| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-24000 | jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface do... | | |
| CVE-2024-24001 | jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.... | E | |
| CVE-2024-24002 | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.e... | E | |
| CVE-2024-24003 | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.... | E | |
| CVE-2024-24004 | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.... | E | |
| CVE-2024-24013 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pa... | | |
| CVE-2024-24014 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pa... | | |
| CVE-2024-24015 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pa... | | |
| CVE-2024-24017 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pa... | | |
| CVE-2024-24018 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pa... | | |
| CVE-2024-24019 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pa... | | |
| CVE-2024-24021 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specia... | | |
| CVE-2024-24023 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specia... | | |
| CVE-2024-24024 | An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.co... | | |
| CVE-2024-24025 | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.comm... | | |
| CVE-2024-24026 | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.jav... | | |
| CVE-2024-24027 | SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands v... | | |
| CVE-2024-24028 | Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view s... | | |
| CVE-2024-24029 | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.... | E | |
| CVE-2024-24034 | Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allow... | E | |
| CVE-2024-24035 | Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitr... | E | |
| CVE-2024-24041 | A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source ... | E | |
| CVE-2024-24042 | Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker t... | | |
| CVE-2024-24043 | Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to ... | | |
| CVE-2024-24050 | Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers ... | E | |
| CVE-2024-24051 | Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers ... | | |
| CVE-2024-24059 | springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffi... | E | |
| CVE-2024-24060 | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.... | E | |
| CVE-2024-24061 | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.... | E | |
| CVE-2024-24062 | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.... | E | |
| CVE-2024-24091 | Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerabi... | | |
| CVE-2024-24092 | SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to ru... | | |
| CVE-2024-24093 | SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run ar... | | |
| CVE-2024-24095 | Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.... | | |
| CVE-2024-24096 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.... | | |
| CVE-2024-24097 | Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attack... | | |
| CVE-2024-24098 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.... | | |
| CVE-2024-24099 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status In... | | |
| CVE-2024-24100 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.... | | |
| CVE-2024-24101 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Informat... | | |
| CVE-2024-24105 | SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers... | | |
| CVE-2024-24110 | SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL comman... | | |
| CVE-2024-24112 | xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.... | E | |
| CVE-2024-24113 | xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged... | E | |
| CVE-2024-24115 | A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 a... | E | |
| CVE-2024-24116 | An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain pri... | E | |
| CVE-2024-24117 | Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a ... | E | |
| CVE-2024-24122 | A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project... | E | |
| CVE-2024-24130 | Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (X... | E | |
| CVE-2024-24131 | SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenr... | E | |
| CVE-2024-24133 | Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on ... | | |
| CVE-2024-24134 | Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' ... | E | |
| CVE-2024-24135 | Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with ... | E | |
| CVE-2024-24136 | The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 ... | E | |
| CVE-2024-24139 | Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' paramete... | E | |
| CVE-2024-24140 | Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'... | E | |
| CVE-2024-24141 | Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.... | E | |
| CVE-2024-24142 | Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.... | E | |
| CVE-2024-24146 | A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause ... | E | |
| CVE-2024-24147 | A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to caus... | E | |
| CVE-2024-24148 | A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause... | E | |
| CVE-2024-24149 | A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a ... | E | |
| CVE-2024-24150 | A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a ... | E | |
| CVE-2024-24155 | Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tr... | E | |
| CVE-2024-24156 | Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd8... | | |
| CVE-2024-24157 | Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vuln... | | |
| CVE-2024-24160 | MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.... | E | |
| CVE-2024-24161 | MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path ... | E | |
| CVE-2024-24186 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKe... | E | |
| CVE-2024-24188 | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.... | E | |
| CVE-2024-24189 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/... | | |
| CVE-2024-24192 | robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at... | | |
| CVE-2024-24194 | robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens comp... | | |
| CVE-2024-24195 | robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.... | | |
| CVE-2024-24198 | smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.... | | |
| CVE-2024-24199 | smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.... | | |
| CVE-2024-24202 | An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, Z... | E | |
| CVE-2024-24213 | Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component ... | | |
| CVE-2024-24215 | An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attac... | | |
| CVE-2024-24216 | Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the... | E | |
| CVE-2024-24230 | Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity te... | | |
| CVE-2024-24245 | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local ... | | |
| CVE-2024-24246 | Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the ... | E | |
| CVE-2024-24254 | PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence da... | E | |
| CVE-2024-24255 | A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.1... | E | |
| CVE-2024-24256 | SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 a... | | |
| CVE-2024-24257 | An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an at... | | |
| CVE-2024-24258 | freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubM... | E | |
| CVE-2024-24259 | freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glu... | E | |
| CVE-2024-24260 | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subsc... | E | |
| CVE-2024-24262 | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_s... | E | |
| CVE-2024-24263 | Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the respon... | E | |
| CVE-2024-24265 | gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_... | E | |
| CVE-2024-24266 | gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_... | E | |
| CVE-2024-24267 | gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from... | E | |
| CVE-2024-24272 | An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to ... | | |
| CVE-2024-24275 | Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows... | E | |
| CVE-2024-24276 | Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 ... | E | |
| CVE-2024-24278 | An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obta... | E | |
| CVE-2024-24279 | An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash D... | | |
| CVE-2024-24291 | An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to mal... | E | |
| CVE-2024-24292 | A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code ... | E M | |
| CVE-2024-24293 | A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arb... | | |
| CVE-2024-24294 | A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute a... | | |
| CVE-2024-24300 | 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of c... | E | |
| CVE-2024-24301 | Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interfac... | E M | |
| CVE-2024-24302 | An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop bef... | | |
| CVE-2024-24303 | SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for Pres... | | |
| CVE-2024-24304 | In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can dow... | S | |
| CVE-2024-24307 | Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaSho... | | |
| CVE-2024-24308 | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 a... | S | |
| CVE-2024-24309 | In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a gue... | S | |
| CVE-2024-24310 | In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation ... | | |
| CVE-2024-24311 | Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsit... | S | |
| CVE-2024-24312 | SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to ob... | | |
| CVE-2024-24313 | An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive info... | | |
| CVE-2024-24320 | Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote at... | E | |
| CVE-2024-24321 | An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the w... | E | |
| CVE-2024-24323 | SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensit... | | |
| CVE-2024-24324 | TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored... | E | |
| CVE-2024-24325 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24326 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24327 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24328 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24329 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24330 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24331 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24332 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24333 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-24334 | A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2.... | | |
| CVE-2024-24335 | A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2.... | | |
| CVE-2024-24336 | A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/m... | | |
| CVE-2024-24337 | CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha ... | E | |
| CVE-2024-24350 | File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker ... | E | |
| CVE-2024-24375 | SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive inform... | E | |
| CVE-2024-24377 | An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain se... | E | |
| CVE-2024-24386 | An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to... | | |
| CVE-2024-24388 | Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote atta... | E | |
| CVE-2024-24389 | A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arb... | | |
| CVE-2024-24393 | File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrar... | E | |
| CVE-2024-24396 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allo... | E | |
| CVE-2024-24397 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allo... | E | |
| CVE-2024-24398 | Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allow... | E | |
| CVE-2024-24399 | An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute ar... | E | |
| CVE-2024-24401 | SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary cod... | | |
| CVE-2024-24402 | An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script... | | |
| CVE-2024-24403 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-30176. Reason: This record is a re... | R | |
| CVE-2024-24407 | SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obta... | E | |
| CVE-2024-24409 | Privilege Escalation | | |
| CVE-2024-24416 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) ... | E | |
| CVE-2024-24417 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) ... | E | |
| CVE-2024-24418 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) ... | E | |
| CVE-2024-24419 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) ... | E | |
| CVE-2024-24420 | A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08... | | |
| CVE-2024-24421 | A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba9... | | |
| CVE-2024-24422 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) ... | E | |
| CVE-2024-24423 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) ... | E | |
| CVE-2024-24424 | A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 c... | | |
| CVE-2024-24425 | Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the am... | | |
| CVE-2024-24426 | Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and... | | |
| CVE-2024-24427 | A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause ... | | |
| CVE-2024-24428 | A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to ca... | E | |
| CVE-2024-24429 | A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers t... | E | |
| CVE-2024-24430 | A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to ca... | E | |
| CVE-2024-24431 | A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause... | E | |
| CVE-2024-24432 | A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause... | E | |
| CVE-2024-24442 | A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai... | E | |
| CVE-2024-24443 | An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine ... | | |
| CVE-2024-24444 | Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf)... | E | |
| CVE-2024-24445 | OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of uns... | | |
| CVE-2024-24446 | An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to c... | | |
| CVE-2024-24447 | A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-am... | | |
| CVE-2024-24449 | An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up... | | |
| CVE-2024-24450 | Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in... | | |
| CVE-2024-24451 | A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oa... | E | |
| CVE-2024-24452 | An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages ... | | |
| CVE-2024-24453 | An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd ... | | |
| CVE-2024-24454 | An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in A... | | |
| CVE-2024-24455 | An invalid memory access when handling a UE Context Release message containing an invalid UE identif... | | |
| CVE-2024-24456 | An E-RAB Release Command packet containing a malformed NAS PDU will cause the Athonet MME to immedia... | | |
| CVE-2024-24457 | An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes mes... | | |
| CVE-2024-24458 | An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PL... | | |
| CVE-2024-24459 | An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athone... | | |
| CVE-2024-24468 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute a... | E | |
| CVE-2024-24469 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute a... | E | |
| CVE-2024-24470 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute a... | E | |
| CVE-2024-24474 | QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an ... | | |
| CVE-2024-24475 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-24476 | A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service vi... | S | |
| CVE-2024-24478 | An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pac... | S | |
| CVE-2024-24479 | A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service vi... | S | |
| CVE-2024-24482 | Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.... | E | |
| CVE-2024-24485 | An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain s... | | |
| CVE-2024-24486 | An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit dev... | | |
| CVE-2024-24487 | An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a ... | | |
| CVE-2024-24488 | An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain ... | | |
| CVE-2024-24494 | Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute ... | E | |
| CVE-2024-24495 | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attac... | E | |
| CVE-2024-24496 | An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.p... | E | |
| CVE-2024-24497 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1009. Reason: This candidate... | R | |
| CVE-2024-24498 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1008. Reason: This candidate... | R | |
| CVE-2024-24499 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1007. Reason: This candidate... | R | |
| CVE-2024-24506 | Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, a... | | |
| CVE-2024-24507 | Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code... | E | |
| CVE-2024-24510 | Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute ... | | |
| CVE-2024-24511 | Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via... | E | |
| CVE-2024-24512 | Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via... | E | |
| CVE-2024-24520 | An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php... | E | |
| CVE-2024-24524 | Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to ex... | E | |
| CVE-2024-24525 | An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execu... | | |
| CVE-2024-24528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-24539 | FusionPBX before 5.2.0 does not validate a session.... | S | |
| CVE-2024-24543 | Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15... | E | |
| CVE-2024-24548 | Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information ... | | |
| CVE-2024-24549 | Apache Tomcat: HTTP/2 header handling DoS | | |
| CVE-2024-24550 | Bludit - Remote Code Execution (RCE) through File API | S | |
| CVE-2024-24551 | Bludit - Remote Code Execution (RCE) through Image API | S | |
| CVE-2024-24552 | Bludit is Vulnerable to Session Fixation | S | |
| CVE-2024-24553 | Bludit uses SHA1 as Password Hashing Algorithm | S | |
| CVE-2024-24554 | Bludit - Insecure Token Generation | S | |
| CVE-2024-24556 | XSS in @urql/next | S | |
| CVE-2024-24557 | Moby classic builder cache poisoning | S | |
| CVE-2024-24558 | react-query-streamed-hydration xss | S | |
| CVE-2024-24559 | Vyper SHA3 code generation bug | | |
| CVE-2024-24560 | Vyper external calls can overflow return data to return input buffer | E | |
| CVE-2024-24561 | Vyper bounds check on built-in `slice()` function can be overflowed | E | |
| CVE-2024-24562 | Security headers not set in vantage6-UI | | |
| CVE-2024-24563 | Vyper array negative index vulnerability | E | |
| CVE-2024-24564 | Vyper extract32 can ready dirty memory | E S | |
| CVE-2024-24565 | CrateDB database has an arbitrary file read vulnerability | E S | |
| CVE-2024-24566 | Lobe Chat unauthorized access to plugins | E S | |
| CVE-2024-24567 | raw_call `value=` kwargs not disabled for static and delegate calls | E | |
| CVE-2024-24568 | Suricata http2: header handling evasion | S | |
| CVE-2024-24569 | `ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability | E S | |
| CVE-2024-24570 | Statamic account takeover via XSS and password reset link | | |
| CVE-2024-24571 | facileManager Systemic Cross-Site Scripting (XSS) | E S | |
| CVE-2024-24572 | facileManager Authenticated Variable Manipulation leading to SQL Injection | E S | |
| CVE-2024-24573 | facileManager Privilege Escalation via Mass Assignment | E S | |
| CVE-2024-24574 | phpMyFAQ vulnerable to stored XSS on attachments filename | E S | |
| CVE-2024-24575 | libgit2 is vulnerable to a denial of service attack in `git_revparse_single` | S | |
| CVE-2024-24576 | Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows | | |
| CVE-2024-24577 | libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add` | | |
| CVE-2024-24578 | RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload | | |
| CVE-2024-24579 | Tar path traversal in stereoscope when processing OCI tar archives | S | |
| CVE-2024-24580 | Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may all... | | |
| CVE-2024-24581 | Arkcompiler runtime has an out-of-bounds write vulnerability | | |
| CVE-2024-24582 | Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow... | | |
| CVE-2024-24583 | Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A s... | M | |
| CVE-2024-24584 | Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A s... | | |
| CVE-2024-24590 | Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegr... | E | |
| CVE-2024-24591 | A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML... | E | |
| CVE-2024-24592 | Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform ... | E | |
| CVE-2024-24593 | A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server com... | E | |
| CVE-2024-24594 | A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI... | E | |
| CVE-2024-24595 | Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instanc... | | |
| CVE-2024-24621 | Softaculous Webuzo Authentication Bypass | | |
| CVE-2024-24622 | Softaculous Webuzo Password Reset Command Injection | | |
| CVE-2024-24623 | Softaculous Webuzo FTP Management Command Injection | | |
| CVE-2024-24680 | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2.... | S | |
| CVE-2024-24681 | An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuratio... | | |
| CVE-2024-24683 | Apache Hop Engine: ID isn't escaped when generating HTML | | |
| CVE-2024-24684 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2... | M | |
| CVE-2024-24685 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2... | | |
| CVE-2024-24686 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2... | | |
| CVE-2024-24690 | Zoom Clients - Improper Input Validation | | |
| CVE-2024-24691 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation | | |
| CVE-2024-24692 | Zoom Rooms Client for Windows - Race Condition | | |
| CVE-2024-24693 | Zoom Rooms Client for Windows - Improper Access Control | | |
| CVE-2024-24694 | Zoom Desktop Client for Windows - Improper Privilege Management | | |
| CVE-2024-24695 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation | | |
| CVE-2024-24696 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation | | |
| CVE-2024-24697 | Zoom Clients - Untrusted Search Path | | |
| CVE-2024-24698 | Zoom Clients - Improper Authentication | | |
| CVE-2024-24699 | Zoom Clients - Business Logic Error | | |
| CVE-2024-24700 | WordPress WP Editor plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-24701 | WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24702 | WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24703 | WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability | S | |
| CVE-2024-24704 | WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability | S | |
| CVE-2024-24705 | WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24706 | WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24707 | WordPress Cwicly plugin <= 1.4.0.2 - Auth. Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-24708 | WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24710 | WordPress Feed Them Social plugin <= 4.2.0 - Broken Access Control vulnerability | S | |
| CVE-2024-24711 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability | S | |
| CVE-2024-24712 | WordPress Heateor Social Login Plugin <= 1.1.30 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24713 | WordPress Auto Listings Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24714 | WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload | S | |
| CVE-2024-24715 | WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability | S | |
| CVE-2024-24716 | WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability | S | |
| CVE-2024-24717 | WordPress Beds24 Online Booking Plugin <= 2.0.23 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24718 | WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability | S | |
| CVE-2024-24719 | WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability | S | |
| CVE-2024-24720 | An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It p... | | |
| CVE-2024-24721 | An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authentic... | | |
| CVE-2024-24722 | An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server compone... | | |
| CVE-2024-24724 | Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Inj... | | |
| CVE-2024-24725 | Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via ... | | |
| CVE-2024-24731 | Silicon Labs Gecko OS http_download Stack-based Buffer Overflow | S | |
| CVE-2024-24736 | The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long... | E | |
| CVE-2024-24739 | Missing authorization check in SAP BAM (Bank Account Management) | | |
| CVE-2024-24740 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel) | | |
| CVE-2024-24741 | Missing Authorization check in SAP Master Data Governance Material | | |
| CVE-2024-24742 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | | |
| CVE-2024-24743 | XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures) | | |
| CVE-2024-24746 | Apache NimBLE: Denial of service in NimBLE Bluetooth stack | S | |
| CVE-2024-24747 | MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation | E S | |
| CVE-2024-24748 | Disclosure of the existence of secret subcategories in Discourse | S | |
| CVE-2024-24749 | Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat | S | |
| CVE-2024-24750 | Backpressure request ignored in fetch() in Undici | S | |
| CVE-2024-24751 | Broken Access Control in Backend Module in sf_event_mgt | S | |
| CVE-2024-24752 | Bref Uploaded Files Not Deleted in Event-Driven Functions | E S | |
| CVE-2024-24753 | Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2 | E S | |
| CVE-2024-24754 | Bref Body Parsing Inconsistency in Event-Driven Functions | E S | |
| CVE-2024-24755 | discourse-group-membership-ip-block is exposing potentially sensitive custom fields | S | |
| CVE-2024-24756 | Crafatar path traversal vulnerability | E S | |
| CVE-2024-24757 | open-irs .env Exposure | | |
| CVE-2024-24758 | Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici | S | |
| CVE-2024-24759 | MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding | E S | |
| CVE-2024-24760 | Mailcow Docker Container Exposure to Local Network | S | |
| CVE-2024-24761 | Galette public pages accessibility restriction | S | |
| CVE-2024-24762 | python-multipart vulnerable to content-type header Regular expression Denial of Service | E S | |
| CVE-2024-24763 | JumpServer Open Redirect Vulnerability | | |
| CVE-2024-24764 | October Open Redirect for Administrator Accounts | | |
| CVE-2024-24765 | CasaOS-UserService allows unauthorized access to any file | E S | |
| CVE-2024-24766 | CasaOS Username Enumeration | E S | |
| CVE-2024-24767 | CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability | E S | |
| CVE-2024-24768 | 1Panel set-cookie is missing the Secure keyword | S | |
| CVE-2024-24770 | Username timing attack on recover password/MFA token in vantage6 | | |
| CVE-2024-24771 | Open Forms potential multi-factor authentication bypass | M | |
| CVE-2024-24772 | Apache Superset: Improper Neutralisation of custom SQL on embedded context | | |
| CVE-2024-24773 | Apache Superset: Improper validation of SQL statements allows for unauthorized access to data | | |
| CVE-2024-24774 | Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) | S | |
| CVE-2024-24775 | BIG-IP TMM vulnerability | | |
| CVE-2024-24776 | Incorrect Authorization leads to Channel Member Count Leak | S | |
| CVE-2024-24777 | A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the... | E | |
| CVE-2024-24778 | Apache StreamPipes: Resources Permission Escalation | | |
| CVE-2024-24779 | Apache Superset: Improper data authorization when creating a new dataset | | |
| CVE-2024-24780 | Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function | | |
| CVE-2024-24781 | Hima: Uncontrolled Resource Consumption in multiple products | M | |
| CVE-2024-24782 | HIMA: Origin Validation Error in multiple products | M | |
| CVE-2024-24783 | Verify panics on certificates with an unknown public key algorithm in crypto/x509 | | |
| CVE-2024-24784 | Comments in display names are incorrectly handled in net/mail | | |
| CVE-2024-24785 | Errors returned from JSON marshaling may break template escaping in html/template | | |
| CVE-2024-24786 | Infinite loop in JSON unmarshaling in google.golang.org/protobuf | | |
| CVE-2024-24787 | Arbitrary code execution during build on Darwin in cmd/go | | |
| CVE-2024-24788 | Malformed DNS message can cause infinite loop in net | | |
| CVE-2024-24789 | Mishandling of corrupt central directory record in archive/zip | S | |
| CVE-2024-24790 | Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip | S | |
| CVE-2024-24791 | Denial of service due to improper 100-continue handling in net/http | | |
| CVE-2024-24792 | Panic when parsing invalid palette-color images in golang.org/x/image | | |
| CVE-2024-24793 | A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Co... | E | |
| CVE-2024-24794 | A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Co... | E | |
| CVE-2024-24795 | Apache HTTP Server: HTTP Response Splitting in multiple modules | | |
| CVE-2024-24796 | WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection | S | |
| CVE-2024-24797 | WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection | | |
| CVE-2024-24798 | WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24799 | WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability | S | |
| CVE-2024-24800 | WordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-24801 | WordPress OWL Carousel Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24802 | WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24803 | WordPress Ultra Companion Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24804 | WordPress MW WP Form Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24805 | WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability | S | |
| CVE-2024-24806 | Improper Domain Lookup that potentially leads to SSRF attacks in libuv | E S | |
| CVE-2024-24807 | Sulu is vulnerable to HTML Injection via Autocomplete Suggestion | | |
| CVE-2024-24808 | pyLoad open redirect vulnerability due to improper validation of the is_safe_url function | E S | |
| CVE-2024-24809 | Traccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous Type | | |
| CVE-2024-24810 | WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges | | |
| CVE-2024-24811 | Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution | S | |
| CVE-2024-24812 | Frappe Authenticated Reflected Cross site scripting (XSS) in portal pages | | |
| CVE-2024-24813 | Frappe SQL Injection from reporting logic | | |
| CVE-2024-24814 | Denial of service when manipulating mod_auth_openidc_session_chunks cookie in mod_auth_openidc | E S | |
| CVE-2024-24815 | CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection | S | |
| CVE-2024-24816 | Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature | S | |
| CVE-2024-24817 | User can see invitees in events created in PMs and private categories | S | |
| CVE-2024-24818 | EspoCRM weakness in "Forgot password" | | |
| CVE-2024-24819 | icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF | S | |
| CVE-2024-24820 | Icinga Director configuration is susceptible to Cross-Site Request Forgery | E | |
| CVE-2024-24821 | Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer | S | |
| CVE-2024-24822 | Pimcore Admin Classic Bundle permissions are not getting checked when working with tags | S | |
| CVE-2024-24823 | graylog2-server Session Fixation vulnerability through cookie injection | S | |
| CVE-2024-24824 | graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request | E S | |
| CVE-2024-24825 | TokenManager not checking permissions on cached tokens in DIRAC | S | |
| CVE-2024-24826 | Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2 | S | |
| CVE-2024-24827 | No rate limits on POST /uploads endpoint in Discourse | | |
| CVE-2024-24828 | Local Privilege Escalation in execuatables bundled by pkg | | |
| CVE-2024-24829 | SSRF in Sentry via Phabricator integration | | |
| CVE-2024-24830 | OpenObserve Privilege Escalation Vulnerability in Users API | E | |
| CVE-2024-24831 | WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24832 | WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability | S | |
| CVE-2024-24833 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability | S | |
| CVE-2024-24834 | WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24835 | WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability | S | |
| CVE-2024-24836 | WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24837 | Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins | S | |
| CVE-2024-24838 | WordPress Five Star Restaurant Reviews Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24839 | WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24840 | WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability | S | |
| CVE-2024-24841 | WordPress Add Customer for WooCommerce Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24842 | WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 11.30.2 - PHP Object Injection vulnerability | S | |
| CVE-2024-24843 | WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24845 | WordPress Post Thumbnail Editor plugin <= 2.4.8 - Unauthenticated Sensitive Data Exposure vulnerability | | |
| CVE-2024-24846 | WordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24847 | WordPress CalculatorPro Calculators Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24848 | WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24849 | WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24850 | WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability | | |
| CVE-2024-24851 | A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn func... | E | |
| CVE-2024-24852 | Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versi... | | |
| CVE-2024-24853 | Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in s... | | |
| CVE-2024-24855 | Race condition vulnerability in Linux kernel scsi device driver lpfc_unregister_fcf_rescan() | S | |
| CVE-2024-24856 | NULL pointer deference in acpi_db_convert_to_package of Linux acpi module | S | |
| CVE-2024-24857 | Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set() | S | |
| CVE-2024-24858 | Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set() | S | |
| CVE-2024-24859 | Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set() | S | |
| CVE-2024-24860 | Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set() | S | |
| CVE-2024-24861 | Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency() | S | |
| CVE-2024-24862 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-24863 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024... | R | |
| CVE-2024-24864 | Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write() | S | |
| CVE-2024-24865 | WordPress Scroll Triggered Box Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24866 | WordPress Biteship Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24867 | WordPress WP Stats Manager plugin <= 6.9.4 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-24868 | WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection | S | |
| CVE-2024-24869 | WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability | S | |
| CVE-2024-24870 | WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24871 | WordPress Blocksy Theme <= 2.0.19 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24872 | WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24873 | WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability | S | |
| CVE-2024-24874 | WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability | S | |
| CVE-2024-24875 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24876 | WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24877 | WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24878 | WordPress Portugal CTT Tracking for WooCommerce Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24879 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24880 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24881 | WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24882 | WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability | S | |
| CVE-2024-24883 | WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability | S | |
| CVE-2024-24884 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24885 | WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24886 | WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-24888 | WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-24889 | WordPress All 404 Pages Redirect to Homepage Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-24890 | Command injection in ioprobe of gala-gopher | | |
| CVE-2024-24891 | Information Leakage in kernel | | |
| CVE-2024-24892 | Unauthorized RCE in migration-tools | | |
| CVE-2024-24897 | Remote command execution in A-Tune-Collector | | |
| CVE-2024-24898 | Information Leakage in kernel | | |
| CVE-2024-24899 | Command injection in aops-zeus | | |
| CVE-2024-24900 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vu... | S | |
| CVE-2024-24901 | Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local m... | | |
| CVE-2024-24902 | Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A lo... | | |
| CVE-2024-24903 | Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery me... | S | |
| CVE-2024-24904 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip... | S | |
| CVE-2024-24905 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip... | S | |
| CVE-2024-24906 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip... | S | |
| CVE-2024-24907 | Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip... | S | |
| CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traver... | | |
| CVE-2024-24910 | Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file | | |
| CVE-2024-24911 | Out of Bounds read in the CPCA process on Check Point Management Server | | |
| CVE-2024-24912 | Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file | | |
| CVE-2024-24914 | Authenticated Gaia users can inject code or commands by global variables through special HTTP reques... | | |
| CVE-2024-24919 | Information disclosure | KEV S | |
| CVE-2024-24920 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected app... | | |
| CVE-2024-24921 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected app... | | |
| CVE-2024-24922 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected app... | | |
| CVE-2024-24923 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap ... | | |
| CVE-2024-24924 | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected app... | | |
| CVE-2024-24925 | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected app... | | |
| CVE-2024-24926 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection | | |
| CVE-2024-24927 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24928 | WordPress Content Cards Plugin <= 0.9.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24929 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24930 | WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24931 | WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24932 | WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24933 | WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-24934 | WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability | S | |
| CVE-2024-24935 | WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-24936 | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was... | | |
| CVE-2024-24937 | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible... | | |
| CVE-2024-24938 | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL do... | | |
| CVE-2024-24939 | In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was pos... | | |
| CVE-2024-24940 | In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives... | | |
| CVE-2024-24941 | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authenti... | | |
| CVE-2024-24942 | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives... | | |
| CVE-2024-24943 | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image... | | |
| CVE-2024-24945 | A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source ... | E | |
| CVE-2024-24946 | A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir fun... | E | |
| CVE-2024-24947 | A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir fun... | E | |
| CVE-2024-24954 | Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem ... | E | |
| CVE-2024-24955 | Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem ... | E | |
| CVE-2024-24956 | Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem ... | E | |
| CVE-2024-24957 | Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem ... | E | |
| CVE-2024-24958 | Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem ... | E | |
| CVE-2024-24959 | Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem ... | E | |
| CVE-2024-24962 | A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect... | E | |
| CVE-2024-24963 | A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect... | E | |
| CVE-2024-24964 | Improper access control vulnerability exists in the resident process of SKYSEA Client View versions ... | | |
| CVE-2024-24966 | F5OS vulnerability | | |
| CVE-2024-24968 | Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an pri... | | |
| CVE-2024-24970 | Potential vulnerabilities have been identified in the HP Display Control software component within t... | | |
| CVE-2024-24972 | Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diag... | | |
| CVE-2024-24973 | Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 ma... | | |
| CVE-2024-24974 | The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed ... | | |
| CVE-2024-24975 | Denial of Service for mobile app users due to automatic code highlighting | S | |
| CVE-2024-24976 | A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functional... | E | |
| CVE-2024-24977 | Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before versio... | | |
| CVE-2024-24978 | Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request... | | |
| CVE-2024-24980 | Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may al... | | |
| CVE-2024-24981 | Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP ... | | |
| CVE-2024-24983 | Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters... | | |
| CVE-2024-24984 | Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before versio... | | |
| CVE-2024-24985 | Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a priv... | | |
| CVE-2024-24986 | Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers a... | | |
| CVE-2024-24988 | Excessive resource consumption when sending long emoji names in user custom status | S | |
| CVE-2024-24989 | NGINX HTTP/3 QUIC vulnerability | | |
| CVE-2024-24990 | NGINX HTTP/3 QUIC vulnerability | | |
| CVE-2024-24991 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before ... | | |
| CVE-2024-24992 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-24993 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a r... | | |
| CVE-2024-24994 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-24995 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a r... | | |
| CVE-2024-24996 | A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows... | | |
| CVE-2024-24997 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-24998 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-24999 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | |