| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-25000 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-25001 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: none. Reason: This CVE ID is unuse... | R | |
| CVE-2024-25002 | Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized... | | |
| CVE-2024-25003 | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname,... | E | |
| CVE-2024-25004 | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username,... | E | |
| CVE-2024-25006 | XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who ha... | | |
| CVE-2024-25007 | Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability | S | |
| CVE-2024-25008 | Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability | S | |
| CVE-2024-25009 | Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability | S | |
| CVE-2024-25010 | Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability | | |
| CVE-2024-25015 | IBM MQ denial of service | | |
| CVE-2024-25016 | IBM MQ denial of service | | |
| CVE-2024-25019 | IBM Cognos Controller file upload | | |
| CVE-2024-25020 | IBM Cognos Controller file upload | | |
| CVE-2024-25021 | IBM AIX command execution | | |
| CVE-2024-25023 | IBM QRadar Suite Software information disclosure | | |
| CVE-2024-25024 | IBM QRadar Suite Software information disclosure | | |
| CVE-2024-25026 | IBM WebSphere Application Server denial of service | | |
| CVE-2024-25027 | IBM Security Verify Access Container information disclosure | S | |
| CVE-2024-25029 | IBM Personal Communications code execution | | |
| CVE-2024-25030 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive ... | | |
| CVE-2024-25031 | IBM Storage Defender information disclosure | | |
| CVE-2024-25034 | IBM Planning Analytics file upload | | |
| CVE-2024-25035 | IBM Cognos Controller information disclosure | | |
| CVE-2024-25036 | IBM Cognos Controller authentication bypass | | |
| CVE-2024-25037 | IBM Cognos Controller information disclosure | | |
| CVE-2024-25041 | IBM Cognos Analytics cross-site scripting | | |
| CVE-2024-25042 | IBM Cognos Analytics cross-site scripting | | |
| CVE-2024-25046 | IBM Db2 for Linux, UNIX and Windows denial of service | | |
| CVE-2024-25047 | IBM Cognos Analytics log injection | | |
| CVE-2024-25048 | IBM MQ code execution | | |
| CVE-2024-25050 | IBM i privilege escalation | | |
| CVE-2024-25051 | IBM Jazz Reporting Service insufficient session expiration | | |
| CVE-2024-25052 | IBM Jazz Reporting Service information disclosure | | |
| CVE-2024-25053 | IBM Cognos Analytics improper certificate validation | | |
| CVE-2024-25062 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader... | E | |
| CVE-2024-25063 | Due to insufficient server-side validation, a successful exploit of this vulnerability could allow a... | | |
| CVE-2024-25064 | Due to insufficient server-side validation, an attacker with login privileges could access certain r... | | |
| CVE-2024-25065 | Apache OFBiz: Path traversal allowing authentication bypass. | M | |
| CVE-2024-25066 | RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a lic... | | |
| CVE-2024-25073 | An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825... | | |
| CVE-2024-25074 | An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825... | | |
| CVE-2024-25075 | An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very... | | |
| CVE-2024-25076 | An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The boo... | | |
| CVE-2024-25077 | An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Non... | | |
| CVE-2024-25078 | A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2... | | |
| CVE-2024-25079 | A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, ker... | | |
| CVE-2024-25080 | WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.... | | |
| CVE-2024-25081 | Splinefont in FontForge through 20230101 allows command injection via crafted filenames.... | S | |
| CVE-2024-25082 | Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed... | S | |
| CVE-2024-25083 | An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-pri... | | |
| CVE-2024-25086 | Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate pr... | | |
| CVE-2024-25087 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cau... | | |
| CVE-2024-25088 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate pr... | | |
| CVE-2024-25089 | Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arb... | | |
| CVE-2024-25090 | Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode | | |
| CVE-2024-25091 | Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when usin... | | |
| CVE-2024-25092 | WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability | S | |
| CVE-2024-25093 | WordPress GD Rating System Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-25094 | WordPress PJ News Ticker Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-25095 | WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability | | |
| CVE-2024-25096 | WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-25097 | WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-25098 | WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-25099 | WordPress Paytium: Mollie payment forms & donations Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-25100 | WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection | | |
| CVE-2024-25101 | WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-25102 | Information Disclosure Vulnerability in CDAC AppSamvid Software | S | |
| CVE-2024-25103 | Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software | S | |
| CVE-2024-25106 | OpenObserve Unauthorized Access Vulnerability in Users API | E | |
| CVE-2024-25107 | Cross-Site Scripting in WikiDiscover | S | |
| CVE-2024-25108 | Insufficient authorization allowing elevated access to resources in pixelfed | E S | |
| CVE-2024-25109 | Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki | S | |
| CVE-2024-25110 | Azure IoT Platform Device SDK Remote Code Execution Vulnerability | S | |
| CVE-2024-25111 | SQUID-2024:1 Denial of Service in HTTP Chunked Decoding | S | |
| CVE-2024-25112 | Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2 | S | |
| CVE-2024-25113 | Rejected reason: This CVE was misassigned. See CVE-2023-47623 for the canonical reference.... | R | |
| CVE-2024-25114 | Sensitive Information Disclosure (JailID) to users in Collabora Online | E | |
| CVE-2024-25115 | RedisBloom heap buffer overflow in CF.LOADCHUNK command | | |
| CVE-2024-25116 | Specially crafted CF.RESERVE command can lead to denial-of-service | | |
| CVE-2024-25117 | php-svg-lib lacks path validation on font through SVG inline styles | S | |
| CVE-2024-25118 | Information Disclosure of Hashed Passwords in TYPO3 Backend Forms | | |
| CVE-2024-25119 | Information Disclosure of Encryption Key in TYPO3 Install Tool | | |
| CVE-2024-25120 | Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 | | |
| CVE-2024-25121 | Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 | | |
| CVE-2024-25122 | Cross-site Scripting sidekiq-unique-jobs UI server vulnerability | E S | |
| CVE-2024-25123 | Path Manipulation in file mslib/index.py in MSS | S | |
| CVE-2024-25124 | Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials | E S | |
| CVE-2024-25125 | Absolute path traversal vulnerability in digdag server | S | |
| CVE-2024-25126 | Rack ReDos in content type parsing (2nd degree polynomial) | E S | |
| CVE-2024-25128 | Flask-AppBuilder incorrect authentication when using auth type OpenID | | |
| CVE-2024-25129 | Limited data exfiltration in CodeQL CLI | | |
| CVE-2024-25130 | Tuleap's mass update clears the permissions on artifact field | S | |
| CVE-2024-25131 | Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation | | |
| CVE-2024-25132 | Openshift-dedicated: hive: hibernation controller denial of service | M | |
| CVE-2024-25133 | Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation | | |
| CVE-2024-25136 | AutomationDirect C-MORE EA9 HMI Path Traversal | S | |
| CVE-2024-25137 | AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow | S | |
| CVE-2024-25138 | AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password | S | |
| CVE-2024-25139 | In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer o... | | |
| CVE-2024-25140 | A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted R... | E | |
| CVE-2024-25141 | Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo | S | |
| CVE-2024-25142 | Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache | S | |
| CVE-2024-25143 | The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions,... | M | |
| CVE-2024-25144 | The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Life... | | |
| CVE-2024-25145 | Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in L... | | |
| CVE-2024-25146 | Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before servi... | | |
| CVE-2024-25147 | Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.... | | |
| CVE-2024-25148 | In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before se... | | |
| CVE-2024-25149 | Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before servi... | | |
| CVE-2024-25150 | Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and... | | |
| CVE-2024-25151 | The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Lifer... | | |
| CVE-2024-25152 | Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 thro... | | |
| CVE-2024-25153 | Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114 | S | |
| CVE-2024-25154 | Path Traversal in FileCatalyst Direct 3.8.8 and Earlier | S | |
| CVE-2024-25155 | Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier | S | |
| CVE-2024-25156 | Path traversal in GoAnywhere MFT 7.4.1 and Earlier | | |
| CVE-2024-25157 | Authentication bypass in GoAnywhere MFT prior to 7.6.0 | S | |
| CVE-2024-25164 | iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to ex... | E | |
| CVE-2024-25165 | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib... | E | |
| CVE-2024-25166 | Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary co... | | |
| CVE-2024-25167 | Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code ... | | |
| CVE-2024-25168 | SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code ... | E | |
| CVE-2024-25169 | An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel... | E | |
| CVE-2024-25170 | An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host he... | E | |
| CVE-2024-25175 | An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response ... | | |
| CVE-2024-25180 | An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST ... | E | |
| CVE-2024-25187 | Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated atta... | | |
| CVE-2024-25189 | libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easi... | E | |
| CVE-2024-25190 | l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easi... | E | |
| CVE-2024-25191 | php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easi... | E | |
| CVE-2024-25196 | Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain... | E | |
| CVE-2024-25197 | Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain... | E S | |
| CVE-2024-25198 | Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) i... | E S | |
| CVE-2024-25199 | Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic ... | E S | |
| CVE-2024-25200 | Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunction... | E | |
| CVE-2024-25201 | Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIterator... | E S | |
| CVE-2024-25202 | Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management Syste... | E | |
| CVE-2024-25207 | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vu... | E | |
| CVE-2024-25208 | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vu... | E | |
| CVE-2024-25209 | Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability vi... | E | |
| CVE-2024-25210 | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense ... | E | |
| CVE-2024-25211 | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category... | E | |
| CVE-2024-25212 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2024-25213 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2024-25214 | An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a... | E | |
| CVE-2024-25215 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd p... | E | |
| CVE-2024-25216 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailu... | E | |
| CVE-2024-25217 | Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2024-25218 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbi... | E | |
| CVE-2024-25219 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbi... | E | |
| CVE-2024-25220 | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID paramet... | E | |
| CVE-2024-25221 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbi... | E | |
| CVE-2024-25222 | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID para... | E | |
| CVE-2024-25223 | Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID ... | E | |
| CVE-2024-25224 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execut... | E | |
| CVE-2024-25225 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execut... | E | |
| CVE-2024-25226 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execut... | | |
| CVE-2024-25227 | SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary cod... | E | |
| CVE-2024-25228 | Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RC... | | |
| CVE-2024-25239 | SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to ru... | E | |
| CVE-2024-25247 | SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to... | | |
| CVE-2024-25248 | SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attacker... | E | |
| CVE-2024-25249 | An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via ... | | |
| CVE-2024-25250 | SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to r... | | |
| CVE-2024-25251 | code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.... | E | |
| CVE-2024-25253 | Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Cu... | | |
| CVE-2024-25254 | SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.... | | |
| CVE-2024-25255 | Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System ... | | |
| CVE-2024-25260 | elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() functio... | E | |
| CVE-2024-25262 | texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX... | | |
| CVE-2024-25269 | libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an at... | E | |
| CVE-2024-25270 | An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Ref... | | |
| CVE-2024-25274 | An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 all... | | |
| CVE-2024-25282 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-25283 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-25284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-25285 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-25286 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-25288 | SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-sc... | E | |
| CVE-2024-25290 | An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the... | | |
| CVE-2024-25291 | Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.... | E | |
| CVE-2024-25292 | Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary ... | E | |
| CVE-2024-25293 | mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via ... | E | |
| CVE-2024-25294 | An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute ... | | |
| CVE-2024-25297 | Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to exec... | E | |
| CVE-2024-25298 | An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obt... | E | |
| CVE-2024-25300 | A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary w... | | |
| CVE-2024-25301 | Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the compone... | E | |
| CVE-2024-25302 | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter... | E | |
| CVE-2024-25304 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "... | E | |
| CVE-2024-25305 | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and p... | E | |
| CVE-2024-25306 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "... | E | |
| CVE-2024-25307 | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Ci... | E | |
| CVE-2024-25308 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at Sc... | E | |
| CVE-2024-25309 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at Sc... | E | |
| CVE-2024-25310 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "Sch... | E | |
| CVE-2024-25312 | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "Sch... | E | |
| CVE-2024-25313 | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and p... | E | |
| CVE-2024-25314 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admi... | E | |
| CVE-2024-25315 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admi... | E | |
| CVE-2024-25316 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin... | E | |
| CVE-2024-25318 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin... | E | |
| CVE-2024-25320 | Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF... | E | |
| CVE-2024-25325 | SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain se... | E | |
| CVE-2024-25327 | Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remo... | | |
| CVE-2024-25331 | DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side ... | | |
| CVE-2024-25343 | Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak p... | | |
| CVE-2024-25344 | Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc... | E S | |
| CVE-2024-25350 | SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 vi... | E | |
| CVE-2024-25351 | SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 al... | E | |
| CVE-2024-25354 | RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted... | | |
| CVE-2024-25355 | s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component.... | | |
| CVE-2024-25359 | An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pick... | | |
| CVE-2024-25360 | A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWiz... | | |
| CVE-2024-25366 | Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to ca... | E | |
| CVE-2024-25369 | A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitr... | E | |
| CVE-2024-25371 | Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due ... | | |
| CVE-2024-25373 | Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the... | E | |
| CVE-2024-25376 | An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers befo... | | |
| CVE-2024-25381 | There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of q... | E | |
| CVE-2024-25385 | An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src... | E | |
| CVE-2024-25386 | Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b a... | | |
| CVE-2024-25388 | drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant bu... | | |
| CVE-2024-25389 | RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2... | M | |
| CVE-2024-25390 | A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.... | | |
| CVE-2024-25391 | A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.... | | |
| CVE-2024-25392 | An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.... | | |
| CVE-2024-25393 | A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.... | | |
| CVE-2024-25394 | A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorr... | | |
| CVE-2024-25395 | A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2.... | | |
| CVE-2024-25398 | In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a d... | | |
| CVE-2024-25399 | Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.... | | |
| CVE-2024-25400 | Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by m... | E | |
| CVE-2024-25407 | SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction re... | | |
| CVE-2024-25410 | flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.... | E S | |
| CVE-2024-25411 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary w... | | |
| CVE-2024-25412 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary w... | E | |
| CVE-2024-25413 | A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import A... | E | |
| CVE-2024-25414 | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execu... | E | |
| CVE-2024-25415 | A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 al... | E | |
| CVE-2024-25417 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-25418 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-25419 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-25420 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privile... | E | |
| CVE-2024-25421 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privile... | E | |
| CVE-2024-25422 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and o... | E | |
| CVE-2024-25423 | An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafte... | | |
| CVE-2024-25428 | SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via th... | E | |
| CVE-2024-25431 | An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows ... | E S | |
| CVE-2024-25434 | A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web... | E | |
| CVE-2024-25435 | A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execut... | | |
| CVE-2024-25436 | A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers... | E | |
| CVE-2024-25438 | A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers... | E | |
| CVE-2024-25442 | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attacker... | E | |
| CVE-2024-25443 | An issue in the HuginBase::ImageVariable | E | |
| CVE-2024-25445 | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an... | E | |
| CVE-2024-25446 | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to caus... | E | |
| CVE-2024-25447 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cau... | E | |
| CVE-2024-25448 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a h... | E | |
| CVE-2024-25450 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().... | E | |
| CVE-2024-25451 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateB... | E | |
| CVE-2024-25452 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() ... | E | |
| CVE-2024-25453 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSamp... | E | |
| CVE-2024-25454 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder:... | E | |
| CVE-2024-25458 | An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.... | | |
| CVE-2024-25461 | Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote ... | | |
| CVE-2024-25466 | Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.... | | |
| CVE-2024-25468 | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of se... | E | |
| CVE-2024-25469 | SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtai... | E | |
| CVE-2024-25501 | An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a... | | |
| CVE-2024-25502 | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary... | E | |
| CVE-2024-25503 | Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker t... | | |
| CVE-2024-25506 | Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote att... | | |
| CVE-2024-25507 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_atta... | E | |
| CVE-2024-25508 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25509 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_s... | E | |
| CVE-2024-25510 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25511 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25512 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id ... | E | |
| CVE-2024-25513 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id pa... | E | |
| CVE-2024-25514 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_i... | E | |
| CVE-2024-25515 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_s... | E | |
| CVE-2024-25517 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable ar... | E | |
| CVE-2024-25518 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_i... | E | |
| CVE-2024-25519 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist par... | E | |
| CVE-2024-25520 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25521 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keywor... | E | |
| CVE-2024-25522 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_mis... | E | |
| CVE-2024-25523 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id pa... | E | |
| CVE-2024-25524 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_s... | E | |
| CVE-2024-25525 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename p... | E | |
| CVE-2024-25526 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id... | E | |
| CVE-2024-25527 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25528 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25529 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id paramet... | E | |
| CVE-2024-25530 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID par... | E | |
| CVE-2024-25531 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID par... | E | |
| CVE-2024-25532 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id para... | E | |
| CVE-2024-25533 | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website ... | E | |
| CVE-2024-25545 | An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a cr... | | |
| CVE-2024-25551 | Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 all... | | |
| CVE-2024-25552 | Wiesemann & Theis: Multiple products prone to unquoted search path | | |
| CVE-2024-25553 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-25554 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-25559 | URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a speci... | | |
| CVE-2024-25560 | TMM Vulnerability | | |
| CVE-2024-25561 | Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version ... | | |
| CVE-2024-25562 | Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 ... | | |
| CVE-2024-25563 | Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(T... | | |
| CVE-2024-25565 | Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow... | | |
| CVE-2024-25566 | Open Redirect in PingAM | M | |
| CVE-2024-25567 | Delta Electronics DIAEnergie Path traversal | S | |
| CVE-2024-25568 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthen... | | |
| CVE-2024-25569 | An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Mal... | | |
| CVE-2024-25571 | Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a pri... | | |
| CVE-2024-25572 | Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website ... | | |
| CVE-2024-25574 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2024-25575 | A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a... | | |
| CVE-2024-25576 | improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a ... | | |
| CVE-2024-25578 | MicroDicom DICOM Viewer Out-of-Bounds Write | S | |
| CVE-2024-25579 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker... | | |
| CVE-2024-25580 | An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x t... | | |
| CVE-2024-25581 | Transfer requests received over DoH can lead to a denial of service in DNSdist | M | |
| CVE-2024-25582 | Module savepoints could be abused to inject references to malicious code delivered through the same ... | | |
| CVE-2024-25583 | Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured | | |
| CVE-2024-25584 | Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be C... | | |
| CVE-2024-25590 | Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor | | |
| CVE-2024-25591 | WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-25592 | WordPress Broken Link Checker plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25593 | WordPress NEX-Forms plugin <= 8.5.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25594 | WordPress MyWaze Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-25595 | WordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerability | S | |
| CVE-2024-25596 | WordPress Doofinder for WooCommerce plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25597 | WordPress Ultimate Reviews plugin <= 3.2.8 - Unauthenticated Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25598 | WordPress Elementor Addons by Livemesh plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25599 | WordPress Seriously Simple Podcasting plugin <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25600 | WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability | E S | |
| CVE-2024-25601 | Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Lif... | | |
| CVE-2024-25602 | Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Po... | | |
| CVE-2024-25603 | Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Life... | | |
| CVE-2024-25604 | Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 be... | | |
| CVE-2024-25605 | The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Life... | | |
| CVE-2024-25606 | XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Lifer... | | |
| CVE-2024-25607 | The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, ... | | |
| CVE-2024-25608 | HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, an... | | |
| CVE-2024-25609 | HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, an... | | |
| CVE-2024-25610 | In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before... | | |
| CVE-2024-25611 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2024-25612 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2024-25613 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2024-25614 | There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitatio... | | |
| CVE-2024-25615 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed vi... | | |
| CVE-2024-25616 | Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensit... | | |
| CVE-2024-25617 | Denial of Service in HTTP Header parser in squid proxy | S | |
| CVE-2024-25618 | External OpenID Connect Account Takeover by E-Mail Change in mastodon | E S | |
| CVE-2024-25619 | Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon | S | |
| CVE-2024-25620 | Dependency management path traversal in helm | S | |
| CVE-2024-25622 | H2O ignores headers configuration directives | E S | |
| CVE-2024-25623 | Lack of media type verification of Activity Streams objects allows impersonation of remote accounts | S | |
| CVE-2024-25624 | iris-web vulnerable to Server Side Template Injection in reports | | |
| CVE-2024-25625 | Pimcore Host Header Injection in user invitation link | E S | |
| CVE-2024-25626 | Yocto Project Security Advisory - BitBake/Toaster | | |
| CVE-2024-25627 | Cross-Site Scripting (XSS) via File Upload in Alf.io | E | |
| CVE-2024-25628 | Insufficient Session Expiration in alf.io | | |
| CVE-2024-25629 | c-ares out of bounds read in ares__read_line() | S | |
| CVE-2024-25630 | Cilium has unencrypted ingress/health traffic when using Wireguard transparent encryption | | |
| CVE-2024-25631 | Unencrypted traffic between pods when using Wireguard and an external kvstore | | |
| CVE-2024-25632 | Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances | | |
| CVE-2024-25633 | In eLabFTW, if administrators can create users, users can too | | |
| CVE-2024-25634 | IDOR make user can read e-mail log sent by other events | E | |
| CVE-2024-25635 | IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS | E | |
| CVE-2024-25636 | Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts | S | |
| CVE-2024-25637 | Reflected XSS via X-October-Request-Handler Header | | |
| CVE-2024-25638 | DNSJava DNSSEC Bypass | | |
| CVE-2024-25639 | Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients | E S | |
| CVE-2024-25640 | Improper Neutralization of Alternate XSS Syntax in iris-web | | |
| CVE-2024-25641 | Cacti RCE vulnerability when importing packages | E S | |
| CVE-2024-25642 | Improper Certificate Validation in SAP Cloud Connector | | |
| CVE-2024-25643 | Missing authorization check in SAP Fiori app (My Overtime Requests) | | |
| CVE-2024-25644 | Information Disclosure vulnerability in NetWeaver (WSRM) | | |
| CVE-2024-25645 | Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal) | | |
| CVE-2024-25646 | Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence | | |
| CVE-2024-25647 | Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows befor... | | |
| CVE-2024-25648 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widg... | | |
| CVE-2024-25649 | In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the ... | | |
| CVE-2024-25650 | Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows... | | |
| CVE-2024-25651 | User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This al... | | |
| CVE-2024-25652 | In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permissio... | S | |
| CVE-2024-25653 | Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivile... | | |
| CVE-2024-25654 | Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS a... | E | |
| CVE-2024-25655 | Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Managemen... | | |
| CVE-2024-25656 | Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result... | | |
| CVE-2024-25657 | An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management ... | | |
| CVE-2024-25658 | Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3... | | |
| CVE-2024-25659 | In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of... | | |
| CVE-2024-25660 | The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privi... | | |
| CVE-2024-25661 | In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive infor... | | |
| CVE-2024-25662 | Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to C... | | |
| CVE-2024-25673 | Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host h... | | |
| CVE-2024-25674 | An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a la... | S | |
| CVE-2024-25675 | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an expor... | S | |
| CVE-2024-25676 | An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs wi... | | |
| CVE-2024-25677 | In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows... | | |
| CVE-2024-25678 | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.... | S | |
| CVE-2024-25679 | In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a c... | S | |
| CVE-2024-25690 | HTML injection in ArcGIS Web AppBuilder | | |
| CVE-2024-25691 | BUG-000165286 - Reflected XSS in Portal for ArcGIS | | |
| CVE-2024-25692 | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS | M | |
| CVE-2024-25693 | Portal for ArcGIS has a directory traversal vulnerability. | | |
| CVE-2024-25694 | BUG-000163019 - Stored XSS in Portal for ArcGIS | | |
| CVE-2024-25695 | concatenated errors resulting in cross site scripting and frame injection issues. | | |
| CVE-2024-25696 | Stored XSS in Portal for ArcGIS | | |
| CVE-2024-25697 | Stored XSS in Portal for ArcGIS | | |
| CVE-2024-25698 | Reflected XSS in Portal for ArcGIS | | |
| CVE-2024-25699 | Portal for ArcGIS has an invalid authentication vulnerability | | |
| CVE-2024-25700 | Persistent XSS in URL added to a shared map | | |
| CVE-2024-25701 | BUG-000160765 - Stored XSS in ArcGIS Experience Builder | | |
| CVE-2024-25702 | BUG-000160599 - Stored XSS in Portal for ArcGIS Web App Builder | | |
| CVE-2024-25703 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because ... | R | |
| CVE-2024-25704 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because ... | R | |
| CVE-2024-25705 | Cross site scripting issue in embed widget | | |
| CVE-2024-25706 | HTMLi at createFolder Content Injection | | |
| CVE-2024-25707 | BUG-000160241 - Reflected XSS in Portal for ArcGIS | | |
| CVE-2024-25708 | Persistent XSS when creating new application using Web App Builder | | |
| CVE-2024-25709 | Self-XSS style in move item dialog | | |
| CVE-2024-25710 | Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file | | |
| CVE-2024-25711 | diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of... | S | |
| CVE-2024-25712 | http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via ht... | E | |
| CVE-2024-25713 | yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the ... | | |
| CVE-2024-25714 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to... | S | |
| CVE-2024-25715 | Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.... | S | |
| CVE-2024-25718 | In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expire... | S | |
| CVE-2024-25722 | qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 all... | S | |
| CVE-2024-25723 | ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege ... | | |
| CVE-2024-25724 | In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from ... | | |
| CVE-2024-25728 | ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to ... | | |
| CVE-2024-25729 | Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthoriz... | | |
| CVE-2024-25730 | Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values ... | | |
| CVE-2024-25731 | The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encry... | | |
| CVE-2024-25734 | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts f... | E | |
| CVE-2024-25735 | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discove... | E | |
| CVE-2024-25736 | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart... | E | |
| CVE-2024-25737 | A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverCont... | | |
| CVE-2024-25738 | A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library F... | | |
| CVE-2024-25739 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocat... | | |
| CVE-2024-25740 | A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel throu... | | |
| CVE-2024-25741 | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not ... | E | |
| CVE-2024-25742 | In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any... | | |
| CVE-2024-25743 | In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at a... | | |
| CVE-2024-25744 | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given p... | S | |
| CVE-2024-25746 | Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_mul... | | |
| CVE-2024-25748 | A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.... | | |
| CVE-2024-25751 | A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_m... | | |
| CVE-2024-25753 | Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_mul... | | |
| CVE-2024-25756 | A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_m... | | |
| CVE-2024-25760 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-25763 | openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.... | E | |
| CVE-2024-25767 | nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.... | E | |
| CVE-2024-25768 | OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendma... | E | |
| CVE-2024-25770 | libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.... | E | |
| CVE-2024-25801 | SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, ... | | |
| CVE-2024-25802 | SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2... | | |
| CVE-2024-25807 | Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitra... | E | |
| CVE-2024-25808 | Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to ... | E | |
| CVE-2024-25811 | An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sen... | E | |
| CVE-2024-25817 | Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitr... | S | |
| CVE-2024-25825 | FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 we... | | |
| CVE-2024-25828 | cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.... | E | |
| CVE-2024-25830 | F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access... | | |
| CVE-2024-25831 | F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability du... | E | |
| CVE-2024-25832 | F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated... | E | |
| CVE-2024-25833 | F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthen... | E | |
| CVE-2024-25837 | A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower all... | | |
| CVE-2024-25839 | An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop version... | S | |
| CVE-2024-25840 | In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.... | S | |
| CVE-2024-25841 | In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest... | E | |
| CVE-2024-25842 | An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (pr... | | |
| CVE-2024-25843 | In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1... | S | |
| CVE-2024-25844 | An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop be... | | |
| CVE-2024-25845 | In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for ... | S | |
| CVE-2024-25846 | In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModu... | E | |
| CVE-2024-25847 | SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportpr... | | |
| CVE-2024-25848 | In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can pe... | | |
| CVE-2024-25849 | In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can ... | S | |
| CVE-2024-25850 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_s... | E | |
| CVE-2024-25851 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_s... | E | |
| CVE-2024-25852 | Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessCon... | | |
| CVE-2024-25854 | Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows at... | | |
| CVE-2024-25858 | In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could ... | | |
| CVE-2024-25859 | A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows att... | | |
| CVE-2024-25864 | Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a rem... | | |
| CVE-2024-25865 | Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to e... | E | |
| CVE-2024-25866 | A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote... | E | |
| CVE-2024-25867 | A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote... | E | |
| CVE-2024-25868 | A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 al... | E | |
| CVE-2024-25869 | An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 all... | E | |
| CVE-2024-25873 | Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field un... | E | |
| CVE-2024-25874 | A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allo... | E | |
| CVE-2024-25875 | A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attacke... | E | |
| CVE-2024-25876 | A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attacke... | E | |
| CVE-2024-25883 | The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.... | | |
| CVE-2024-25885 | An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regul... | | |
| CVE-2024-25891 | ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFun... | E | |
| CVE-2024-25892 | ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId... | E | |
| CVE-2024-25893 | ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the Current... | E | |
| CVE-2024-25894 | ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCoun... | E | |
| CVE-2024-25895 | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to i... | E | |
| CVE-2024-25896 | ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST p... | E | |
| CVE-2024-25897 | ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundr... | E | |
| CVE-2024-25898 | A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicio... | E | |
| CVE-2024-25902 | WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection | | |
| CVE-2024-25903 | WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-25904 | WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-25905 | WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-25906 | WordPress Comments Like Dislike plugin <= 1.2.2 - IP Restriction Bypass Vulnerability vulnerability | S | |
| CVE-2024-25907 | WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability | S | |
| CVE-2024-25908 | WordPress WP Media folder plugin <= 5.7.2 - Subscriber+ Arbitrary Post/Page Modification vulnerability | S | |
| CVE-2024-25909 | WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload | S | |
| CVE-2024-25910 | WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection | | |
| CVE-2024-25911 | WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary File Deletion vulnerability | | |
| CVE-2024-25912 | WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability | | |
| CVE-2024-25913 | WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload | | |
| CVE-2024-25914 | WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-25915 | WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF) | | |
| CVE-2024-25916 | WordPress My Calendar plugin <= 3.4.23 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25917 | WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability | S | |
| CVE-2024-25918 | WordPress InstaWP Connect plugin <= 0.1.0.8 - Auth. Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-25919 | WordPress Custom Field Template plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25920 | WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25921 | WordPress Action Network plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25922 | WordPress Peach Payments Gateway plugin <= 3.1.9 - Broken Access Control vulnerability | S | |
| CVE-2024-25923 | WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-25924 | WordPress WP Testimonials plugin <= 1.4.3 - Auth. SQL Injection vulnerability | S | |
| CVE-2024-25925 | WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload | S | |
| CVE-2024-25926 | WordPress Widgets Controller plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-25927 | WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection | | |
| CVE-2024-25928 | WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection | S | |
| CVE-2024-25929 | WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability | S | |
| CVE-2024-25930 | WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-25931 | WordPress Heureka Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-25932 | WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-25933 | WordPress PeproDev Ultimate Invoice plugin <= 1.9.7 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-25934 | WordPress FormFacade plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25935 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability | S | |
| CVE-2024-25936 | WordPress SoundCloud Shortcode plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-25937 | Delta Electronics DIAEnergie SQL injection | S | |
| CVE-2024-25938 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widge... | | |
| CVE-2024-25939 | Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may al... | | |
| CVE-2024-25940 | bhyveload(8) host file access | | |
| CVE-2024-25941 | jail(2) information leak | | |
| CVE-2024-25942 | Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability.... | | |
| CVE-2024-25943 | iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generatio... | | |
| CVE-2024-25944 | Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenti... | | |
| CVE-2024-25946 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorize... | | |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A p... | | |
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A p... | | |
| CVE-2024-25949 | Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an imprope... | S | |
| CVE-2024-25951 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain ... | | |
| CVE-2024-25952 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) foll... | | |
| CVE-2024-25953 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) foll... | | |
| CVE-2024-25954 | Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration ... | | |
| CVE-2024-25955 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorize... | | |
| CVE-2024-25956 | Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability... | | |
| CVE-2024-25957 | Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive informati... | | |
| CVE-2024-25958 | Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissio... | | |
| CVE-2024-25959 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive informatio... | | |
| CVE-2024-25960 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitiv... | | |
| CVE-2024-25961 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vul... | | |
| CVE-2024-25962 | Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privile... | | |
| CVE-2024-25963 | Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic alg... | | |
| CVE-2024-25964 | Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remot... | | |
| CVE-2024-25965 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or pa... | | |
| CVE-2024-25966 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected dat... | | |
| CVE-2024-25967 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileg... | | |
| CVE-2024-25968 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptograph... | | |
| CVE-2024-25969 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without lim... | | |
| CVE-2024-25970 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerabi... | | |
| CVE-2024-25971 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerabili... | | |
| CVE-2024-25972 | Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan b... | | |
| CVE-2024-25973 | Multiple Stored Cross-Site Scripting Vulnerabilities | E S | |
| CVE-2024-25974 | Stored Cross-Site Scripting (XSS) within the Media Center | E S | |
| CVE-2024-25975 | Arbitrary File Overwrite | S | |
| CVE-2024-25976 | Reflected Cross-Site-Scripting (XSS) | S | |
| CVE-2024-25977 | Session Fixation | S | |
| CVE-2024-25978 | Msa-24-0001: denial of service risk in file picker unzip functionality | S | |
| CVE-2024-25979 | Msa-24-0002: forum search accepted random parameters in its url | S | |
| CVE-2024-25980 | Msa-24-0003: h5p attempts report did not respect activity group settings | S | |
| CVE-2024-25981 | Msa-24-0004: forum export did not respect activity group settings | S | |
| CVE-2024-25982 | Msa-24-0005: csrf risk in language import utility | S | |
| CVE-2024-25983 | Msa-24-0006: idor on dashboard comments block | S | |
| CVE-2024-25984 | In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer ... | | |
| CVE-2024-25985 | In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could ... | | |
| CVE-2024-25986 | In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic... | | |
| CVE-2024-25987 | In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds che... | | |
| CVE-2024-25988 | In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a ... | | |
| CVE-2024-25989 | In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missi... | | |
| CVE-2024-25990 | In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bound... | | |
| CVE-2024-25991 | In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bou... | | |
| CVE-2024-25992 | In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. Th... | | |
| CVE-2024-25993 | In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds c... | | |
| CVE-2024-25994 | PHOENIX CONTACT: Unintended script file upload in CHARX Series | | |
| CVE-2024-25995 | PHOENIX CONTACT: Remote code execution in CHARX Series | | |
| CVE-2024-25996 | PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series | | |
| CVE-2024-25997 | PHOENIX CONTACT: Log injection in CHARX Series | | |
| CVE-2024-25998 | PHOENIX CONTACT: Command injection in the OCPP Service | | |
| CVE-2024-25999 | PHOENIX CONTACT: Privilege escalation in the OCPP agent service | |