CVE-2024-3xxx

There are 938 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-3000 code-projects Online Book System index.php sql injection
E
CVE-2024-3001 code-projects Online Book System Product.php sql injection
E
CVE-2024-3002 code-projects Online Book System description.php sql injection
E
CVE-2024-3003 code-projects Online Book System cart.php sql injection
E
CVE-2024-3004 code-projects Online Book System Product.php cross site scripting
E
CVE-2024-3005 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri...
CVE-2024-3006 Tenda FH1205 fromRouteStatic fromSetRouteStatic stack-based overflow
E
CVE-2024-3007 Tenda FH1205 NatStaticSetting fromNatStaticSetting stack-based overflow
E
CVE-2024-3008 Tenda FH1205 execCommand formexeCommand stack-based overflow
E
CVE-2024-3009 Tenda FH1205 WriteFacMac formWriteFacMac command injection
E
CVE-2024-3010 Tenda FH1205 setcfm formSetCfm stack-based overflow
E
CVE-2024-3011 Tenda FH1205 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-3012 Tenda FH1205 GetParentControlInfo stack-based overflow
E
CVE-2024-3013 FLIR AX8 User Registration improper authorization
E
CVE-2024-3014 SourceCodester Simple Subscription Website Actions.php sql injection
E
CVE-2024-3015 SourceCodester Simple Subscription Website manage_plan.php sql injection
E
CVE-2024-3016 NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to...
CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread
CVE-2024-3018 The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all...
S
CVE-2024-3019 Pcp: exposure of the redis server backend allows remote command execution via pmproxy
M
CVE-2024-3020 The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserial...
CVE-2024-3021 The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header...
CVE-2024-3022 The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient fi...
E S
CVE-2024-3023 The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings...
CVE-2024-3024 appneta tcpreplay get.c get_layer4_v6 heap-based overflow
E
CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm
CVE-2024-3026 WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS
E
CVE-2024-3027 The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a ...
CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm
CVE-2024-3029 Improper Input Validation in mintplex-labs/anything-llm
CVE-2024-3030 The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...
CVE-2024-3031 Fluid Notification Bar <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect
E
CVE-2024-3033 Improper Authorization in mintplex-labs/anything-llm
E S
CVE-2024-3034 The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to,...
CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab
E S
CVE-2024-3036 Communication DoS vulnerability
M
CVE-2024-3037 Arbitrary File Deletion in PaperCut NG/MF Web Print
CVE-2024-3039 Shanghai Brad Technology BladeX API export-user sql injection
E
CVE-2024-3040 Netentsec NS-ASG Application Security Gateway list_crl_conf sql injection
E
CVE-2024-3041 Netentsec NS-ASG Application Security Gateway listloginfo.php sql injection
E
CVE-2024-3042 SourceCodester Simple Subscription Website manage_user.php sql injection
E
CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service
CVE-2024-3044 Graphic on-click binding allows unchecked script execution
CVE-2024-3045 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-...
S
CVE-2024-3046 In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted req...
CVE-2024-3047 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side R...
S
CVE-2024-3048 Bannerlid <= 1.1.0 - Reflected XSS
E
CVE-2024-3049 Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
M
CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing
E
CVE-2024-3051 Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
CVE-2024-3052 Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
CVE-2024-3053 The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable...
S
CVE-2024-3054 WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all version...
S
CVE-2024-3055 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection
CVE-2024-3056 Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack
M
CVE-2024-3057 A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege es...
S
CVE-2024-3058 ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
E
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
E
CVE-2024-3060 ENL Newsletter <= 1.0.1 - Admin+ SQL Injection
E
CVE-2024-3061 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local...
S
CVE-2024-3062 Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS
E
CVE-2024-3063 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-3064 The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored C...
CVE-2024-3065 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-3066 Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags
CVE-2024-3067 The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id'...
S
CVE-2024-3068 Custom Field Suite <= 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting
S
CVE-2024-3069 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection
CVE-2024-3071 The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a m...
CVE-2024-3072 The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due...
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI
CVE-2024-3074 The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ima...
CVE-2024-3075 MM-email2image <= 0.2.5 - Contributor+ Stored XSS
E
CVE-2024-3076 MM-email2image <= 0.2.5 - Stored XSS via CSRF
E
CVE-2024-3077 Bluetooth: integer underflow in gatt_find_info_rsp
E S
CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal
S
CVE-2024-3079 ASUS Router - Stack-based Buffer Overflow
S
CVE-2024-3080 ASUS Router - Improper Authentication
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
S
CVE-2024-3082 A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker...
S
CVE-2024-3083 A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state...
S
CVE-2024-3084 PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting
E
CVE-2024-3085 PHPGurukul Emergency Ambulance Hiring Portal Admin Login Page login.php sql injection
E
CVE-2024-3086 PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting
E
CVE-2024-3087 PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection
E
CVE-2024-3088 PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection
E
CVE-2024-3089 PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery
E
CVE-2024-3090 PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting
E
CVE-2024-3091 PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting
E
CVE-2024-3092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-3093 Rejected reason: ** DUPLICATE ** Accidental request. Please use CVE-2024-1752 instead....
R
CVE-2024-3094 Xz: malicious code in distributed source
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
E
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL
M
CVE-2024-3097 The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized ac...
S
CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index
CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow
E
CVE-2024-3100 A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could a...
S
CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm
CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm
E S
CVE-2024-3103 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3104 Remote Code Execution in mintplex-labs/anything-llm
E S
CVE-2024-3105 Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution
CVE-2024-3107 The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in ver...
S
CVE-2024-3108 An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that c...
S
CVE-2024-3109 A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a l...
S
CVE-2024-3110 Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
E S
CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS
E
CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload
E
CVE-2024-3113 FormFlow < 2.12.2 - Admin+ Stored XSS
E
CVE-2024-3114 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-3115 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
E S
CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
E M
CVE-2024-3117 YouDianCMS ChannelAction.class.php unrestricted upload
E
CVE-2024-3118 Dreamer CMS Attachment permission
E
CVE-2024-3119 Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
S
CVE-2024-3120 Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep
S
CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms
E
CVE-2024-3122 CHANGING Mobile One Time Password - Arbitrary File Reading
S
CVE-2024-3123 CHANGING Mobile One Time Password - Arbitrary File Upload
S
CVE-2024-3124 fridgecow smartalarm Backup File androidmanifest.xml backup
E
CVE-2024-3125 Zebra ZTC GK420d Alert Setup Page settings cross site scripting
E
CVE-2024-3126 Command Injection in parisneo/lollms-webui
CVE-2024-3127 Improper Access Control in GitLab
E S
CVE-2024-3128 Replify-Messenger Backup File androidmanifest.xml backup
E
CVE-2024-3129 SourceCodester Image Accordion Gallery App add-image.php unrestricted upload
E
CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.
S
CVE-2024-3131 SourceCodester Computer Laboratory Management System sql injection
E
CVE-2024-3133 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3134 Master Addons for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3135 Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai
CVE-2024-3136 The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to...
S
CVE-2024-3137 Improper Privilege Management in uvdesk/community-skeleton
CVE-2024-3138 francoisjacquet RosarioSIS Add Portal Note cross site scripting
E
CVE-2024-3139 SourceCodester Computer Laboratory Management System save_users improper authorization
E
CVE-2024-3140 SourceCodester Computer Laboratory Management System cross site scripting
E
CVE-2024-3141 Clavister E10/E80 Misc Settings Page MiscSettings cross site scripting
E S
CVE-2024-3142 Clavister E10/E80 Setting cross-site request forgery
E S
CVE-2024-3143 DedeCMS member_rank.php cross-site request forgery
E
CVE-2024-3144 DedeCMS makehtml_spec.php cross-site request forgery
E
CVE-2024-3145 DedeCMS makehtml_js_action.php cross-site request forgery
E
CVE-2024-3146 DedeCMS makehtml_rss_action.php cross-site request forgery
E
CVE-2024-3147 DedeCMS makehtml_map.php cross-site request forgery
E
CVE-2024-3148 DedeCMS makehtml_archives_action.php sql injection
E
CVE-2024-3149 SSRF in mintplex-labs/anything-llm
E S
CVE-2024-3150 Privilege Escalation in mintplex-labs/anything-llm
E S
CVE-2024-3151 Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery
E
CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
E S
CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm
E S
CVE-2024-3154 Cri-o: arbitrary command injection via pod annotation
CVE-2024-3155 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3156 Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacke...
CVE-2024-3157 Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote...
E
CVE-2024-3158 Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to po...
CVE-2024-3159 Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker...
CVE-2024-3160 Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure
E
CVE-2024-3161 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the coun...
CVE-2024-3162 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial
S
CVE-2024-3163 Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF
E
CVE-2024-3164 In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and a...
CVE-2024-3165 Database Credential Exposure in the Logs
CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm
E S
CVE-2024-3167 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_u...
S
CVE-2024-3168 Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to pote...
E
CVE-2024-3169 Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potential...
E
CVE-2024-3170 Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potent...
E
CVE-2024-3171 Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker wh...
E
CVE-2024-3172 Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote at...
E
CVE-2024-3173 Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote att...
E
CVE-2024-3174 Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacke...
E
CVE-2024-3175 Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote ...
E
CVE-2024-3176 Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker...
E
CVE-2024-3177 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
S
CVE-2024-3178 Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter
CVE-2024-3179 Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page
CVE-2024-3180 Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file
CVE-2024-3181 Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.
CVE-2024-3182 Install-type password disclosure vulnerability in Universal Installer including the Silent Installer...
CVE-2024-3183 Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
M
CVE-2024-3184 Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to ver...
S
CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users
CVE-2024-3186 CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (ver...
S
CVE-2024-3187 This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Go...
S
CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
E
CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-3190 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field
CVE-2024-3191 MailCleaner Email os command injection
E S
CVE-2024-3192 MailCleaner Admin Interface cross site scripting
E S
CVE-2024-3193 MailCleaner Admin Endpoints os command injection
E S
CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting
E S
CVE-2024-3195 MailCleaner Admin Endpoints path traversal
E S
CVE-2024-3196 MailCleaner SOAP Service dumpConfiguration os command injection
E S
CVE-2024-3197 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-3198 WP Font Awesome Share Icons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3199 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection
S
CVE-2024-3201 WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3202 codelyfe Stupid Simple CMS Login Page excessive authentication
E
CVE-2024-3203 c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow
E S
CVE-2024-3204 c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow
E S
CVE-2024-3205 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2024-3206 The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is...
CVE-2024-3207 ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow
E
CVE-2024-3208 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'...
S
CVE-2024-3209 UPX bele.h get_ne64 heap-based overflow
E
CVE-2024-3210 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C...
S
CVE-2024-3211 The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'pro...
CVE-2024-3213 The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of ...
S
CVE-2024-3214 The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions...
S
CVE-2024-3215 The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W...
S
CVE-2024-3216 The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress...
CVE-2024-3217 The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' a...
S
CVE-2024-3218 Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal
E
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
S
CVE-2024-3220 Default mimetype known files writeable on Windows
CVE-2024-3221 SourceCodester PHP Task Management System attendance-info.php sql injection
E
CVE-2024-3222 SourceCodester PHP Task Management System admin-password-change.php sql injection
E
CVE-2024-3223 SourceCodester PHP Task Management System admin-manage-user.php sql injection
E
CVE-2024-3224 SourceCodester PHP Task Management System task-details.php sql injection
E
CVE-2024-3225 SourceCodester PHP Task Management System edit-task.php sql injection
E
CVE-2024-3226 Campcodes Online Patient Record Management System login.php sql injection
E
CVE-2024-3227 Panwei eoffice OA Backend save_image.php path traversal
E
CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
S
CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload
S
CVE-2024-3230 Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3231 Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
E
CVE-2024-3232 Formula Injection Vulnerability
S
CVE-2024-3233 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modifi...
CVE-2024-3234 Path Traversal in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-3235 The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Informat...
CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS
E
CVE-2024-3237 The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a mis...
CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion
CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS
E
CVE-2024-3240 The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, an...
CVE-2024-3241 Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS
E
CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload
S
CVE-2024-3243 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sendin...
S
CVE-2024-3244 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed A...
S
CVE-2024-3245 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed A...
S
CVE-2024-3246 LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
S
CVE-2024-3247 Stack overflow in Xpdf 4.05 due to object loop in PDF object stream
E
CVE-2024-3248 Stack overflow in Xpdf 4.05 due to object loop in attachments
E
CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification
CVE-2024-3250 It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pu...
CVE-2024-3251 SourceCodester Computer Laboratory Management System sql injection
E
CVE-2024-3252 SourceCodester Internship Portal Management System check_admin.php sql injection
E
CVE-2024-3253 SourceCodester Internship Portal Management System add_admin.php sql injection
E
CVE-2024-3254 SourceCodester Internship Portal Management System edit_admin.php sql injection
E
CVE-2024-3255 SourceCodester Internship Portal Management System edit_admin_query.php sql injection
E
CVE-2024-3256 SourceCodester Internship Portal Management System edit_activity.php sql injection
E
CVE-2024-3257 SourceCodester Internship Portal Management System edit_activity_query.php sql injection
E
CVE-2024-3258 SourceCodester Internship Portal Management System add_activity.php sql injection
E
CVE-2024-3259 SourceCodester Internship Portal Management System delete_activity.php sql injection
E
CVE-2024-3260 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3261 Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
E
CVE-2024-3262 Information exposure vulnerability in Request Tracker (RT)
S
CVE-2024-3263 Improper authentication in YMS VIS Pro
CVE-2024-3264 Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication
CVE-2024-3265 WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
E
CVE-2024-3266 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL ...
S
CVE-2024-3267 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-3268 YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation
S
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization
CVE-2024-3270 ThingsBoard AdvancedFeature access control
E
CVE-2024-3271 Command Injection in run-llama/llama_index
CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials
KEV E
CVE-2024-3273 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection
KEV E
CVE-2024-3274 D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure
E
CVE-2024-3275 The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exp...
CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
E
CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
CVE-2024-3279 Improper Access Control in mintplex-labs/anything-llm
CVE-2024-3280 The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi...
CVE-2024-3281 A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CC...
CVE-2024-3282 WP Table Builder <= 1.5.0 - Admin+ Stored XSS
E
CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm
CVE-2024-3285 The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPre...
S
CVE-2024-3286 A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthen...
S
CVE-2024-3287 The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable...
CVE-2024-3288 Logo Slider < 4.0.0 - Contributor+ Stored XSS
E
CVE-2024-3289 When installing Nessus to a directory outside of the default location on a Windows host, Nessus vers...
S
CVE-2024-3290 Race Condition
S
CVE-2024-3291 Privilege Escalation
S
CVE-2024-3292 Race Condition
S
CVE-2024-3293 The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL In...
CVE-2024-3295 The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plug...
CVE-2024-3296 Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack
M
CVE-2024-3297 Session establishment lock-up during replay of CASE Sigma1 messages
CVE-2024-3298 Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the DWG and DXF file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
CVE-2024-3299 Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the SLDDRW and SLDPRT file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
CVE-2024-3301 Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
CVE-2024-3302 There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server cou...
CVE-2024-3303 Improper Neutralization of Input Used for LLM Prompting in GitLab
E S
CVE-2024-3305 Information Disclosure in Utarit Information's SoliClub
CVE-2024-3306 IDOR in Utarit Information's SoliClub
CVE-2024-3307 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-3308 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...
S
CVE-2024-3309 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
CVE-2024-3311 Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal
E S
CVE-2024-3312 The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in...
CVE-2024-3313 SUBNET PowerSYSTEM Server and Substation Server Reliance on Insufficiently Trustworthy Component
S
CVE-2024-3314 SourceCodester Computer Laboratory Management System Users.php sql injection
CVE-2024-3315 SourceCodester Computer Laboratory Management System user.php sql injection
E
CVE-2024-3316 SourceCodester Computer Laboratory Management System view_category.php sql injection
E
CVE-2024-3317 SailPoint Identity Security Cloud Improper Access Control
S
CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability
S
CVE-2024-3319 Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints
S
CVE-2024-3320 SourceCodester eLearning System cross site scripting
E
CVE-2024-3321 SourceCodester eLearning System Maintenance Module cross site scripting
E
CVE-2024-3322 Path Traversal in parisneo/lollms-webui
E S
CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-3325 JasperReports Server Driver upload vulnerability
CVE-2024-3330 Spotfire Remote Code Execution Vulnerability
S
CVE-2024-3331 Spotfire: NTLM token leakage
S
CVE-2024-3332 bt: host/smp: DoS caused by null pointer dereference
E S
CVE-2024-3333 The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-3334 USB Security Feature Bypass in Digital Guardian Windows Agent Prior to version 8.2.0
S
CVE-2024-3337 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p...
S
CVE-2024-3338 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image...
S
CVE-2024-3340 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p...
S
CVE-2024-3341 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross...
CVE-2024-3342 The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection vi...
CVE-2024-3343 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is...
CVE-2024-3344 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is...
CVE-2024-3345 ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode
CVE-2024-3346 Byzoro Smart S80 webmailattach.php os command injection
E
CVE-2024-3347 SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection
E
CVE-2024-3348 SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection
E
CVE-2024-3349 SourceCodester Aplaya Beach Resort Online Reservation System login.php sql injection
E
CVE-2024-3350 SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection
E
CVE-2024-3351 SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection
E
CVE-2024-3352 SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection
E
CVE-2024-3353 SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection
E
CVE-2024-3354 SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection
E
CVE-2024-3355 SourceCodester Aplaya Beach Resort Online Reservation System sql injection
E
CVE-2024-3356 SourceCodester Aplaya Beach Resort Online Reservation System sql injection
E
CVE-2024-3357 SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting
E
CVE-2024-3358 SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting
E
CVE-2024-3359 SourceCodester Online Library System login.php sql injection
E
CVE-2024-3360 SourceCodester Online Library System index.php sql injection
E
CVE-2024-3361 SourceCodester Online Library System deweydecimal.php sql injection
E
CVE-2024-3362 SourceCodester Online Library System controller.php sql injection
E
CVE-2024-3363 SourceCodester Online Library System index.php sql injection
E
CVE-2024-3364 SourceCodester Online Library System index.php cross site scripting
E
CVE-2024-3365 SourceCodester Online Library System controller.php cross site scripting
E
CVE-2024-3366 Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection
E
CVE-2024-3367 Argument injection to runmqsc
CVE-2024-3368 All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
E
CVE-2024-3369 code-projects Car Rental add-vehicle.php unrestricted upload
E
CVE-2024-3370 SQLi in Egebilgi Software's Website Template
CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks
CVE-2024-3372 MongoDB Server may have unexpected application behaviour due to invalid BSON
CVE-2024-3373 SQLi in RSM Design's Website Template
CVE-2024-3374 MongoDB Server (mongod) may crash when generating ftdc
CVE-2024-3375 Broken Access Control in Havelsan's Dialogue
CVE-2024-3376 SourceCodester Computer Laboratory Management System config.php redirect
E
CVE-2024-3377 SourceCodester Computer Laboratory Management System cross site scripting
E
CVE-2024-3378 iboss Secure Web Gateway Login Portal login cross site scripting
E
CVE-2024-3379 Incorrect Authorization in lunary-ai/lunary
E S
CVE-2024-3380 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3381 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets
S
CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
S
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
S
CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
S
CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
S
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
S
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN
S
CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
KEV S
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
KEV E S
CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-3403 Local File Inclusion in imartinez/privategpt
CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-3405 WP Prayer <= 2.0.9 - Settings Update via CSRF
E
CVE-2024-3406 WP Prayer <= 2.0.9 - Email Settings Update via CSRF
E
CVE-2024-3407 WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF
E
CVE-2024-3408 Authentication Bypass and RCE in man-group/dtale
E
CVE-2024-3410 DN Footer Contacts < 1.6.3 - Admin+ Stored XSS
E
CVE-2024-3411 Insufficient Randomness When Validating an IPMI Authenticated Session
CVE-2024-3412 WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload
CVE-2024-3413 SourceCodester Human Resource Information System login_process.php sql injection
E
CVE-2024-3414 SourceCodester Human Resource Information System addcorporate_process.php cross site scripting
E
CVE-2024-3415 SourceCodester Human Resource Information System addbranches_process.php cross site scripting
E
CVE-2024-3416 SourceCodester Online Courseware editt.php sql injection
E
CVE-2024-3417 SourceCodester Online Courseware saveeditt.php sql injection
E
CVE-2024-3418 SourceCodester Online Courseware deactivateteach.php sql injection
E
CVE-2024-3419 SourceCodester Online Courseware edit.php sql injection
E
CVE-2024-3420 SourceCodester Online Courseware saveedit.php sql injection
E
CVE-2024-3421 SourceCodester Online Courseware deactivatestud.php sql injection
E
CVE-2024-3422 SourceCodester Online Courseware activatestud.php sql injection
E
CVE-2024-3423 SourceCodester Online Courseware activateteach.php sql injection
E
CVE-2024-3424 SourceCodester Online Courseware listscore.php sql injection
E
CVE-2024-3425 SourceCodester Online Courseware activateall.php sql injection
E
CVE-2024-3426 SourceCodester Online Courseware editt.php cross site scripting
E
CVE-2024-3427 SourceCodester Online Courseware addq.php cross site scripting
E
CVE-2024-3428 SourceCodester Online Courseware edit.php cross site scripting
E
CVE-2024-3429 Path Traversal in parisneo/lollms
E S
CVE-2024-3430 QKSMS Backup File androidmanifest.xml backup
E
CVE-2024-3431 EyouCMS Backend deserialization
E
CVE-2024-3432 PuneethReddyHC Event Management register.php sql injection
E
CVE-2024-3433 PuneethReddyHC Event Management register.php cross site scripting
E
CVE-2024-3434 CP Plus Wi-Fi Camera User Management improper authorization
E
CVE-2024-3435 Path Traversal in parisneo/lollms-webui
CVE-2024-3436 SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload
E
CVE-2024-3437 SourceCodester Prison Management System Avatar add-admin.php unrestricted upload
E
CVE-2024-3438 SourceCodester Prison Management System login.php sql injection
E
CVE-2024-3439 SourceCodester Prison Management System login.php sql injection
E
CVE-2024-3440 SourceCodester Prison Management System edit_profile.php sql injection
E
CVE-2024-3441 SourceCodester Prison Management System edit-profile.php sql injection
E
CVE-2024-3442 SourceCodester Prison Management System delete_leave.php sql injection
E
CVE-2024-3443 SourceCodester Prison Management System apply_leave.php cross site scripting
E
CVE-2024-3444 Wangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted upload
E
CVE-2024-3445 SourceCodester Laundry Management System laporan_filter sql injection
E
CVE-2024-3446 Qemu: virtio: dma reentrancy issue leads to double free vulnerability
M
CVE-2024-3447 Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic
E
CVE-2024-3449 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3454 In-Fabric Matter Cluster Attribute Disclosure
CVE-2024-3455 Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection
E
CVE-2024-3456 Netentsec NS-ASG Application Security Gateway config_Anticrack.php sql injection
E
CVE-2024-3457 Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection
E
CVE-2024-3458 Netentsec NS-ASG Application Security Gateway add_ikev2.php sql injection
E
CVE-2024-3459 KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF ...
CVE-2024-3460 In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use othe...
CVE-2024-3461 KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects...
CVE-2024-3462 Authorization bypass in Ant Media Server
CVE-2024-3463 SourceCodester Laundry Management System edit cross site scripting
E
CVE-2024-3464 SourceCodester Laundry Management System Pelanggan.php laporan_filter sql injection
E
CVE-2024-3465 SourceCodester Laundry Management System Transaki.php laporan_filter sql injection
E
CVE-2024-3466 SourceCodester Laundry Management System Pengeluaran.php laporan_filter sql injection
E
CVE-2024-3467 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client
S
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
S
CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys
CVE-2024-3471 Button Generator < 3.0 - Button Deletion via CSRF
E
CVE-2024-3472 Modal Window < 5.3.10 - Modal Deletion via CSRF
E
CVE-2024-3473 The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Script...
CVE-2024-3474 Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF
E
CVE-2024-3475 Sticky Buttons < 3.2.4 - Button Deletion via CSRF
E
CVE-2024-3476 Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
E
CVE-2024-3477 Popup Box < 2.2.7 - Popup Deletion via CSRF
E
CVE-2024-3478 Herd Effects < 5.2.7 - Effect Deletion via CSRF
E
CVE-2024-3479 An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.mot...
S
CVE-2024-3480 An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker...
S
CVE-2024-3481 Counter Box < 1.2.4 - Counter Deletion via CSRF
E
CVE-2024-3482 OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
CVE-2024-3483 Remote Code Execution vulnerability in the iManager
CVE-2024-3484 Path Traversal vulnerability found in iManager
CVE-2024-3485 Server-Side Request Forgery vulnerability in iManager
CVE-2024-3486 XML External Entity injection vulnerability in iManager
CVE-2024-3487 Broken Authentication vulnerability in iManager
CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.
CVE-2024-3489 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Script...
S
CVE-2024-3490 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
S
CVE-2024-3491 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Sc...
CVE-2024-3492 Events Manager – Calendar, Bookings, Tickets, and more! <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes
S
CVE-2024-3493 Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value
S
CVE-2024-3494 The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl...
CVE-2024-3495 Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
CVE-2024-3496 Authentication Bypass Vulnerability
S
CVE-2024-3497 Directory Traversal Remote Code Execution Vulnerability
S
CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability
S
CVE-2024-3499 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all v...
S
CVE-2024-3500 The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to...
CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary
S
CVE-2024-3502 Exposure of Sensitive Information in lunary-ai/lunary
S
CVE-2024-3504 Improper Access Control in lunary-ai/lunary
E S
CVE-2024-3505 JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users
CVE-2024-3506 Camera Driver possible Buffer Overflow
S
CVE-2024-3507 Privilege escalation vulnerability in Lunar
S
CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api
CVE-2024-3512 Rejected reason: **DUPLICATE*** Please use CVE-2024-2583 instead....
R
CVE-2024-3513 Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via title tag attribute
CVE-2024-3514 Rejected reason: **DUPLICATE** Please use CVE-2024-1846 instead....
R
CVE-2024-3515 Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potenti...
E
CVE-2024-3516 Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to ...
E
CVE-2024-3517 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross...
CVE-2024-3518 Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode
S
CVE-2024-3519 Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang
S
CVE-2024-3520 The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification ...
CVE-2024-3521 Byzoro Smart S80 Management Platform userattestation.php unrestricted upload
E
CVE-2024-3522 Campcodes Online Event Management System process.php sql injection
E
CVE-2024-3523 Campcodes Online Event Management System index.php sql injection
E
CVE-2024-3524 Campcodes Online Event Management System process.php cross site scripting
E
CVE-2024-3525 Campcodes Online Event Management System index.php cross site scripting
E
CVE-2024-3526 Campcodes Online Event Management System index.php cross site scripting
E
CVE-2024-3528 Campcodes Complete Online Student Management System units_view.php cross site scripting
E
CVE-2024-3529 Campcodes Complete Online Student Management System students_view.php cross site scripting
E
CVE-2024-3530 Campcodes Complete Online Student Management System Marks_view.php cross site scripting
E
CVE-2024-3531 Campcodes Complete Online Student Management System courses_view.php cross site scripting
E
CVE-2024-3532 Campcodes Complete Online Student Management System attendance_view.php cross site scripting
E
CVE-2024-3533 Campcodes Complete Online Student Management System academic_year_view.php cross site scripting
E
CVE-2024-3534 Campcodes Church Management System login.php sql injection
E
CVE-2024-3535 Campcodes Church Management System index.php sql injection
E
CVE-2024-3536 Campcodes Church Management System delete_log.php sql injection
E
CVE-2024-3537 Campcodes Church Management System admin_user.php sql injection
E
CVE-2024-3538 Campcodes Church Management System addTithes.php sql injection
E
CVE-2024-3539 Campcodes Church Management System addgiving.php sql injection
E
CVE-2024-3540 Campcodes Church Management System add_sundaysch.php sql injection
E
CVE-2024-3541 Campcodes Church Management System admin_user.php cross site scripting
E
CVE-2024-3542 Campcodes Church Management System add_visitor.php cross site scripting
E
CVE-2024-3543 LoadMaster Reversible Password Encryption Algorithm
CVE-2024-3544 LoadMaster Hardcoded SSH Key
CVE-2024-3545 Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manage...
CVE-2024-3546 The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data d...
CVE-2024-3547 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting
S
CVE-2024-3548 Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS
E
CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection
CVE-2024-3550 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2024-3551 Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
E
CVE-2024-3553 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori...
S
CVE-2024-3554 The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plug...
CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting
CVE-2024-3556 Rejected reason: Duplicate of CVE-2024-3557...
R
CVE-2024-3557 WP Go Maps (formerly WP Google Maps) <= 9.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]
E
CVE-2024-3559 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]
CVE-2024-3560 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script...
CVE-2024-3561 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field
CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field
CVE-2024-3563 Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes
S
CVE-2024-3564 Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
S
CVE-2024-3565 Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode
S
CVE-2024-3566 Command injection vulnerability in programing languages on Microsoft Windows operating system.
CVE-2024-3567 Qemu-kvm: net: assertion failure in update_sctp_checksum()
E
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers
CVE-2024-3569 Denial of Service (DoS) Vulnerability in mintplex-labs/anything-llm
CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm
CVE-2024-3571 Path Traversal in langchain-ai/langchain
CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy
CVE-2024-3573 Local File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow
E S
CVE-2024-3574 Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy
CVE-2024-3575 Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability
S
CVE-2024-3579 XSS in Online Shopping System Advanced
CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS
E
CVE-2024-3581 The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing cap...
CVE-2024-3582 Ungallery <= 2.2.4 - Stored XSS via CSRF
E
CVE-2024-3583 Simple Like Page Plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3584 Path Traversal in qdrant/qdrant
CVE-2024-3585 The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form su...
CVE-2024-3587 Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios'
S
CVE-2024-3588 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
CVE-2024-3590 LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
E
CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection
E
CVE-2024-3592 Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection
S
CVE-2024-3593 UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset
CVE-2024-3594 IDonate <= 1.9.0 - Admin+ Stored XSS
E
CVE-2024-3595 Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-3596 RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
CVE-2024-3597 Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect
CVE-2024-3598 The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
CVE-2024-3599 The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthoriz...
CVE-2024-3600 The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-3601 The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized acces...
CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization
CVE-2024-3603 OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3604 OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) SQL Injection
CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection
CVE-2024-3606 The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnera...
S
CVE-2024-3607 The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing ca...
S
CVE-2024-3608 Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
CVE-2024-3609 ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization
CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation
CVE-2024-3611 Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3612 SourceCodester Warehouse Management System barang.php cross site scripting
E
CVE-2024-3613 SourceCodester Warehouse Management System supplier.php cross site scripting
E
CVE-2024-3614 SourceCodester Warehouse Management System customer.php cross site scripting
E
CVE-2024-3615 The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t...
S
CVE-2024-3616 SourceCodester Warehouse Management System pengguna.php cross site scripting
E
CVE-2024-3617 SourceCodester Kortex Lite Advocate Office Management System deactivate_case.php sql injection
E
CVE-2024-3618 SourceCodester Kortex Lite Advocate Office Management System activate_case.php sql injection
E
CVE-2024-3619 SourceCodester Kortex Lite Advocate Office Management System addcase_stage.php sql injection
E
CVE-2024-3620 SourceCodester Kortex Lite Advocate Office Management System adds.php sql injection
E
CVE-2024-3621 SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection
E
CVE-2024-3622 Mirror-registry: plain-text default csrf secret key
CVE-2024-3623 Mirror-registry: default database secret key stored in plain-text on initial configuration file
CVE-2024-3624 Mirror-registry: database user and password stored in plain-text
CVE-2024-3625 Mirror-registry: redis password stored in plain-text
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization
CVE-2024-3627 Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints
CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS
E
CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF
E
CVE-2024-3630 HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
E
CVE-2024-3631 HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
E
CVE-2024-3632 Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF
E
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
E
CVE-2024-3634 month name translation benaceur < 2.3.8 - Admin+ Stored XSS
E
CVE-2024-3635 The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation
E
CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS
E
CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
E
CVE-2024-3638 Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider Widgets
CVE-2024-3639 Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
S
CVE-2024-3641 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
E
CVE-2024-3642 Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF
E
CVE-2024-3643 Newsletter Popup <= 1.2 - List Deletion via CSRF
E
CVE-2024-3644 Newsletter Popup <= 1.2 - Admin+ Stored XSS
E
CVE-2024-3645 The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scrip...
CVE-2024-3646 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
CVE-2024-3647 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-3648 ShareThis Share Buttons <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode
CVE-2024-3649 The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnera...
CVE-2024-3650 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
E S
CVE-2024-3652 IKEv1 default AH/ESP responder can cause libreswan to abort and restart
S
CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks
M
CVE-2024-3654 Cross-Site Scripting Vulnerability in Teixo by Teimas Global
S
CVE-2024-3655 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
M
CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos as-req request
M
CVE-2024-3658 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-51478. Reason: ...
R
CVE-2024-3659 Command injection in KAON AR2140 routers
CVE-2024-3660 Arbitrary code injection vulnerability in Keras framework < 2.13
CVE-2024-3661 DHCP routing options can manipulate interface-based VPN traffic
E M
CVE-2024-3662 The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due ...
CVE-2024-3663 WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation
CVE-2024-3664 The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data du...
CVE-2024-3665 The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scriptin...
CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3667 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget Link To URL
S
CVE-2024-3668 PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation
CVE-2024-3669 Web Directory Free < 1.7.2 - Reflected XSS
E
CVE-2024-3670 The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable t...
CVE-2024-3671 Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3672 The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu...
S
CVE-2024-3673 Web Directory Free < 1.7.3 - Unauthenticated LFI
E
CVE-2024-3674 The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripti...
CVE-2024-3675 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr...
CVE-2024-3676 The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Va...
CVE-2024-3677 The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
CVE-2024-3678 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive ...
CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.001 - Unauthenticated Information Exposure
CVE-2024-3680 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag
CVE-2024-3681 The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via ...
CVE-2024-3682 The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Expo...
CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
CVE-2024-3685 DedeCMS stepselect_main.php sql injection
E
CVE-2024-3686 DedeCMS update_guide.php path traversal
E
CVE-2024-3687 bihell Dice Comment cross site scripting
E
CVE-2024-3688 Xiamen Four-Faith RMP Router Management Platform sql injection
E
CVE-2024-3689 Zhejiang Land Zongheng Network Technology O2OA information disclosure
E
CVE-2024-3690 PHPGurukul Small CRM Change Password sql injection
E
CVE-2024-3691 PHPGurukul Small CRM Registration Page sql injection
E
CVE-2024-3692 Gutenverse < 1.9.1 - Contributor+ Stored XSS
E
CVE-2024-3695 SourceCodester Computer Laboratory Management System Users.php cross site scripting
E
CVE-2024-3696 Campcodes House Rental Management System view_payment.php sql injection
E
CVE-2024-3697 Campcodes House Rental Management System manage_tenant.php sql injection
E
CVE-2024-3698 Campcodes House Rental Management System manage_payment.php sql injection
E
CVE-2024-3699 Hardcoded password in drEryk Gabinet
CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software
CVE-2024-3701 Improper Authentication in com.transsion.kolun.aiservice
CVE-2024-3702 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3703 Carousel Slider < 2.2.10 - Editor+ Stored XSS
E
CVE-2024-3704 SQL Injection vulnerability in OpenGnsys
S
CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys
S
CVE-2024-3706 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenGnsys
S
CVE-2024-3707 Exposure of Information Through Directory Listing vulnerability in OpenGnsys
S
CVE-2024-3708 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3710 Image Photo Gallery Final Tiles Grid < 3.6.0 - Contributor+ Stored XSS
E
CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization
CVE-2024-3714 GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-3715 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stor...
CVE-2024-3716 Foreman-installer: candlepin database password being leaked to local users via the process list
CVE-2024-3717 The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensit...
CVE-2024-3718 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box
S
CVE-2024-3719 Campcodes House Rental Management System ajax.php sql injection
E
CVE-2024-3720 Tianwell Fire Intelligent Command Platform API Interface page sql injection
E
CVE-2024-3721 TBK DVR-4104/DVR-4216 os command injection
E
CVE-2024-3722 Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification
CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure
CVE-2024-3724 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-3725 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is...
S
CVE-2024-3726 Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode
CVE-2024-3727 Containers/image: digest type does not guarantee valid type
CVE-2024-3728 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-3729 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption e...
CVE-2024-3730 The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
CVE-2024-3731 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scri...
S
CVE-2024-3732 The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress...
S
CVE-2024-3733 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-3734 The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arb...
CVE-2024-3735 Smart Office Main.aspx weak password
E
CVE-2024-3736 cym1102 nginxWebUI upload unrestricted upload
E
CVE-2024-3737 cym1102 nginxWebUI addOver findCountByQuery path traversal
E
CVE-2024-3738 cym1102 nginxWebUI saveCmd handlePath certificate validation
E
CVE-2024-3739 cym1102 nginxWebUI upload os command injection
E
CVE-2024-3740 cym1102 nginxWebUI reload exec deserialization
E
CVE-2024-3741 Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
M
CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
M
CVE-2024-3743 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs
S
CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass
S
CVE-2024-3746 Measuresoft ScadaPro Improper Access Control
M
CVE-2024-3747 The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className param...
S
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
E
CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
E
CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution
CVE-2024-3751 Seriously Simple Podcasting < 3.3.0 - Admin+ Stored XSS
E
CVE-2024-3752 Crelly Slider <= 1.4.5 - Admin+ Stored XSS
E
CVE-2024-3753 Hostel < 1.1.5.3 - Reflected XSS
E
CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS
E
CVE-2024-3755 MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
E
CVE-2024-3756 MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF
E
CVE-2024-3757 Arkcompiler runtime has an integer overflow vulnerability
CVE-2024-3758 Hmdfs has a heap buffer overflow vulnerability
CVE-2024-3759 Hmdfs has a use after free vulnerability
CVE-2024-3760 Email Bombing Vulnerability in lunary-ai/lunary
S
CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary
E S
CVE-2024-3762 Emlog Pro Whisper Page twitter.php cross site scripting
E
CVE-2024-3763 Emlog Pro Post Tag tag.php cross site scripting
E
CVE-2024-3764 Tuya SDK MQTT Packet denial of service
E
CVE-2024-3765 Xiongmai AHB7804R-MH-V2 Sofia Service access control
E M
CVE-2024-3766 slowlyo OwlAdmin Image File Upload upload_image cross site scripting
E
CVE-2024-3767 PHPGurukul News Portal edit-post.php sql injection
E
CVE-2024-3768 PHPGurukul/itsourcecode News Portal search.php sql injection
E
CVE-2024-3769 PHPGurukul Student Record System login.php sql injection
E
CVE-2024-3770 PHPGurukul Student Record System sql injection
E
CVE-2024-3771 PHPGurukul Student Record System edit-subject.php sql injection
E
CVE-2024-3772 Regular expression denial of service in Pydantic < 2.4.0
CVE-2024-3774 aEnrich Technology a+HRD - Exposure of Sensitive Data
S
CVE-2024-3775 aEnrich Technology a+HRD - Argument Injection
S
CVE-2024-3776 Netvision airPASS - Reflected XSS
S
CVE-2024-3777 Ai3 QbiBot - Broken Access Control
S
CVE-2024-3778 Ai3 QbiBot - Unrestricted File Upload
S
CVE-2024-3779 Denial of Service in ESET products for Windows
CVE-2024-3780 Information exposure vulnerability on Technicolor CGA2121
S
CVE-2024-3781 OS Command Injection vulnerability in WBSAirback
S
CVE-2024-3782 Cross-Site Request Forgery (CSRF) vulnerability in WBSAirback
S
CVE-2024-3783 Path Traversal vulnerability in WBSAirback
S
CVE-2024-3784 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
S
CVE-2024-3785 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
S
CVE-2024-3786 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
S
CVE-2024-3787 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
S
CVE-2024-3788 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
S
CVE-2024-3789 Uncontrolled Resource Consumption vulnerability in WBSAirback
S
CVE-2024-3790 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3792 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3794 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3796 Cross-site Scripting vulnerability in WBSAirback
S
CVE-2024-3797 SourceCodester QR Code Bookmark System sql injection
E
CVE-2024-3798 Insecure handling of GET argument in Phoniebox
CVE-2024-3799 Shell command injection in Phoniebox
CVE-2024-3800 XSS in S@M CMS
CVE-2024-3801 XSS in S@M CMS
CVE-2024-3802 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3803 Vesystem Cloud Desktop fileupload.php unrestricted upload
E
CVE-2024-3804 Vesystem Cloud Desktop fileupload2.php unrestricted upload
E
CVE-2024-3806 Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts
CVE-2024-3807 Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
CVE-2024-3808 Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-3809 Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta
CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-3811 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3812 Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-3814 tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
CVE-2024-3815 Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
CVE-2024-3816 SQLi in S@M CMS
CVE-2024-3817 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
CVE-2024-3818 The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v...
S
CVE-2024-3819 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug...
S
CVE-2024-3820 wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection
CVE-2024-3821 wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification
CVE-2024-3822 Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS
E
CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF
E
CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF
E
CVE-2024-3825 CSRF in BlazeMeter Jenkins plugin
CVE-2024-3826 Broken SAML Validation
CVE-2024-3827 Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs
CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
CVE-2024-3829 Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant
CVE-2024-3831 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget
CVE-2024-3832 Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potenti...
E
CVE-2024-3833 Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker t...
E
CVE-2024-3834 Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to pot...
CVE-2024-3837 Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had com...
CVE-2024-3838 Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker...
CVE-2024-3839 Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obt...
CVE-2024-3840 Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a ...
E
CVE-2024-3841 Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a r...
E
CVE-2024-3843 Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote a...
E
CVE-2024-3844 Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote ...
E
CVE-2024-3845 Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote at...
E
CVE-2024-3846 Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote att...
E
CVE-2024-3847 Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote at...
E
CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow
E S
CVE-2024-3849 The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all ver...
CVE-2024-3850 Uniview NVR301-04S2-P4 Cross-site Scripting
S
CVE-2024-3851 Unrestricted File Upload Leading to XSS in imartinez/privategpt
E
CVE-2024-3852 GetBoundName could return the wrong version of an object when JIT optimizations were applied. This v...
CVE-2024-3853 A use-after-free could result if a JavaScript realm was in the process of being initialized when a g...
CVE-2024-3854 In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of...
CVE-2024-3855 In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads....
CVE-2024-3856 A use-after-free could occur during WASM execution if garbage collection ran during the creation of ...
CVE-2024-3857 The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free ...
CVE-2024-3858 It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vul...
CVE-2024-3859 On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially c...
CVE-2024-3860 An out-of-memory condition during object initialization could result in an empty shape list. If the ...
CVE-2024-3861 If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect r...
CVE-2024-3862 The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory ...
CVE-2024-3863 The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue on...
CVE-2024-3864 Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed ...
E
CVE-2024-3865 Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption a...
CVE-2024-3866 Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer
S
CVE-2024-3867 The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting ...
CVE-2024-3868 The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First...
CVE-2024-3869 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of da...
S
CVE-2024-3870 The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Informatio...
CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW
S
CVE-2024-3872 Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexit...
S
CVE-2024-3873 SMI SMI-EX-5414W Web Interface cross-site request forgery
E
CVE-2024-3874 Tenda W20E SetRemoteWebManage formSetRemoteWebManage stack-based overflow
E
CVE-2024-3875 Tenda F1202 Natlimit fromNatlimit stack-based overflow
E
CVE-2024-3876 Tenda F1202 VirtualSer fromVirtualSer stack-based overflow
E
CVE-2024-3877 Tenda F1202 fromqossetting stack-based overflow
E
CVE-2024-3878 Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
E
CVE-2024-3879 Tenda W30E setcfm formSetCfm stack-based overflow
E
CVE-2024-3880 Tenda W30E WriteFacMac formWriteFacMac os command injection
E
CVE-2024-3881 Tenda W30E frmL7ProtForm frmL7PlotForm stack-based overflow
E
CVE-2024-3882 Tenda W30E fromRouteStatic stack-based overflow
E
CVE-2024-3883 The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark U...
S
CVE-2024-3885 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]
CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget
CVE-2024-3888 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode
CVE-2024-3889 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr...
S
CVE-2024-3890 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-3891 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2024-3892 Local code execution vulnerability in Telerik UI for WinForms
CVE-2024-3893 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerab...
S
CVE-2024-3894 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title
CVE-2024-3895 The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a m...
S
CVE-2024-3896 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Title
S
CVE-2024-3897 The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized acces...
CVE-2024-3899 Envira Gallery < 1.8.15 - Author+ Stored XSS
E
CVE-2024-3900 Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check
CVE-2024-3901 Genesis Blocks <= 3.1.3 - Contributor+ Stored XSS
E
CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF
E
CVE-2024-3904 Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on ME...
CVE-2024-3905 Tenda AC500 execCommand R7WebsSecurityHandler stack-based overflow
E
CVE-2024-3906 Tenda AC500 QuickIndex formQuickIndex stack-based overflow
E
CVE-2024-3907 Tenda AC500 setcfm formSetCfm stack-based overflow
E
CVE-2024-3908 Tenda AC500 WriteFacMac formWriteFacMac command injection
E
CVE-2024-3909 Tenda AC500 execCommand formexeCommand stack-based overflow
E
CVE-2024-3910 Tenda AC500 DhcpListClient fromDhcpListClient stack-based overflow
E
CVE-2024-3911 Welotec: Clickjacking Vulnerability in WebUI
CVE-2024-3912 ASUS Router - Upload arbitrary firmware
S
CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process
CVE-2024-3914 Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentiall...
E
CVE-2024-3915 Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update
CVE-2024-3916 Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVE-2024-3917 Pet Manager <= 1.4 - Reflected XSS
E
CVE-2024-3918 Pet Manager <= 1.4 - Contributor+ Stored XSS
E
CVE-2024-3919 OpenPGP Form Encryption for WordPress < 1.5.1 - Contributor+ Stored XSS
E
CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS
E
CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS
E
CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
CVE-2024-3923 Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3924 Code Injection in huggingface/text-generation-inference
CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events
CVE-2024-3926 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes
S
CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass
S
CVE-2024-3928 Dromara open-capacity-platform auth-server heapdump information disclosure
E
CVE-2024-3929 The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and S...
CVE-2024-3930 XML External Entity in Akana
CVE-2024-3931 Totara LMS Profile check.php cross site scripting
CVE-2024-3932 Totara LMS cross-site request forgery
CVE-2024-3933 Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer
S
CVE-2024-3934 Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download
CVE-2024-3935 Eclipse Mosquito: Double free vulnerability
E S
CVE-2024-3936 The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPre...
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
E
CVE-2024-3938 The "reset password" login page accepted an HTML injection via URL parameters. This has already bee...
CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS
E
CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
E
CVE-2024-3941 reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
E
CVE-2024-3942 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vuln...
CVE-2024-3943 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment
CVE-2024-3944 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments
CVE-2024-3945 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()
CVE-2024-3946 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
CVE-2024-3947 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings
CVE-2024-3948 SourceCodester Home Clean Service System Photo student.add.php unrestricted upload
E
CVE-2024-3951 Cross-site Scripting in PTC Codebeamer
S
CVE-2024-3952 Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget
CVE-2024-3954 Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4
CVE-2024-3956 Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL
CVE-2024-3957 The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in...
S
CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab
E S
CVE-2024-3959 Improper Authorization in GitLab
E S
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
CVE-2024-3962 The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl...
S
CVE-2024-3963 RafflePress Lite < 1.12.14 - Editor+ Stored XSS
E
CVE-2024-3964 Product Enquiry for WooCommerce < 3.1.8 - Admin+ Stored XSS
E
CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF
E
CVE-2024-3966 Pray For Me <= 1.0.4 - Unauthenticated Stored XSS
E
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
CVE-2024-3969 XML External Entity injection vulnerability in iManager
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
E
CVE-2024-3972 Similarity <= 3.0 - Stored XSS via CSRF
E
CVE-2024-3973 House Manager <= 1.0.8.4 - Reflected XSS
E
CVE-2024-3974 BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-3975 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-3976 Missing Authorization in GitLab
E S
CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS
E
CVE-2024-3978 WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode
E
CVE-2024-3979 COVESA vsomeip race condition
E
CVE-2024-3980 The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths...
CVE-2024-3982 An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the se...
CVE-2024-3983 WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF
E
CVE-2024-3984 EmbedSocial – Social Media Feeds, Reviews and Galleries <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3985 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2024-3986 SportsPress < 2.7.22 - Admin+ Stored XSS
E
CVE-2024-3987 WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt
S
CVE-2024-3988 The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elem...
CVE-2024-3989 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify
CVE-2024-3990 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget
S
CVE-2024-3991 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (fo...
CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS
E
CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF
E
CVE-2024-3994 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cr...
S
CVE-2024-3995 Command Injection in Helix ALM
CVE-2024-3996 Post Grid, Post Carousel, & List Category Posts < 2.4.28 - Editor+ Stored XSS
E
CVE-2024-3997 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget
S
CVE-2024-3998 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3999 EazyDocs < 2.5.0 - Admin+ Stored XSS
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.