU_SHELL command injection
E
CVE-2024-2643 My Sticky Bar < 2.6.8 - Admin+ Stored XSS
E
CVE-2024-2644 Netentsec NS-ASG Application Security Gateway addfirewall.php sql injection
E
CVE-2024-2645 Netentsec NS-ASG Application Security Gateway resetpwd.php xpath injection
E
CVE-2024-2646 Netentsec NS-ASG Application Security Gateway sql injection
E
CVE-2024-2647 Netentsec NS-ASG Application Security Gateway singlelogin.php sql injection
E
CVE-2024-2648 Netentsec NS-ASG Application Security Gateway naccheck.php xpath injection
E
CVE-2024-2649 Netentsec NS-ASG Application Security Gateway deleteonlineuser.php sql injection
E
CVE-2024-2650 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-2651 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2024-2652 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-2653 CVE-2024-2653
CVE-2024-2654 The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an...
S
CVE-2024-2655 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-2656 The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & ...
CVE-2024-2657 Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-2658 Local privilege escalation in FlexNet Publisher
CVE-2024-2659 A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authentica...
S
CVE-2024-2660 Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
CVE-2024-2661 The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with ...
CVE-2024-2662 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection
S
CVE-2024-2663 The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all v...
CVE-2024-2664 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-2665 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-2666 The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site S...
CVE-2024-2667 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary...
S
CVE-2024-2668 Campcodes Online Job Finder System controller.php sql injection
E
CVE-2024-2669 Campcodes Online Job Finder System GET Parameter controller.php sql injection
E
CVE-2024-2670 Campcodes Online Job Finder System index.php sql injection
E
CVE-2024-2671 Campcodes Online Job Finder System index.php sql injection
E
CVE-2024-2672 Campcodes Online Job Finder System controller.php sql injection
E
CVE-2024-2673 Campcodes Online Job Finder System login.php sql injection
E
CVE-2024-2674 Campcodes Online Job Finder System index.php sql injection
E
CVE-2024-2675 Campcodes Online Job Finder System index.php sql injection
E
CVE-2024-2676 Campcodes Online Job Finder System controller.php sql injection
E
CVE-2024-2677 Campcodes Online Job Finder System controller.php sql injection
E
CVE-2024-2678 Campcodes Online Job Finder System controller.php sql injection
E
CVE-2024-2679 Campcodes Online Job Finder System index.php cross site scripting
E
CVE-2024-2680 Campcodes Online Job Finder System index.php cross site scripting
E
CVE-2024-2681 Campcodes Online Job Finder System index.php cross site scripting
E
CVE-2024-2682 Campcodes Online Job Finder System controller.php cross site scripting
E
CVE-2024-2683 Campcodes Online Job Finder System index.php cross site scripting
E
CVE-2024-2684 Campcodes Online Job Finder System index.php cross site scripting
E
CVE-2024-2685 Campcodes Online Job Finder System index.php cross site scripting
E
CVE-2024-2686 Campcodes Online Job Finder System controller.php cross site scripting
E
CVE-2024-2687 Campcodes Online Job Finder System index.php sql injection
E
CVE-2024-2688 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed A...
S
CVE-2024-2689 Denial of Service if invalid UTF-8 sent
CVE-2024-2690 SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload
E
CVE-2024-2691 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode
S
CVE-2024-2692 SiYuan 3.0.3 - RCE via Server Side XSS
E
CVE-2024-2693 The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up ...
CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-2695 Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
E
CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
E
CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
M
CVE-2024-2700 Quarkus-core: leak of local configuration properties into quarkus applications
M
CVE-2024-2702 WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability
S
CVE-2024-2703 Tenda AC10U SetOnlineDevName formSetDeviceName stack-based overflow
E
CVE-2024-2704 Tenda AC10U SetFirewallCfg formSetFirewallCfg stack-based overflow
E
CVE-2024-2705 Tenda AC10U SetNetControlList formSetQosBand stack-based overflow
E
CVE-2024-2706 Tenda AC10U WifiWpsStart formWifiWpsStart stack-based overflow
E
CVE-2024-2707 Tenda AC10U WriteFacMac formWriteFacMac os command injection
E
CVE-2024-2708 Tenda AC10U execCommand formexeCommand stack-based overflow
E
CVE-2024-2709 Tenda AC10U SetStaticRouteCfg fromSetRouteStatic stack-based overflow
E
CVE-2024-2710 Tenda AC10U openSchedWifi setSchedWifi stack-based overflow
E
CVE-2024-2711 Tenda AC10U addWifiMacFilter stack-based overflow
E
CVE-2024-2712 Campcodes Complete Online DJ Booking System user-search.php sql injection
E
CVE-2024-2713 Campcodes Complete Online DJ Booking System booking-search.php sql injection
E
CVE-2024-2714 Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php sql injection
E
CVE-2024-2715 Campcodes Complete Online DJ Booking System user-search.php cross site scripting
E
CVE-2024-2716 Campcodes Complete Online DJ Booking System contactus.php cross site scripting
E
CVE-2024-2717 Campcodes Complete Online DJ Booking System booking-search.php cross site scripting
E
CVE-2024-2718 Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php cross site scripting
E
CVE-2024-2719 Campcodes Complete Online DJ Booking System admin-profile.php cross site scripting
E
CVE-2024-2720 Campcodes Complete Online DJ Booking System aboutus.php cross site scripting
E
CVE-2024-2721 WordPress Social Media Share Buttons plugin <= 2.1.0 - PHP Object Injection vulnerability
CVE-2024-2722 SQL injection vulnerability in the CIGESv2 system
S
CVE-2024-2723 SQL injection vulnerability in the CIGESv2 system
S
CVE-2024-2724 SQL injection vulnerability in the CIGESv2 system
S
CVE-2024-2725 Exposure of Sensitive Information vulnerability in the CIGESv2 system
S
CVE-2024-2726 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
S
CVE-2024-2727 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
S
CVE-2024-2728 Information exposure vulnerability in the CIGESv2 system
S
CVE-2024-2729 Otter Blocks < 2.6.6 - Contributor+ Stored XSS
E
CVE-2024-2730 Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
E
CVE-2024-2731 Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
E
CVE-2024-2732 The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu...
S
CVE-2024-2733 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-2734 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-2735 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Pri...
S
CVE-2024-2736 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag...
S
CVE-2024-2738 The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scri...
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
E
CVE-2024-2740 Exposure of Sensitive Information to an Unauthorized Actor in Planet IGS-4215-16T2S
S
CVE-2024-2741 Cross-Site Request Forgery in Planet IGS-4215-16T2S
S
CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S
S
CVE-2024-2743 Incorrect Authorization in GitLab
E S
CVE-2024-2744 Nextgen Gallery < 3.59.1 - Admin+ Stored XSS
E
CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL
CVE-2024-2746 Incomplete fix for CVE-2024-1929
CVE-2024-2747 CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause p...
CVE-2024-2748 CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user
CVE-2024-2749 VikBooking < 1.6.8 - Broken Access Control
E
CVE-2024-2750 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-2751 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
CVE-2024-2752 The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to...
CVE-2024-2753 Concrete CMS version 9 below 9.2.8 and below 8.5.16 is vulnerable to stored XSS on the calendar color settings screen
CVE-2024-2754 SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload
E
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs
CVE-2024-2758 CVE-2024-2758
CVE-2024-2759 Improper access control in Apaczka plugin for PrestaShop
CVE-2024-2760 Bkav Home v7816, build 2403161130 - Kernel Memory Leak
CVE-2024-2761 Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
E
CVE-2024-2762 FooGallery < 2.4.15 - Author+ Stored XSS
E
CVE-2024-2763 Tenda AC10U setcfm formSetCfm stack-based overflow
E
CVE-2024-2764 Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow
E
CVE-2024-2765 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem...
S
CVE-2024-2766 Campcodes Complete Online Beauty Parlor Management System index.php sql injection
E
CVE-2024-2767 Campcodes Complete Online Beauty Parlor Management System forgot-password.php sql injection
E
CVE-2024-2768 Campcodes Complete Online Beauty Parlor Management System edit-services.php sql injection
E
CVE-2024-2769 Campcodes Complete Online Beauty Parlor Management System admin-profile.php sql injection
E
CVE-2024-2770 Campcodes Complete Online Beauty Parlor Management System contact-us.php sql injection
E
CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation
S
CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting
S
CVE-2024-2773 Campcodes Online Marriage Registration System search.php cross site scripting
E
CVE-2024-2774 Campcodes Online Marriage Registration System search.php sql injection
E
CVE-2024-2775 Campcodes Online Marriage Registration System user-profile.php cross site scripting
E
CVE-2024-2776 Campcodes Online Marriage Registration System search.php sql injection
E
CVE-2024-2777 Campcodes/PHPGurukul Online Marriage Registration System application-bwdates-reports-details.php sql injection
E
CVE-2024-2778 Campcodes Online Marriage Registration System search.php cross site scripting
E
CVE-2024-2779 Campcodes Online Marriage Registration System application-bwdates-reports-details.php cross site scripting
E
CVE-2024-2780 Campcodes Online Marriage Registration System admin-profile.php cross site scripting
E
CVE-2024-2781 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation
S
CVE-2024-2783 The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPre...
S
CVE-2024-2784 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card
S
CVE-2024-2785 The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
S
CVE-2024-2786 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-2787 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-2788 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-2789 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-2790 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-2791 The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site S...
S
CVE-2024-2792 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via w...
S
CVE-2024-2793 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-2794 The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-S...
CVE-2024-2795 SEO SIMPLE PACK <= 3.2.1 - Information Exposure
CVE-2024-2796 SSRF in Akana API Platform
CVE-2024-2797 The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin s...
CVE-2024-2798 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr...
S
CVE-2024-2799 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr...
S
CVE-2024-2800 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-2801 The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl...
CVE-2024-2802 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1166. Reason: T...
R
CVE-2024-2803 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-2804 The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter...
CVE-2024-2805 Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow
E
CVE-2024-2806 Tenda AC15 addWifiMacFilter stack-based overflow
E
CVE-2024-2807 Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow
E
CVE-2024-2808 Tenda AC15 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-2809 Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow
E
CVE-2024-2810 Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow
E
CVE-2024-2811 Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow
E
CVE-2024-2812 Tenda AC15 WriteFacMac formWriteFacMac os command injection
E
CVE-2024-2813 Tenda AC15 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
E
CVE-2024-2814 Tenda AC15 DhcpListClient fromDhcpListClient stack-based overflow
E
CVE-2024-2815 Tenda AC15 Cookie execCommand R7WebsSecurityHandler stack-based overflow
E
CVE-2024-2816 Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery
E
CVE-2024-2817 Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery
E
CVE-2024-2818 Allocation of Resources Without Limits or Throttling in GitLab
S
CVE-2024-2819 File Permission Vulnerability in Hitachi Ops Center Common Services
CVE-2024-2820 DedeCMS baidunews.php cross-site request forgery
E
CVE-2024-2821 DedeCMS friendlink_edit.php cross-site request forgery
E
CVE-2024-2822 DedeCMS vote_edit.php cross-site request forgery
E
CVE-2024-2823 DedeCMS mda_main.php cross-site request forgery
E
CVE-2024-2824 Matthias-Wandel jhead exif.c PrintFormatNumber heap-based overflow
E
CVE-2024-2825 lakernote EasyAdmin saveReportFile path traversal
E
CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference
E
CVE-2024-2827 lakernote EasyAdmin saveReportFile server-side request forgery
E
CVE-2024-2828 lakernote EasyAdmin IndexController.java thumbnail server-side request forgery
E S
CVE-2024-2829 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2024-2830 The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored ...
CVE-2024-2831 The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all ...
CVE-2024-2832 Campcodes Online Shopping System offersmail.php cross site scripting
E
CVE-2024-2833 The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ...
S
CVE-2024-2834 OpenText ArcSight Management Center and ArcSight Platform Stored XSS
CVE-2024-2835 OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
CVE-2024-2836 Super Socializer < 7.13.64 - Editor+ Stored XSS
E
CVE-2024-2837 WP Chat App < 3.6.4 - Admin+ Stored XSS
E
CVE-2024-2838 The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site S...
CVE-2024-2839 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p...
S
CVE-2024-2840 The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via med...
CVE-2024-2841 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is...
S
CVE-2024-2842 The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-2843 WooCommerce Customers Manager < 30.1 - User Deletion via CSRF
E
CVE-2024-2844 The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to...
S
CVE-2024-2845 The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer Fo...
CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-2847 The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
S
CVE-2024-2848 The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missi...
CVE-2024-2849 SourceCodester Simple File Manager unrestricted upload
E
CVE-2024-2850 Tenda AC15 saveParentControlInfo stack-based overflow
E
CVE-2024-2851 Tenda AC15 setsambacfg formSetSambaConf os command injection
E
CVE-2024-2852 Tenda AC15 saveParentControlInfo stack-based overflow
E
CVE-2024-2853 Tenda AC10U setsambacfg formSetSambaConf os command injection
E
CVE-2024-2854 Tenda AC18 setsambacfg formSetSambaConf os command injection
E
CVE-2024-2855 Tenda AC15 SetSysTimeCfg fromSetSysTime stack-based overflow
E
CVE-2024-2856 Tenda AC10 SetSysTimeCfg fromSetSysTime stack-based overflow
E
CVE-2024-2857 Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS
E
CVE-2024-2858 Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
E
CVE-2024-2859 By default, SANnav OVA is shipped with root user login enabled (CVE-2024-2859)
CVE-2024-2860 The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect...
CVE-2024-2861 ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget
CVE-2024-2862 Password reset vulnerability without authorization on LG LED Assistant
CVE-2024-2863 Path traversal via file upload on LG LED Assistant
CVE-2024-2864 WordPress Youzify - Buddypress Moderation plugin <= 1.2.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability
CVE-2024-2865 SQLi in Mergen Soft Quality Management System
CVE-2024-2866 Rejected reason: ** REJECT ** Accidental reservation. Please use CVE-2024-2509....
R
CVE-2024-2867 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-2868 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (fo...
S
CVE-2024-2869 Easy Property Listings <= 3.5.3 - Admin+ Stored XSS
E
CVE-2024-2870 Swift Framework < 2024.04.30 - Reflected XSS
E
CVE-2024-2871 The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's sho...
CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS
E
CVE-2024-2873 User authentication bypass in wolfSSH server
S
CVE-2024-2874 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-2875 Rejected reason: ** REJECT ** Duplicate reservation. Please use CVE-2024-4258 instead....
R
CVE-2024-2876 The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & ...
CVE-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
CVE-2024-2878 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-2879 The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup acti...
CVE-2024-2880 Improper Access Control in GitLab
E S
CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt
CVE-2024-2882 Missing Authorization in SDG Technologies PnPSCADA
S
CVE-2024-2883 Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potenti...
E
CVE-2024-2884 Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to poten...
E
CVE-2024-2885 Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentia...
E
CVE-2024-2886 Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to per...
E
CVE-2024-2887 Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to e...
E
CVE-2024-2888 WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-2889 WordPress WP-Lister Lite for Amazon plugin <= 2.6.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-2890 WordPress Tumult Hype Animations plugin <= 1.9.12 - Arbitrary File Upload vulnerability
S
CVE-2024-2891 Tenda AC7 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-2892 Tenda AC7 setcfm formSetCfm stack-based overflow
E
CVE-2024-2893 Tenda AC7 SetOnlineDevName formSetDeviceName stack-based overflow
E
CVE-2024-2894 Tenda AC7 SetNetControlList formSetQosBand stack-based overflow
E
CVE-2024-2895 Tenda AC7 WifiWpsOOB formWifiWpsOOB stack-based overflow
E
CVE-2024-2896 Tenda AC7 WifiWpsStart formWifiWpsStart stack-based overflow
E
CVE-2024-2897 Tenda AC7 WriteFacMac formWriteFacMac os command injection
E
CVE-2024-2898 Tenda AC7 SetStaticRouteCfg fromSetRouteStatic stack-based overflow
E
CVE-2024-2899 Tenda AC7 WifiExtraSet fromSetWirelessRepeat stack-based overflow
E
CVE-2024-2900 Tenda AC7 saveParentControlInfo stack-based overflow
E
CVE-2024-2901 Tenda AC7 openSchedWifi setSchedWifi stack-based overflow
E
CVE-2024-2902 Tenda AC7 WifiGuestSet fromSetWifiGusetBasic stack-based overflow
E
CVE-2024-2903 Tenda AC7 GetParentControlInfo stack-based overflow
E
CVE-2024-2904 WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-2905 Rpm-ostree: world-readable /etc/shadow file
M
CVE-2024-2906 WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability
S
CVE-2024-2907 AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL
E
CVE-2024-2908 Call Now Button < 1.4.7 - Admin+ Stored XSS
E
CVE-2024-2909 Ruijie RG-EG350 HTTP POST Request setAction os command injection
E
CVE-2024-2910 Ruijie RG-EG350 HTTP POST Request vpnAction os command injection
E
CVE-2024-2911 Tianjin PubliCMS cross-site request forgery
E
CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml
CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm
CVE-2024-2914 TarSlip Vulnerability in deepjavalibrary/djl
E S
CVE-2024-2915 Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an at...
CVE-2024-2916 Campcodes House Rental Management System ajax.php sql injection
E
CVE-2024-2917 Campcodes House Rental Management System index.php file inclusion
E
CVE-2024-2918 Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier al...
CVE-2024-2919 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to...
S
CVE-2024-2920 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all v...
CVE-2024-2921 Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allow...
CVE-2024-2922 Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags
CVE-2024-2923 Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget
S
CVE-2024-2924 The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-2925 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-2926 Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets
CVE-2024-2927 code-projects Mobile Shop Login Page Details.php sql injection
E
CVE-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow
E S
CVE-2024-2929 Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
S
CVE-2024-2930 SourceCodester Music Gallery Site unrestricted upload
E
CVE-2024-2931 The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in...
S
CVE-2024-2932 SourceCodester Online Chatting System update_room.php sql injection
E
CVE-2024-2933 Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles
CVE-2024-2934 SourceCodester Todo List in Kanban Board delete-todo.php sql injection
E
CVE-2024-2935 SourceCodester Todo List in Kanban Board Add ToDo cross site scripting
E
CVE-2024-2936 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id att...
S
CVE-2024-2937 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2024-2938 Campcodes Online Examination System updateCourse.php sql injection
E
CVE-2024-2939 Campcodes Online Examination System updateExaminee.php cross site scripting
E
CVE-2024-2940 Campcodes Online Examination System updateCourse.php cross site scripting
E
CVE-2024-2941 Campcodes Online Examination System loginExe.php sql injection
E
CVE-2024-2942 Campcodes Online Examination System deleteQuestionExe.php sql injection
E
CVE-2024-2943 Campcodes Online Examination System deleteExamExe.php sql injection
E
CVE-2024-2944 Campcodes Online Examination System deleteCourseExe.php sql injection
E
CVE-2024-2945 Campcodes Online Examination System updateExaminee.php sql injection
E
CVE-2024-2946 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (fo...
CVE-2024-2947 Cockpit: command injection when deleting a sosreport with a crafted name
M
CVE-2024-2948 The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'us...
CVE-2024-2949 The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post ...
S
CVE-2024-2950 The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information E...
CVE-2024-2951 WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
CVE-2024-2953 LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-2954 The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' paramet...
CVE-2024-2955 Mismatched Memory Management Routines in Wireshark
S
CVE-2024-2956 The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cros...
CVE-2024-2957 Rejected reason: **DUPLICATE*** Please use CVE-2024-1983 instead....
R
CVE-2024-2958 The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing...
CVE-2024-2959 The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi...
CVE-2024-2960 The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi...
CVE-2024-2961 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer pas...
CVE-2024-2962 The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauth...
CVE-2024-2963 The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi...
CVE-2024-2964 The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve...
CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
E
CVE-2024-2966 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote ...
S
CVE-2024-2967 The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin f...
CVE-2024-2968 The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings ...
CVE-2024-2969 The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...
CVE-2024-2970 The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to...
CVE-2024-2971 Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05
CVE-2024-2972 Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
E
CVE-2024-2973 Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed
S
CVE-2024-2974 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-2975 A race condition was identified through which privilege escalation was possible in certain configura...
CVE-2024-2976 Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow
E
CVE-2024-2977 Tenda F1203 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-2978 Tenda F1203 setcfm formSetCfm stack-based overflow
E
CVE-2024-2979 Tenda F1203 openSchedWifi setSchedWifi stack-based overflow
E
CVE-2024-2980 Tenda FH1202 execCommand formexeCommand stack-based overflow
E
CVE-2024-2981 Tenda FH1202 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
E
CVE-2024-2982 Tenda FH1202 WriteFacMac formWriteFacMac command injection
E
CVE-2024-2983 Tenda FH1202 SetClientState formSetClientState stack-based overflow
E
CVE-2024-2984 Tenda FH1202 setcfm formSetCfm stack-based overflow
E
CVE-2024-2985 Tenda FH1202 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-2986 Tenda FH1202 SetSpeedWan formSetSpeedWan stack-based overflow
E
CVE-2024-2987 Tenda FH1202 GetParentControlInfo stack-based overflow
E
CVE-2024-2988 Tenda FH1203 fromRouteStatic fromSetRouteStatic stack-based overflow
E
CVE-2024-2989 Tenda FH1203 NatStaticSetting fromNatStaticSetting stack-based overflow
E
CVE-2024-2990 Tenda FH1203 execCommand formexeCommand stack-based overflow
E
CVE-2024-2991 Tenda FH1203 WriteFacMac formWriteFacMac command injection
E
CVE-2024-2992 Tenda FH1203 setcfm formSetCfm stack-based overflow
E
CVE-2024-2993 Tenda FH1203 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-2994 Tenda FH1203 GetParentControlInfo stack-based overflow
E
CVE-2024-2995 NUUO Camera deletefile.php denial of service
E
CVE-2024-2996 Bdtask Multi-Store Inventory Management System Page Title cross site scripting
E
CVE-2024-2997 Bdtask Multi-Store Inventory Management System cross site scripting
E
CVE-2024-2998 Bdtask Multi-Store Inventory Management System Store Update Page cross site scripting
E
CVE-2024-2999 Campcodes Online Art Gallery Management System adminHome.php sql injection
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.