| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-29000 | SolarWinds Platform Reflected XSS Vulnerability | S | |
| CVE-2024-29001 | SolarWinds Platform SWQL Injection Vulnerability | S | |
| CVE-2024-29003 | SolarWinds Platform Cross Site Scripting Vulnerability | S | |
| CVE-2024-29004 | SolarWinds Platform Stored XSS Vulnerability | S | |
| CVE-2024-29006 | Apache CloudStack: x-forwarded-for HTTP header parsed by default | | |
| CVE-2024-29007 | Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences | | |
| CVE-2024-29008 | Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance | | |
| CVE-2024-29009 | Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unau... | | |
| CVE-2024-29010 | The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) in... | | |
| CVE-2024-29011 | Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. ... | | |
| CVE-2024-29012 | Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote ... | | |
| CVE-2024-29013 | Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attac... | | |
| CVE-2024-29014 | Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier ve... | | |
| CVE-2024-29015 | Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may all... | | |
| CVE-2024-29018 | External DNS requests from 'internal' networks could lead to data exfiltration | | |
| CVE-2024-29019 | ESPHome vulnerable to Authentication bypass via Cross site request forgery | | |
| CVE-2024-29020 | JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked | | |
| CVE-2024-29021 | SSRF into Sandbox Escape through Unsafe Default Configuration | | |
| CVE-2024-29022 | Session Hijacking via XSS attack in header and session grid in Xibo CMS | | |
| CVE-2024-29023 | Session Hijacking via token exposure on the session page in Xibo CMS | | |
| CVE-2024-29024 | JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality | | |
| CVE-2024-29025 | Netty HttpPostRequestDecoder can OOM | | |
| CVE-2024-29026 | Owncast cross origin request | | |
| CVE-2024-29027 | Parse Server crash and RCE via invalid Cloud Function or Cloud Job name | | |
| CVE-2024-29028 | memos vulnerable to an SSRF in /o/get/httpmeta | E S | |
| CVE-2024-29029 | memos vulnerable to an SSRF in /o/get/image | E S | |
| CVE-2024-29030 | memos vulnerable to an SSRF in /api/resource | E S | |
| CVE-2024-29031 | Meshery SQL Injection vulnerability | | |
| CVE-2024-29032 | `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code | | |
| CVE-2024-29033 | GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace | | |
| CVE-2024-29034 | CarrierWave's Content-Type allowlist bypass vulnerability which possibly leads to XSS remained | | |
| CVE-2024-29035 | Umbraco's Blind SSRF Leads to Port Scan by using Webhooks | S | |
| CVE-2024-29036 | Saleor Storefront session leak in cache | | |
| CVE-2024-29037 | Default secret use for initial deployment | | |
| CVE-2024-29038 | tpm2 does not detect if quote was not generated by TPM | | |
| CVE-2024-29039 | Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state | | |
| CVE-2024-29040 | Fapi Verify Quote: Does not detect if quote was not generated by TPM | | |
| CVE-2024-29041 | Express.js Open Redirect in malformed URLs | | |
| CVE-2024-29042 | Translate Cache Poisoning Vulnerability | | |
| CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | | |
| CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability | | |
| CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability | S | |
| CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | S | |
| CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | S | |
| CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability | S | |
| CVE-2024-29057 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2024-29059 | .NET Framework Information Disclosure Vulnerability | KEV | |
| CVE-2024-29060 | Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability | S | |
| CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability | S | |
| CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability | | |
| CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability | | |
| CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | | |
| CVE-2024-29068 | snapd non-regular file indefinite blocking read | S | |
| CVE-2024-29069 | snapd will follow archived symlinks when unpacking a filesystem | S | |
| CVE-2024-29070 | Apache StreamPark: session not invalidated after logout | | |
| CVE-2024-29071 | HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacen... | | |
| CVE-2024-29072 | A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability oc... | E | |
| CVE-2024-29073 | An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to... | E | |
| CVE-2024-29074 | Telephony has an improper input validation vulnerability | | |
| CVE-2024-29075 | Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earli... | | |
| CVE-2024-29076 | Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticate... | | |
| CVE-2024-29077 | Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenti... | | |
| CVE-2024-29078 | Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and e... | | |
| CVE-2024-29079 | Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may al... | | |
| CVE-2024-29080 | Potential vulnerabilities have been identified in the HP Display Control software component within t... | | |
| CVE-2024-29082 | Vonets WiFi Bridges Improper Access Control | M | |
| CVE-2024-29083 | Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.... | | |
| CVE-2024-29085 | Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allo... | | |
| CVE-2024-29086 | Arkcompiler runtime has a stack overflow svulnerability | | |
| CVE-2024-29089 | WordPress Restaurant Menu and Food Ordering plugin <= 2.4.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29090 | WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability | E S | |
| CVE-2024-29091 | WordPress WP Armour plugin <= 2.1.13 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29092 | WordPress Permalink Manager Lite plugin <= 2.4.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29093 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-29094 | WordPress HT Easy GA4 plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29095 | WordPress Site Reviews plugin <= 6.11.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29096 | WordPress MJM Clinic plugin <= 1.1.22 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29097 | WordPress User profile plugin <= 2.0.20 - Subscriber+ Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29098 | WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29099 | WordPress Evergreen Content Poster plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29100 | WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-29101 | WordPress Jeg Elementor Kit plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29102 | WordPress Extensions For CF7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29103 | WordPress Database for Contact Form 7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29104 | WordPress Ticket Tailor plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29105 | WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29106 | WordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29107 | WordPress Elementor Addon Elements plugin <= 1.12.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29108 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29109 | WordPress Shariff Wrapper plugin <= 4.6.10 - Contributor+ Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29110 | WordPress Tablesome plugin <= 1.0.27 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29111 | WordPress Sitekit plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29112 | WordPress WooCommerce Google Feed Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29113 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29114 | WordPress Download Manager plugin <= 3.2.84 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29115 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29116 | WordPress WooThumbs for WooCommerce by Iconic plugin <= 5.5.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29117 | WordPress Contact Forms by Cimatti plugin <= 1.7.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29118 | WordPress Scrollsequence plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29119 | A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product... | | |
| CVE-2024-29120 | Apache StreamPark: Information leakage vulnerability | | |
| CVE-2024-29121 | WordPress WooCommerce License Manager plugin <= 5.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29122 | WordPress FV Player plugin <= 7.5.41.7212 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29123 | WordPress Link Library plugin <= 7.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29124 | WordPress Advanced Access Manager plugin <= 6.9.20 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29125 | WordPress Coupon Affiliates plugin <= 5.12.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29126 | WordPress Specific Content For Mobile plugin <= 0.1.9.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29127 | WordPress Advanced Access Manager plugin <= 6.9.20 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29128 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29129 | WordPress OxyExtras plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29130 | WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29131 | Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() | | |
| CVE-2024-29133 | Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree | | |
| CVE-2024-29134 | WordPress Tourfic plugin <= 2.11.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29135 | WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-29136 | WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability | S | |
| CVE-2024-29137 | WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29138 | WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29139 | WordPress MyCurator Content Curation plugin <= 3.76 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29140 | WordPress MJM Clinic plugin <= 1.1.22 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29141 | WordPress PDF Embedder plugin <= 4.6.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29142 | WordPress Better Search plugin <= 3.3.0 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29143 | WordPress Passwordless Login plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29146 | User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwor... | | |
| CVE-2024-29149 | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and ... | | |
| CVE-2024-29150 | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and ... | | |
| CVE-2024-29151 | Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.... | | |
| CVE-2024-29152 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exyno... | | |
| CVE-2024-29153 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with vers... | | |
| CVE-2024-29154 | danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of in... | | |
| CVE-2024-29155 | Denial of service on Microchip RN4870 devices | S | |
| CVE-2024-29156 | In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL ex... | S | |
| CVE-2024-29157 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the... | | |
| CVE-2024-29158 | HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption... | | |
| CVE-2024-29159 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corrupti... | | |
| CVE-2024-29160 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in th... | | |
| CVE-2024-29161 | HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the cor... | | |
| CVE-2024-29162 | HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial... | | |
| CVE-2024-29163 | HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of... | | |
| CVE-2024-29164 | HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruptio... | | |
| CVE-2024-29165 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruptio... | | |
| CVE-2024-29166 | HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of ... | | |
| CVE-2024-29167 | SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrativ... | | |
| CVE-2024-29168 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an i... | | |
| CVE-2024-29169 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an i... | | |
| CVE-2024-29170 | Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnera... | | |
| CVE-2024-29171 | Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certifica... | | |
| CVE-2024-29172 | Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerabil... | | |
| CVE-2024-29173 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Ser... | | |
| CVE-2024-29174 | Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection v... | | |
| CVE-2024-29175 | Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an we... | | |
| CVE-2024-29176 | Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Wri... | | |
| CVE-2024-29177 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a dis... | | |
| CVE-2024-29178 | Apache StreamPark: FreeMarker SSTI RCE Vulnerability | | |
| CVE-2024-29179 | phpMyFAQ Stored Cross-site Scripting at File Attachments | E | |
| CVE-2024-29180 | webpack-dev-middleware Path Traversal vulnerability | | |
| CVE-2024-29181 | @strapi/plugin-content-manager leaks data via relations via the Admin Panel | E S | |
| CVE-2024-29182 | Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip | | |
| CVE-2024-29183 | OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login | | |
| CVE-2024-29184 | FreeScout Stored XSS to Privilege Escalation After CSP Bypass | E | |
| CVE-2024-29185 | FreeScout OS Command Injection vulnerability | E | |
| CVE-2024-29186 | Slow String Operations via MultiPart Requests in Event-Driven Functions | | |
| CVE-2024-29187 | WiX based installers are vulnerable to binary hijack when run as SYSTEM | | |
| CVE-2024-29188 | Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files | | |
| CVE-2024-29189 | ansys-geometry-core OS Command Injection vulnerability | | |
| CVE-2024-29190 | MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns) | E S | |
| CVE-2024-29191 | GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability | | |
| CVE-2024-29192 | GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability | | |
| CVE-2024-29193 | GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability | | |
| CVE-2024-29194 | OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation | | |
| CVE-2024-29195 | Azure C SDK Integer Wraparound Vulnerability | | |
| CVE-2024-29196 | phpMyFAQ Path Traversal in Attachments | E S | |
| CVE-2024-29197 | Pimcore Preview Documents are not restricted to logged in users anymore | | |
| CVE-2024-29198 | GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost | M | |
| CVE-2024-29199 | Unauthenticated views may expose information to anonymous users | S | |
| CVE-2024-29200 | API returns timesheet entries a user should not be authorized to view | | |
| CVE-2024-29201 | JumpServer's insecure Ansible playbook validation leads to RCE in Celery | E | |
| CVE-2024-29202 | JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery | E | |
| CVE-2024-29203 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes | | |
| CVE-2024-29204 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allow... | | |
| CVE-2024-29205 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti... | | |
| CVE-2024-29206 | An Improper Access Control could allow a malicious actor authenticated in the API to enable Android ... | | |
| CVE-2024-29207 | An Improper Certificate Validation could allow a malicious actor with access to an adjacent network ... | | |
| CVE-2024-29208 | An Unverified Password Change could allow a malicious actor with API access to the device to change ... | | |
| CVE-2024-29209 | A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Butto... | | |
| CVE-2024-29210 | A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlo... | | |
| CVE-2024-29211 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated a... | | |
| CVE-2024-29212 | Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in... | | |
| CVE-2024-29213 | Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevate... | | |
| CVE-2024-29214 | Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may al... | | |
| CVE-2024-29215 | Slash commands run in channel without channel membership via playbook task commands | S | |
| CVE-2024-29216 | Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By se... | | |
| CVE-2024-29217 | Apache Answer: XSS vulnerability when changing personal website | | |
| CVE-2024-29218 | Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.... | | |
| CVE-2024-29219 | Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.... | | |
| CVE-2024-29220 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels... | | |
| CVE-2024-29221 | Invite ID available to team admins even without the "Add Members" permission | S | |
| CVE-2024-29222 | Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to po... | | |
| CVE-2024-29223 | Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may ... | | |
| CVE-2024-29224 | An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially craft... | | |
| CVE-2024-29225 | WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthen... | | |
| CVE-2024-29227 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29228 | Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Stati... | | |
| CVE-2024-29229 | Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Sta... | | |
| CVE-2024-29230 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29231 | Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology ... | | |
| CVE-2024-29232 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29233 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29234 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29235 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29236 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29237 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29238 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29239 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-29240 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station ... | | |
| CVE-2024-29241 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station befo... | | |
| CVE-2024-29243 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflo... | E | |
| CVE-2024-29244 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflo... | E | |
| CVE-2024-29269 | An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary syst... | E | |
| CVE-2024-29271 | Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote at... | E S | |
| CVE-2024-29272 | Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote a... | E S | |
| CVE-2024-29273 | There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, w... | E | |
| CVE-2024-29275 | SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execu... | E | |
| CVE-2024-29276 | An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via... | | |
| CVE-2024-29278 | funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."... | | |
| CVE-2024-29291 | An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database creden... | | |
| CVE-2024-29292 | Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable... | | |
| CVE-2024-29296 | A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user aut... | E | |
| CVE-2024-29301 | SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?ad... | E | |
| CVE-2024-29302 | SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php... | E | |
| CVE-2024-29303 | The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQ... | E | |
| CVE-2024-29309 | An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code ... | | |
| CVE-2024-29316 | NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access t... | | |
| CVE-2024-29318 | Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upl... | E | |
| CVE-2024-29319 | Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via up... | E | |
| CVE-2024-29320 | Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subs... | E | |
| CVE-2024-29338 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/c... | E | |
| CVE-2024-29366 | A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KR... | E | |
| CVE-2024-29368 | An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attacker... | E | |
| CVE-2024-29374 | A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within... | E | |
| CVE-2024-29375 | CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbit... | | |
| CVE-2024-29376 | Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.... | | |
| CVE-2024-29384 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information vi... | E | |
| CVE-2024-29385 | DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgib... | E | |
| CVE-2024-29386 | projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /vi... | E | |
| CVE-2024-29387 | projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the... | E | |
| CVE-2024-29390 | Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind ... | E | |
| CVE-2024-29392 | Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.... | E | |
| CVE-2024-29399 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitra... | E | |
| CVE-2024-29400 | An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the st... | E | |
| CVE-2024-29401 | xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the se... | | |
| CVE-2024-29402 | cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old se... | | |
| CVE-2024-29404 | An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to ... | | |
| CVE-2024-29409 | File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code... | E M | |
| CVE-2024-29413 | Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary cod... | | |
| CVE-2024-29415 | The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, ... | | |
| CVE-2024-29417 | Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to ... | | |
| CVE-2024-29419 | There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Pa... | E | |
| CVE-2024-29421 | xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which a... | | |
| CVE-2024-29432 | Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter a... | | |
| CVE-2024-29433 | A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to exec... | | |
| CVE-2024-29434 | An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a direct... | | |
| CVE-2024-29435 | An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId pa... | | |
| CVE-2024-29439 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29440 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29441 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29442 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29443 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29444 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29445 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29450 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29452 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29454 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29455 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-29460 | An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for cra... | E S | |
| CVE-2024-29461 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of s... | E | |
| CVE-2024-29466 | Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execu... | | |
| CVE-2024-29469 | A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbi... | E | |
| CVE-2024-29470 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the c... | E | |
| CVE-2024-29471 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the N... | E | |
| CVE-2024-29472 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the P... | E | |
| CVE-2024-29473 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the R... | E | |
| CVE-2024-29474 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the U... | E | |
| CVE-2024-29477 | Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an ... | | |
| CVE-2024-29489 | Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.... | | |
| CVE-2024-29499 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/u... | E | |
| CVE-2024-29500 | An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers t... | E | |
| CVE-2024-29502 | An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary f... | E | |
| CVE-2024-29504 | Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to exe... | E | |
| CVE-2024-29506 | Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() func... | | |
| CVE-2024-29507 | Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath... | | |
| CVE-2024-29508 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed ... | | |
| CVE-2024-29509 | Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has... | | |
| CVE-2024-29510 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format st... | E | |
| CVE-2024-29511 | Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue ... | | |
| CVE-2024-29513 | An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local... | | |
| CVE-2024-29514 | File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbit... | E | |
| CVE-2024-29515 | File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbit... | E | |
| CVE-2024-29640 | An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code... | | |
| CVE-2024-29643 | An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss comp... | E | |
| CVE-2024-29644 | Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to exec... | E | |
| CVE-2024-29645 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary co... | S | |
| CVE-2024-29646 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary co... | S | |
| CVE-2024-29650 | An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via... | | |
| CVE-2024-29651 | A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a r... | | |
| CVE-2024-29660 | Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary cod... | | |
| CVE-2024-29661 | A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a ... | | |
| CVE-2024-29666 | Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.... | | |
| CVE-2024-29667 | SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 ... | | |
| CVE-2024-29671 | Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execu... | | |
| CVE-2024-29672 | Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to exec... | | |
| CVE-2024-29684 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/de... | E | |
| CVE-2024-29686 | Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker t... | E | |
| CVE-2024-29723 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29724 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29725 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29726 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29727 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29728 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29729 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29730 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29731 | Multiple vulnerabilities in SportsNET | S | |
| CVE-2024-29732 | SQL Injection vulnerability on SCAN_VISIO eDocument Suite Web Viewer from Abast | S | |
| CVE-2024-29733 | Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context | S | |
| CVE-2024-29734 | Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which ma... | | |
| CVE-2024-29735 | Apache Airflow: Potentially harmful permission changing by log task handler | S | |
| CVE-2024-29736 | Apache CXF: SSRF vulnerability via WADL stylesheet parameter | | |
| CVE-2024-29737 | Apache StreamPark (incubating): maven build params could trigger remote command execution | | |
| CVE-2024-29738 | In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead t... | | |
| CVE-2024-29739 | In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. ... | | |
| CVE-2024-29740 | In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. Th... | | |
| CVE-2024-29741 | In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code... | | |
| CVE-2024-29742 | In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bound... | | |
| CVE-2024-29743 | In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check.... | | |
| CVE-2024-29744 | In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. T... | | |
| CVE-2024-29745 | there is a possible Information Disclosure due to uninitialized data. This could lead to local infor... | KEV | |
| CVE-2024-29746 | In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validatio... | | |
| CVE-2024-29747 | In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due to a missing null check. This ... | | |
| CVE-2024-29748 | there is a possible way to bypass due to a logic error in the code. This could lead to local escala... | KEV | |
| CVE-2024-29749 | In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds c... | | |
| CVE-2024-29750 | In km_exp_did_inner of kmv.c, there is a possible out of bounds read due to a missing bounds check. ... | | |
| CVE-2024-29751 | In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB Read due to a missing null chec... | | |
| CVE-2024-29752 | In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing boun... | | |
| CVE-2024-29753 | In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing boun... | | |
| CVE-2024-29754 | In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. This cou... | | |
| CVE-2024-29755 | In tmu_get_pi of tmu.c, there is a possible out of bounds read due to improper input validation. Thi... | | |
| CVE-2024-29756 | In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This c... | | |
| CVE-2024-29757 | there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local... | | |
| CVE-2024-29758 | WordPress Co-marquage service-public.fr plugin <= 0.5.72 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29759 | WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29760 | WordPress Booster for WooCommerce plugin <= 7.1.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29761 | WordPress WP Post Disclaimer plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29762 | WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29763 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29764 | WordPress Molongui plugin <= 4.7.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29765 | WordPress Aparat for WordPress plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29766 | WordPress StreamWeasels Twitch Integration plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29767 | WordPress Doneren met Mollie plugin <= 2.10.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29768 | WordPress Astra theme <= 4.6.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29769 | WordPress Portfolio Gallery plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29770 | WordPress Pretty Links plugin <= 3.6.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29771 | WordPress Dracula Dark Mode plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29772 | WordPress MyBookTable Bookstore plugin <= 3.3.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29773 | WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability | S | |
| CVE-2024-29774 | WordPress WP Directory Kit plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29775 | WordPress Frontend Dashboard plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29776 | WordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29777 | WordPress Forminator plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29778 | In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possib... | | |
| CVE-2024-29779 | there is a possible escalation of privilege due to an unusual root cause. This could lead to local e... | | |
| CVE-2024-29780 | In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitiali... | | |
| CVE-2024-29781 | In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read ... | | |
| CVE-2024-29782 | In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of bounds read due to a missing bound... | | |
| CVE-2024-29783 | In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. This... | | |
| CVE-2024-29784 | In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer... | | |
| CVE-2024-29785 | In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. ... | | |
| CVE-2024-29786 | In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write d... | | |
| CVE-2024-29787 | In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due ... | | |
| CVE-2024-29788 | WordPress Podlove Web Player plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29789 | WordPress OneClick Chat to Order plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29790 | WordPress Squirrly SEO plugin <= 12.3.16 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29791 | WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.01 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29792 | WordPress Unlimited Elements for Elementor plugin <= 1.5.93 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29793 | WordPress MailChimp Forms by MailMunch plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29794 | WordPress Conversios.io plugin <= 6.9.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29795 | WordPress Media Cloud for Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.5.24 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29796 | WordPress Hot Random Image plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29797 | WordPress Grid Shortcodes plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29798 | WordPress Gratisfaction plugin <= 4.3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29799 | WordPress WP Fast Total Search plugin <= 1.59.211 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29800 | WordPress Timber plugin <= 1.23.0 - Deserialization of untrusted data vulnerability | S | |
| CVE-2024-29801 | WordPress Fullscreen Galleria plugin <= 1.6.11 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29802 | WordPress Football Pool plugin <= 2.11.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29803 | WordPress FlatPM plugin < 3.1.05 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29804 | WordPress Fancy Comments WordPress plugin <= 1.2.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29805 | WordPress Shipping with Venipak for WooCommerce plugin <= 1.19.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29806 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29807 | WordPress DearFlip plugin <= 2.2.26 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29808 | WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id | E | |
| CVE-2024-29809 | WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url | E | |
| CVE-2024-29810 | WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url | E | |
| CVE-2024-29811 | WordPress Radio Player plugin <= 2.0.73 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29812 | WordPress ReviewX plugin <= 1.6.22 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29813 | WordPress CartFlows plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29814 | WordPress Exchange Rates Widget plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29815 | WordPress WP Change Email Sender plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29816 | WordPress Woo Viet plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29817 | WordPress affiliate-toolkit – WordPress Affiliate Plugin plugin <= 3.4.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29818 | WordPress WP Poll Maker plugin <= 3.1 - Authenticated Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29819 | WordPress WPFront Notification Bar plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29820 | WordPress PDF Builder for WPForms plugin <= 1.2.88 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29821 | Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevate... | | |
| CVE-2024-29822 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29823 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29824 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | KEV | |
| CVE-2024-29825 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29826 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29827 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29828 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29829 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29830 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29831 | Apache DolphinScheduler: RCE by arbitrary js execution | | |
| CVE-2024-29832 | WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url | E | |
| CVE-2024-29833 | WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler | E | |
| CVE-2024-29834 | Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints | | |
| CVE-2024-29836 | Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover | | |
| CVE-2024-29837 | Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections | | |
| CVE-2024-29838 | Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash | | |
| CVE-2024-29839 | Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values. | | |
| CVE-2024-29840 | Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values | | |
| CVE-2024-29841 | Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values | | |
| CVE-2024-29842 | Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values | | |
| CVE-2024-29843 | Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration | | |
| CVE-2024-29844 | Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions | | |
| CVE-2024-29846 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | | |
| CVE-2024-29847 | Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 Sep... | | |
| CVE-2024-29848 | An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows a... | | |
| CVE-2024-29849 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise man... | | |
| CVE-2024-29850 | Veeam Backup Enterprise Manager allows account takeover via NTLM relay.... | | |
| CVE-2024-29851 | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manage... | | |
| CVE-2024-29852 | Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.... | | |
| CVE-2024-29853 | An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privile... | | |
| CVE-2024-29855 | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator... | | |
| CVE-2024-29857 | An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, ... | | |
| CVE-2024-29858 | In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly... | S | |
| CVE-2024-29859 | In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly che... | S | |
| CVE-2024-29862 | The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bri... | S | |
| CVE-2024-29863 | A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20... | | |
| CVE-2024-29864 | Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into expor... | E S | |
| CVE-2024-29865 | Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP l... | | |
| CVE-2024-29866 | Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a... | | |
| CVE-2024-29868 | Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation | | |
| CVE-2024-29869 | Apache Hive: Credentials file created with non restrictive permissions | S | |
| CVE-2024-29870 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29871 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29872 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29873 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29874 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29875 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29876 | SQL injection vulnerability in Sentrifugo | | |
| CVE-2024-29877 | Cross-Site Scripting (XSS) vulnerability in Sentrifugo | | |
| CVE-2024-29878 | Cross-Site Scripting (XSS) vulnerability in Sentrifugo | | |
| CVE-2024-29879 | Cross-Site Scripting (XSS) vulnerability in Sentrifugo | | |
| CVE-2024-29880 | In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions... | | |
| CVE-2024-29881 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements | | |
| CVE-2024-29882 | SRS DOM - XSS on JSONP callback | | |
| CVE-2024-29883 | CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor | | |
| CVE-2024-29885 | Reports are still accessible even when `canView()` returns false in silverstripe/reports | | |
| CVE-2024-29886 | Improved security for stored password hashes | | |
| CVE-2024-29887 | Serverpod client accepts any certificate | | |
| CVE-2024-29888 | Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | | |
| CVE-2024-29889 | GLPI contains an SQL injection through the saved searches | S | |
| CVE-2024-29890 | Remote code execution in datalens-ui | | |
| CVE-2024-29891 | ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass | | |
| CVE-2024-29892 | ZITADEL's actions can overload reserved claims | | |
| CVE-2024-29893 | Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server | S | |
| CVE-2024-29894 | Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API | E | |
| CVE-2024-29895 | Cacti command injection in cmd_realtime.php | | |
| CVE-2024-29896 | Astro-Shield's Content-Security-Policy header generation in middleware could be compromised by malicious injections | | |
| CVE-2024-29897 | CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki` | | |
| CVE-2024-29898 | Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis | | |
| CVE-2024-29900 | @electron/packager's build process memory potentially leaked into final executable | S | |
| CVE-2024-29901 | @workos-inc/authkit-nextjs session replay vulnerability | S | |
| CVE-2024-29902 | Cosign vulnerable to system-wide denial of service via malicious attachments | S | |
| CVE-2024-29903 | Cosign vulnerable to machine-wide denial of service via malicious artifacts | E S | |
| CVE-2024-29904 | CodeIgniter4 Language class DoS Vulnerability | S | |
| CVE-2024-29905 | DIRAC: Unauthorized users can read proxy contents during generation | | |
| CVE-2024-29906 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29907 | WordPress SEO Backlink Monitor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29908 | WordPress Co-marquage service-public.fr plugin <= 0.5.71 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29909 | WordPress Travelers' Map plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29910 | WordPress Dropdown Multisite selector plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29911 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29912 | WordPress iCalendrier plugin <= 1.80 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29913 | WordPress Tutor LMS Elementor Addons plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29914 | WordPress Stratum – Elementor Widgets plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29915 | WordPress Podlove Podcast Publisher plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29916 | The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock ar... | | |
| CVE-2024-29917 | WordPress Compact WP Audio Player plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29918 | WordPress Survey Maker plugin <= 4.0.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29919 | WordPress Photo Gallery by Ays Plugin <=5.5.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29920 | WordPress Move Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29921 | WordPress Photo Gallery by Supsystic plugin <= 1.15.16 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29922 | WordPress Slider Hero plugin <= 8.6.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29923 | WordPress PropertyHive plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29924 | WordPress Premium Packages plugin <= 5.8.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29925 | WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29926 | WordPress WC Builder plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29927 | WordPress WishSuite plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29928 | WordPress Advanced Sermons plugin <= 3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29929 | WordPress WCFM plugin <= 6.7.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29930 | WordPress Crypto Converter Widget plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29931 | WordPress WP Go Maps plugin <= 9.0.29 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29932 | WordPress WordPress Meta Data and Taxonomies Filter (MDTF) plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29933 | WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29934 | WordPress Piotnet Addons For Elementor plugin <= 2.4.25 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29935 | WordPress Sina Extension for Elementor plugin <= 3.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29936 | WordPress Image Hover Effects – Elementor Addon plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-29937 | NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allo... | E | |
| CVE-2024-29941 | Credential Cloning | M | |
| CVE-2024-29943 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling ran... | | |
| CVE-2024-29944 | An attacker was able to inject an event handler into a privileged object that would allow arbitrary ... | | |
| CVE-2024-29945 | Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise | M | |
| CVE-2024-29946 | Risky command safeguards bypass in Dashboard Examples Hub | | |
| CVE-2024-29947 | There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient val... | | |
| CVE-2024-29948 | There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could... | | |
| CVE-2024-29949 | There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated... | | |
| CVE-2024-29950 | Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption | | |
| CVE-2024-29951 | Brocade SANnav has weak encryption in internal SSH ports | | |
| CVE-2024-29952 | Clear text storage of sensistive information by manipulating command variables | | |
| CVE-2024-29953 | Encoded session passwords on session storage for Virtual Fabric platforms | S | |
| CVE-2024-29954 | password management API prints sensitive information in log files | S | |
| CVE-2024-29955 | Insertion of Sensitive Information into Brocade SANnav Log File | | |
| CVE-2024-29956 | cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav | | |
| CVE-2024-29957 | Encryption key is stored in the DR log files | | |
| CVE-2024-29958 | Encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. | | |
| CVE-2024-29959 | Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save | | |
| CVE-2024-29960 | Identical SSH keys utilized inside the OVA image (CVE-2024-29960) | | |
| CVE-2024-29961 | supply-chain attack risk | | |
| CVE-2024-29962 | Insecure file permission setting that makes files world-readable | | |
| CVE-2024-29963 | Brocade SANnav contains hardcoded TLS keys used by Docker | | |
| CVE-2024-29964 | Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files | | |
| CVE-2024-29965 | Insecure backup | | |
| CVE-2024-29966 | hard-coded credentials in the documentation that appear as the appliance root password | | |
| CVE-2024-29967 | In Brocade SANnav before v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points | | |
| CVE-2024-29968 | SQL Table names, column names, and SQL queries are collected in DR standby Supportsave | | |
| CVE-2024-29969 | TLS/SSL weak message authentication code ciphers are added by default for port 18082 | M | |
| CVE-2024-29970 | Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via i... | | |
| CVE-2024-29971 | Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected sign... | | |
| CVE-2024-29972 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-... | E | |
| CVE-2024-29973 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in ... | E | |
| CVE-2024-29974 | ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upl... | E | |
| CVE-2024-29975 | ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executab... | E | |
| CVE-2024-29976 | ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show... | E | |
| CVE-2024-29977 | Malicious remote can create arbitrary reactions on arbitrary posts | S | |
| CVE-2024-29978 | User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwor... | | |
| CVE-2024-29979 | Unsafe Handling of Phoenix UEFI Variables | | |
| CVE-2024-29980 | Unsafe Handling of IHV UEFI Variables | | |
| CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-29986 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | | |
| CVE-2024-29987 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | | |
| CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | KEV S | |
| CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability | | |
| CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | | |
| CVE-2024-29991 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | | |
| CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability | | |
| CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability | | |
| CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | | |
| CVE-2024-29995 | Windows Kerberos Elevation of Privilege Vulnerability | S | |
| CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | S | |
| CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | S | |
| CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | S |