| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-31002 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitr... | E | |
| CVE-2024-31003 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitr... | E | |
| CVE-2024-31004 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4S... | E | |
| CVE-2024-31005 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4M... | E | |
| CVE-2024-31007 | Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of... | | |
| CVE-2024-31008 | An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and ... | E | |
| CVE-2024-31009 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informatio... | E | |
| CVE-2024-31010 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informatio... | E | |
| CVE-2024-31011 | Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary c... | | |
| CVE-2024-31012 | An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate... | E | |
| CVE-2024-31013 | Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute... | | |
| CVE-2024-31022 | An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code... | | |
| CVE-2024-31025 | SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the... | | |
| CVE-2024-31029 | An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP pr... | | |
| CVE-2024-31030 | An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of... | | |
| CVE-2024-31031 | An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequenc... | | |
| CVE-2024-31032 | An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 all... | | |
| CVE-2024-31033 | JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude... | | |
| CVE-2024-31036 | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers t... | | |
| CVE-2024-31040 | Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allo... | | |
| CVE-2024-31041 | Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 a... | | |
| CVE-2024-31047 | An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause ... | | |
| CVE-2024-31061 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote ... | E | |
| CVE-2024-31062 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote ... | E | |
| CVE-2024-31063 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote ... | E | |
| CVE-2024-31064 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote ... | E | |
| CVE-2024-31065 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote ... | E | |
| CVE-2024-31068 | Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privi... | | |
| CVE-2024-31069 | IOSIX IO-1020 Micro ELD Use of Default Credentials | S | |
| CVE-2024-31070 | Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR ser... | | |
| CVE-2024-31071 | Arkcompiler Ets Runtime has a type confusion vulnerability | | |
| CVE-2024-31073 | Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated use... | | |
| CVE-2024-31074 | Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1... | | |
| CVE-2024-31076 | genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline | | |
| CVE-2024-31077 | Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploite... | | |
| CVE-2024-31078 | Bluetooth Service has a use after free vulnerability | | |
| CVE-2024-31079 | NGINX HTTP/3 QUIC vulnerability | | |
| CVE-2024-31080 | Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents | M | |
| CVE-2024-31081 | Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice | M | |
| CVE-2024-31082 | Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap | | |
| CVE-2024-31083 | Xorg-x11-server: use-after-free in procrenderaddglyphs | M | |
| CVE-2024-31084 | WordPress Weekly Class Schedule plugin <= 3.19 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31085 | WordPress Post-Plugin Library plugin <= 2.6.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31086 | WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability | | |
| CVE-2024-31087 | WordPress pageMash plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31089 | WordPress Platinum SEO plugin <= 2.4.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31090 | WordPress Hacklog Down As PDF plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31091 | WordPress Custom Field Bulk Editor plugin <= 1.9.1 - Cross Site Scripting vulnerability | | |
| CVE-2024-31092 | WordPress Comic Easel plugin <= 1.15 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31093 | WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability | | |
| CVE-2024-31094 | WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability | | |
| CVE-2024-31095 | WordPress Thumbs Rating plugin <= 5.1.0 - Insecure Direct Object References (IDOR) vulnerability | | |
| CVE-2024-31096 | WordPress Nictitate theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-31097 | WordPress SEO Title Tag plugin <= 3.5.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31098 | WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability | | |
| CVE-2024-31099 | WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability | S | |
| CVE-2024-31100 | WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-31101 | WordPress AI Twitter Feeds (Twitter widget & shortcode) plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31102 | WordPress Prenotazioni plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31103 | WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31104 | WordPress GetResponse for WordPress plugin <= 5.5.33 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31105 | WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31106 | WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31107 | WordPress OpenID plugin <= 3.6.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31108 | WordPress iFlyChat plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31109 | WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31110 | WordPress Contact Form 7 Newsletter plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31111 | WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31112 | WordPress Convert Post Types plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31113 | WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31114 | WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability | | |
| CVE-2024-31115 | WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-31116 | WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability | | |
| CVE-2024-31117 | WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31120 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31121 | WordPress HeartThis plugin <= 0.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31122 | WordPress User Rights Access Manager plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31123 | WordPress SpiderFAQ plugin <= 1.3.2 - Cross Site Scripting vulnerability | | |
| CVE-2024-31134 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could re... | | |
| CVE-2024-31135 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page... | | |
| CVE-2024-31136 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter... | | |
| CVE-2024-31137 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration... | | |
| CVE-2024-31138 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings... | | |
| CVE-2024-31139 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector... | | |
| CVE-2024-31140 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the ser... | | |
| CVE-2024-31141 | Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider | | |
| CVE-2024-31142 | x86: Incorrect logic for BTC/SRSO mitigations | M | |
| CVE-2024-31143 | double unlock in x86 guest IRQ handling | M | |
| CVE-2024-31144 | Xapi: Metadata injection attack against backup/restore functionality | M | |
| CVE-2024-31145 | error handling in x86 IOMMU identity mapping | M | |
| CVE-2024-31146 | PCI device pass-through with shared resources | M | |
| CVE-2024-31150 | Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to pot... | | |
| CVE-2024-31151 | A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attacker... | | |
| CVE-2024-31152 | The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation wit... | E | |
| CVE-2024-31153 | Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may... | | |
| CVE-2024-31154 | Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged... | | |
| CVE-2024-31155 | Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privilege... | | |
| CVE-2024-31156 | BIG-IP Configuration utility XSS vulnerability | | |
| CVE-2024-31157 | Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a... | | |
| CVE-2024-31158 | Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a ... | | |
| CVE-2024-31159 | ASUS Download Master - Reflected XSS | S | |
| CVE-2024-31160 | ASUS Download Master - Stored XSS | S | |
| CVE-2024-31161 | ASUS Download Master - Arbitrary File Upload | S | |
| CVE-2024-31162 | ASUS Download Master - OS Command Injection | S | |
| CVE-2024-31163 | ASUS Download Master - Buffer Overflow | S | |
| CVE-2024-31164 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31165 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31166 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31167 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31168 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31169 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31170 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31171 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31172 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31173 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31174 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31175 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31176 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31177 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31178 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31179 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31180 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31181 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31182 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31183 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31184 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31185 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31186 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31187 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31188 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31189 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31190 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31191 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31192 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31193 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31194 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31195 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31196 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-31197 | Improper Null Termination in libfluid_msg library | M | |
| CVE-2024-31198 | Out-of-bounds Read in libfluid_msg library | M | |
| CVE-2024-31199 | A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” all... | S | |
| CVE-2024-31200 | A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account ... | S | |
| CVE-2024-31201 | A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misco... | S | |
| CVE-2024-31202 | A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation ... | S | |
| CVE-2024-31203 | A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the Therm... | S | |
| CVE-2024-31204 | mailcow Cross-site Scripting Vulnerability via Exception Handler | | |
| CVE-2024-31205 | Saleor CSRF bypass in refreshToken mutation | | |
| CVE-2024-31206 | Use of Unencrypted HTTP Request in dectalk-tts | | |
| CVE-2024-31207 | Vite's `server.fs.deny` did not deny requests for patterns with directories | | |
| CVE-2024-31208 | Synapse's V2 state resolution weakness allows DoS from remote room members | | |
| CVE-2024-31209 | OpenID Connect client Atom Exhaustion in provider configuration worker ets table location | | |
| CVE-2024-31210 | PHP file upload bypass via Plugin installer | | |
| CVE-2024-31211 | Remote Code Execution in `WP_HTML_Token` | | |
| CVE-2024-31212 | SQL injection in index_chart_data action | E | |
| CVE-2024-31213 | InstantCMS Open Redirect vulnerability | E | |
| CVE-2024-31214 | Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution | E S | |
| CVE-2024-31215 | Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check | | |
| CVE-2024-31216 | source-controller leaks theAzure Storage SAS token into logs on connection errors | | |
| CVE-2024-31217 | @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling | E S | |
| CVE-2024-31218 | Missing Authentication for Critical Function in Webhood backend | | |
| CVE-2024-31219 | Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page | | |
| CVE-2024-31220 | Sunshine vulnerable to remote unauthenticated arbitrary file read | | |
| CVE-2024-31221 | Clients removed during unpairing process may regain access if Sunshine was not restarted | | |
| CVE-2024-31223 | Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL | | |
| CVE-2024-31224 | GPT Academic: Pickle deserializing cookies may pose RCE risk | | |
| CVE-2024-31225 | Lack of size check and buffer overflow in RIOT | | |
| CVE-2024-31226 | Sunshine's unquoted executable path could lead to hijacked execution flow | | |
| CVE-2024-31227 | Denial-of-service due to malformed ACL selectors in Redis | | |
| CVE-2024-31228 | Denial-of-service due to unbounded pattern matching in Redis | | |
| CVE-2024-31229 | WordPress Really Simple SSL plugin <= 7.2.3 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-31230 | WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability | S | |
| CVE-2024-31231 | WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability | S | |
| CVE-2024-31232 | WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability | S | |
| CVE-2024-31233 | WordPress Rehub theme <= 19.6.1 - Auth. SQL Injection vulnerability | S | |
| CVE-2024-31234 | WordPress REHub Framework plugin < 19.6.2 - SQL Injection vulnerability | S | |
| CVE-2024-31235 | WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31236 | WordPress Royal Elementor Addons plugin <= 1.3.93 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31237 | WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability | S | |
| CVE-2024-31238 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31239 | WordPress Nudgify Social Proof, Sales Popup & FOMO plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31240 | WordPress WP Poll Maker plugin <= 3.1 - Auth. Arbitrary File Deletion vulnerability | S | |
| CVE-2024-31241 | WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability | S | |
| CVE-2024-31242 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability | S | |
| CVE-2024-31243 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Setting Deletion vulnerability | S | |
| CVE-2024-31244 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability | S | |
| CVE-2024-31245 | WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability | S | |
| CVE-2024-31246 | WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability | S | |
| CVE-2024-31247 | WordPress FG Drupal to WordPress plugin <= 3.70.3 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-31248 | WordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerability | S | |
| CVE-2024-31249 | WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-31250 | WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31251 | WordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31252 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability | S | |
| CVE-2024-31253 | WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability | S | |
| CVE-2024-31254 | WordPress WordPress Backup & Migration plugin <= 1.4.7 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-31255 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31256 | WordPress WebinarPress plugin <= 1.33.10 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31257 | WordPress Formsite plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31258 | WordPress Form to Chat App plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31259 | WordPress SearchIQ plugin <= 4.5 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-31260 | WordPress Edwiser Bridge plugin <= 3.0.2 - SQL Injection vulnerability | S | |
| CVE-2024-31261 | WordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerability | S | |
| CVE-2024-31262 | WordPress WooCommerce Checkout Field Editor (Checkout Manager) plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31263 | WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31264 | WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31265 | WordPress Sumo plugin <= 1.34 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31266 | WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-31267 | WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability | S | |
| CVE-2024-31268 | WordPress AppPresser plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31269 | WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31270 | WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability | S | |
| CVE-2024-31271 | WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability | S | |
| CVE-2024-31272 | WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31273 | WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability | S | |
| CVE-2024-31274 | WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability | S | |
| CVE-2024-31275 | WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability | S | |
| CVE-2024-31276 | WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability | S | |
| CVE-2024-31277 | WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability | S | |
| CVE-2024-31278 | WordPress Premium Addons for Elementor plugin <= 4.10.22 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-31279 | WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31280 | WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-31281 | WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability | S | |
| CVE-2024-31282 | WordPress App Builder plugin <= 3.8.7 - Open Redirection vulnerability | S | |
| CVE-2024-31283 | WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability | S | |
| CVE-2024-31284 | WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability | S | |
| CVE-2024-31285 | WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31286 | WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-31287 | WordPress Media Library Folders plugin <= 8.1.8 - Directory Traversal vulnerability | S | |
| CVE-2024-31288 | WordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-31289 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31290 | WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability | S | |
| CVE-2024-31291 | WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability | S | |
| CVE-2024-31292 | WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-31293 | WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31294 | WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability | S | |
| CVE-2024-31295 | WordPress Captcha by BestWebSoft plugin <= 5.2.0 - Captcha Bypass vulnerability | S | |
| CVE-2024-31296 | WordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2024-31297 | WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability | S | |
| CVE-2024-31298 | WordPress User Spam Remover plugin <= 1.0 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-31299 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) to XSS vulnerability | S | |
| CVE-2024-31300 | WordPress Easy Social Share Buttons plugin <= 9.4 - Local File Inclusion vulnerability | S | |
| CVE-2024-31301 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31302 | WordPress Contact Form Email plugin <= 1.3.44 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-31303 | WordPress Sign-up Sheets plugin <= 2.2.11.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31304 | WordPress MultiVendorX Marketplace <= 4.1.3 - Broken Access Control vulnerability | S | |
| CVE-2024-31305 | WordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31306 | WordPress Essential Blocks plugin <= 4.5.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31307 | WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability | S | |
| CVE-2024-31308 | WordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerability | S | |
| CVE-2024-31309 | Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack | | |
| CVE-2024-31310 | In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabl... | S | |
| CVE-2024-31311 | In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a mis... | S | |
| CVE-2024-31312 | In multiple locations, there is a possible information leak due to a missing permission check. This ... | S | |
| CVE-2024-31313 | In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an in... | S | |
| CVE-2024-31314 | In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource ex... | S | |
| CVE-2024-31315 | In multiple functions of ManagedServices.java, there is a possible way to hide an app with notificat... | S | |
| CVE-2024-31316 | In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary backgroun... | S | |
| CVE-2024-31317 | In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as an... | S | |
| CVE-2024-31318 | In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without us... | S | |
| CVE-2024-31319 | In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a po... | S | |
| CVE-2024-31320 | In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion devic... | S | |
| CVE-2024-31322 | In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to b... | S | |
| CVE-2024-31323 | In onCreate of multiple files, there is a possible way to trick the user into granting health permis... | S | |
| CVE-2024-31324 | In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by laun... | S | |
| CVE-2024-31325 | In multiple locations, there is a possible way to reveal images across users data due to a logic err... | S | |
| CVE-2024-31326 | In multiple locations, there is a possible way in which policy migration code will never be executed... | S | |
| CVE-2024-31327 | In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race c... | S | |
| CVE-2024-31331 | In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Sett... | S | |
| CVE-2024-31332 | In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connectio... | S | |
| CVE-2024-31333 | In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer o... | | |
| CVE-2024-31334 | In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution d... | | |
| CVE-2024-31335 | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to... | | |
| CVE-2024-31336 | In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution... | | |
| CVE-2024-31337 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper in... | | |
| CVE-2024-31339 | In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after ... | S | |
| CVE-2024-31340 | TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly val... | | |
| CVE-2024-31341 | WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability | S | |
| CVE-2024-31342 | WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability | | |
| CVE-2024-31343 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10.1 - Arbitrary File Download vulnerability | S | |
| CVE-2024-31344 | WordPress Easy Login Styler plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31345 | WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-31346 | WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-31347 | WordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerability | S | |
| CVE-2024-31348 | WordPress Super Testimonials plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31349 | WordPress MailMunch – Grow your Email List plugin <= 3.1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31350 | WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability | S | |
| CVE-2024-31351 | WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability | S | |
| CVE-2024-31352 | WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability | S | |
| CVE-2024-31353 | WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-31354 | WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-31355 | WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Auth. SQL Injection vulnerability | | |
| CVE-2024-31356 | WordPress User Activity Log plugin <= 1.8 - Auth. SQL Injection vulnerability | | |
| CVE-2024-31357 | WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31358 | WordPress 5 Stars Rating Funnel plugin <= 1.2.67 - Arbitrary Content Deletion vulnerability | S | |
| CVE-2024-31359 | WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability | S | |
| CVE-2024-31360 | WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31361 | WordPress bunny.net plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31362 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31363 | WordPress LifterLMS plugin <= 7.5.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31364 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31365 | WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31366 | WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability | | |
| CVE-2024-31367 | WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability | | |
| CVE-2024-31368 | WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability | | |
| CVE-2024-31369 | WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-31370 | WordPress CodeisAwesome AIKit plugin <= 4.14.1 - Auth. SQL Injection vulnerability | | |
| CVE-2024-31371 | WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31372 | WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31373 | WordPress E2Pdf plugin <= 1.20.27 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31374 | WordPress AppPresser – Mobile App Framework plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31375 | WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability | S | |
| CVE-2024-31376 | WordPress Dashboard To-Do List plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31377 | WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability | S | |
| CVE-2024-31378 | WordPress MailChimp Forms by MailMunch plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31379 | WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31380 | WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-31381 | WordPress Spotlight Social Feeds plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31382 | WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31383 | WordPress PopularFX theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31384 | WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31385 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31386 | Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability | S | |
| CVE-2024-31387 | WordPress Popup Likebox plugin <= 3.7.2 - Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31388 | WordPress Tablesome plugin <= 1.0.25 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31389 | WordPress MihanPanel plugin < 12.7 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31390 | WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability | E | |
| CVE-2024-31391 | Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials | | |
| CVE-2024-31392 | If an insecure element was added to a page after a delay, Firefox would not replace the secure icon ... | | |
| CVE-2024-31393 | Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions an... | | |
| CVE-2024-31394 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12... | | |
| CVE-2024-31395 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.1... | | |
| CVE-2024-31396 | Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and ... | | |
| CVE-2024-31397 | Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerabili... | | |
| CVE-2024-31398 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If ... | | |
| CVE-2024-31399 | Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2.... | | |
| CVE-2024-31400 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If ... | | |
| CVE-2024-31401 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated at... | | |
| CVE-2024-31402 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... | | |
| CVE-2024-31403 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated ... | | |
| CVE-2024-31404 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, whic... | | |
| CVE-2024-31406 | Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exp... | | |
| CVE-2024-31407 | Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartu... | | |
| CVE-2024-31408 | OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent au... | | |
| CVE-2024-31409 | CyberPower PowerPanel business Improper Authorization | S | |
| CVE-2024-31410 | CyberPower PowerPanel business Use of Hard-coded Cryptographic Key | S | |
| CVE-2024-31411 | Apache StreamPipes: Potential remote code execution (RCE) via file upload | | |
| CVE-2024-31412 | Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.... | | |
| CVE-2024-31413 | Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The v... | | |
| CVE-2024-31414 | The Eaton Foreseer software provides users the capability to customize the dashboard in WebView page... | | |
| CVE-2024-31415 | The Eaton Foreseer software provides the feasibility for the user to configure external servers for ... | M | |
| CVE-2024-31416 | The Eaton Foreseer software provides multiple customizable input fields for the users to configure p... | | |
| CVE-2024-31419 | Cnv: information disclosure through the usage of vm-dump-metrics | | |
| CVE-2024-31420 | Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes | | |
| CVE-2024-31421 | WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability | S | |
| CVE-2024-31422 | WordPress Favicon by RealFaviconGenerator plugin <= 1.3.29 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31423 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability | S | |
| CVE-2024-31424 | WordPress Login with Phone Number plugin <= 1.6.93 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31425 | WordPress Amelia plugin <= 1.0.95 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31426 | WordPress Inline Related Posts plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31427 | WordPress Marker.io plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31428 | WordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31429 | WordPress Sarada Lite theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31430 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins | S | |
| CVE-2024-31431 | WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31432 | WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability | S | |
| CVE-2024-31433 | WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31434 | WordPress Newsletter plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31441 | Arbitrary File Reading in DataEase | E | |
| CVE-2024-31442 | Redon-Hub has incorrect permissions on all admin related commands | | |
| CVE-2024-31443 | Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database | E S | |
| CVE-2024-31444 | Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database | E | |
| CVE-2024-31445 | SQL Injection vulnerability in automation_get_new_graphs_sql | E S | |
| CVE-2024-31446 | OpenComputers Denial of Service using xpcall | | |
| CVE-2024-31447 | Shopware has Improper Session Handling in store-api | | |
| CVE-2024-31448 | Cross-site Scripting vulnerability in link CSV import in Combodo iTop | | |
| CVE-2024-31449 | Lua library commands may lead to stack overflow and RCE in Redis | | |
| CVE-2024-31450 | Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) | | |
| CVE-2024-31451 | Limited file write in routes.py (GHSL-2023-250) | | |
| CVE-2024-31452 | OpenFGA Authorization Bypass | | |
| CVE-2024-31453 | PsiTransfer vulnerable to violation of the integrity of file distribution | | |
| CVE-2024-31454 | PsiTransfer file integrity violation vulnerability | | |
| CVE-2024-31455 | Minder GetRepositoryByName data leak | | |
| CVE-2024-31456 | GLPI contains an authenticated SQL injection | S | |
| CVE-2024-31457 | gin-vue-admin background arbitrary code coverage vulnerability | | |
| CVE-2024-31458 | Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database | E | |
| CVE-2024-31459 | Cacti RCE vulnerability by file include in lib/plugin.php | E | |
| CVE-2024-31460 | Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database | E | |
| CVE-2024-31461 | Plane Server-Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2024-31462 | Limited file write in Stable-diffusion-webui - GHSL-2024-010 | | |
| CVE-2024-31463 | Ironic-image allows unauthenticated local access to Ironic API | | |
| CVE-2024-31464 | XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted | S | |
| CVE-2024-31465 | XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet | E S | |
| CVE-2024-31466 | Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol | | |
| CVE-2024-31467 | Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol | | |
| CVE-2024-31468 | There are buffer overflow vulnerabilities in the underlying Central Communications service that coul... | | |
| CVE-2024-31469 | There are buffer overflow vulnerabilities in the underlying Central Communications service that coul... | | |
| CVE-2024-31470 | There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equal... | | |
| CVE-2024-31471 | There is a command injection vulnerability in the underlying Central Communications service that cou... | | |
| CVE-2024-31472 | There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead... | | |
| CVE-2024-31473 | There is a command injection vulnerability in the underlying deauthentication service that could lea... | | |
| CVE-2024-31474 | There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Acces... | | |
| CVE-2024-31475 | There is an arbitrary file deletion vulnerability in the Central Communications service accessed by ... | | |
| CVE-2024-31476 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Succes... | | |
| CVE-2024-31477 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Succes... | | |
| CVE-2024-31478 | Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon access... | | |
| CVE-2024-31479 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service ... | | |
| CVE-2024-31480 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PA... | | |
| CVE-2024-31481 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PA... | | |
| CVE-2024-31482 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service acce... | | |
| CVE-2024-31483 | An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed v... | | |
| CVE-2024-31484 | A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41... | | |
| CVE-2024-31485 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30... | | |
| CVE-2024-31486 | A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices... | | |
| CVE-2024-31487 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSa... | S | |
| CVE-2024-31488 | An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC v... | S | |
| CVE-2024-31489 | AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.... | S | |
| CVE-2024-31490 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0... | S | |
| CVE-2024-31491 | A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4... | S | |
| CVE-2024-31492 | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and... | S | |
| CVE-2024-31493 | An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in F... | S | |
| CVE-2024-31495 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | S | |
| CVE-2024-31496 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through... | S | |
| CVE-2024-31497 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover ... | S | |
| CVE-2024-31498 | Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows pr... | | |
| CVE-2024-31502 | An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate priv... | | |
| CVE-2024-31503 | Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attack... | | |
| CVE-2024-31504 | Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remto... | E | |
| CVE-2024-31506 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parame... | E | |
| CVE-2024-31507 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" p... | E | |
| CVE-2024-31510 | An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the ... | | |
| CVE-2024-31525 | Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered u... | E | |
| CVE-2024-31544 | A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allo... | E | |
| CVE-2024-31545 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of ... | E | |
| CVE-2024-31546 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of ... | E | |
| CVE-2024-31547 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of ... | E | |
| CVE-2024-31551 | Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows a... | | |
| CVE-2024-31552 | CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attacker... | | |
| CVE-2024-31556 | An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtai... | | |
| CVE-2024-31570 | libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cp... | | |
| CVE-2024-31574 | Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code ... | E | |
| CVE-2024-31576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31578 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init fu... | | |
| CVE-2024-31580 | PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the componen... | | |
| CVE-2024-31581 | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in... | | |
| CVE-2024-31582 | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block... | | |
| CVE-2024-31583 | Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc... | | |
| CVE-2024-31584 | Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobil... | | |
| CVE-2024-31585 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilt... | | |
| CVE-2024-31586 | A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1... | E | |
| CVE-2024-31587 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to do... | | |
| CVE-2024-31601 | An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323... | | |
| CVE-2024-31609 | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via... | E | |
| CVE-2024-31610 | File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple Sc... | E | |
| CVE-2024-31611 | SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.... | E | |
| CVE-2024-31612 | Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used wi... | E | |
| CVE-2024-31613 | BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_c... | | |
| CVE-2024-31615 | ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.... | E | |
| CVE-2024-31616 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RS... | | |
| CVE-2024-31617 | OpenLiteSpeed before 1.8.1 mishandles chunked encoding.... | | |
| CVE-2024-31621 | An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary c... | E | |
| CVE-2024-31622 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31623 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31624 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31625 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31626 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31627 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31628 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31629 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31630 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31631 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31634 | Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attac... | | |
| CVE-2024-31636 | An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name param... | | |
| CVE-2024-31648 | Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute a... | | |
| CVE-2024-31649 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to e... | E | |
| CVE-2024-31650 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to e... | E | |
| CVE-2024-31651 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to e... | | |
| CVE-2024-31652 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to e... | E | |
| CVE-2024-31666 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted scri... | E | |
| CVE-2024-31668 | rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set functi... | | |
| CVE-2024-31669 | rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_impo... | | |
| CVE-2024-31670 | rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz... | | |
| CVE-2024-31673 | Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter.... | | |
| CVE-2024-31678 | Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" paramet... | E | |
| CVE-2024-31680 | File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting syste... | | |
| CVE-2024-31682 | Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean... | | |
| CVE-2024-31684 | Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security ... | | |
| CVE-2024-31695 | A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.8... | | |
| CVE-2024-31705 | An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary co... | | |
| CVE-2024-31714 | Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial ... | | |
| CVE-2024-31741 | Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code ... | E | |
| CVE-2024-31744 | In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an asser... | | |
| CVE-2024-31745 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2002. Reason: This candidate... | R | |
| CVE-2024-31747 | An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a... | | |
| CVE-2024-31750 | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive ... | | |
| CVE-2024-31755 | cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the seco... | | |
| CVE-2024-31756 | An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 ... | | |
| CVE-2024-31757 | An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows... | | |
| CVE-2024-31759 | An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the chang... | | |
| CVE-2024-31760 | An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via... | | |
| CVE-2024-31771 | Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privilege... | | |
| CVE-2024-31777 | File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary co... | | |
| CVE-2024-31783 | Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to ob... | | |
| CVE-2024-31784 | An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and ... | | |
| CVE-2024-31798 | Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows ... | E | |
| CVE-2024-31799 | Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical a... | E | |
| CVE-2024-31800 | Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical ac... | E | |
| CVE-2024-31801 | Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtai... | | |
| CVE-2024-31802 | DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR cod... | | |
| CVE-2024-31803 | Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code v... | | |
| CVE-2024-31804 | An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker... | | |
| CVE-2024-31805 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authoriza... | E | |
| CVE-2024-31806 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerabil... | | |
| CVE-2024-31807 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner... | E | |
| CVE-2024-31808 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner... | E | |
| CVE-2024-31809 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner... | E | |
| CVE-2024-31810 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /et... | E | |
| CVE-2024-31811 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner... | E | |
| CVE-2024-31812 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without autho... | | |
| CVE-2024-31813 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.... | | |
| CVE-2024-31814 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login functi... | E | |
| CVE-2024-31815 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without auth... | | |
| CVE-2024-31816 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without autho... | | |
| CVE-2024-31817 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without autho... | E | |
| CVE-2024-31818 | Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary co... | | |
| CVE-2024-31819 | An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via... | | |
| CVE-2024-31820 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allow... | | |
| CVE-2024-31821 | SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb85... | | |
| CVE-2024-31822 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allow... | | |
| CVE-2024-31823 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allow... | | |
| CVE-2024-31828 | Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary co... | E | |
| CVE-2024-31835 | Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execu... | E | |
| CVE-2024-31837 | DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat ... | | |
| CVE-2024-31839 | Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escala... | | |
| CVE-2024-31840 | An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in... | E | |
| CVE-2024-31841 | An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allow... | E | |
| CVE-2024-31842 | An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an... | | |
| CVE-2024-31843 | An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the pa... | E | |
| CVE-2024-31844 | An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application er... | E | |
| CVE-2024-31845 | An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neu... | E | |
| CVE-2024-31846 | An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrect... | E | |
| CVE-2024-31847 | An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2024-31848 | A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when runni... | | |
| CVE-2024-31849 | A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running ... | | |
| CVE-2024-31850 | A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running usin... | | |
| CVE-2024-31851 | A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running usi... | | |
| CVE-2024-31852 | LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being sav... | | |
| CVE-2024-31856 | CyberPower PowerPanel business SQL Injection | S | |
| CVE-2024-31857 | Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is e... | | |
| CVE-2024-31858 | Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow... | | |
| CVE-2024-31859 | Member promoted to channel admin via playbooks run linking to channel | S | |
| CVE-2024-31860 | Apache Zeppelin: Path traversal vulnerability | S | |
| CVE-2024-31861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-31862 | Apache Zeppelin: Denial of service with invalid notebook name | S | |
| CVE-2024-31863 | Apache Zeppelin: Replacing other users notebook, bypassing any permissions | | |
| CVE-2024-31864 | Apache Zeppelin: Remote code execution by adding malicious JDBC connection string | S | |
| CVE-2024-31865 | Apache Zeppelin: Cron arbitrary user impersonation with improper privileges | S | |
| CVE-2024-31866 | Apache Zeppelin: Interpreter download command does not escape malicious code injection | S | |
| CVE-2024-31867 | Apache Zeppelin: LDAP search filter query Injection Vulnerability | S | |
| CVE-2024-31868 | Apache Zeppelin: XSS vulnerability in the helium module | S | |
| CVE-2024-31869 | Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used | S | |
| CVE-2024-31870 | IBM i information disclosure | | |
| CVE-2024-31871 | IBM Security Verify Access Appliance improper certificate validation | | |
| CVE-2024-31872 | IBM Security Verify Access Appliance missing certificate validation | | |
| CVE-2024-31873 | IBM Security Verify Access Appliance information disclosure | | |
| CVE-2024-31874 | IBM Security Verify Access Appliance denial of service | | |
| CVE-2024-31878 | IBM i information disclosure | | |
| CVE-2024-31879 | IBM i denial of service | | |
| CVE-2024-31880 | IBM Db2 denial of service | | |
| CVE-2024-31881 | IBM Db2 denial of service | | |
| CVE-2024-31882 | IBM Db2 denial of service | | |
| CVE-2024-31883 | IBM Security Verify Access denial of service | | |
| CVE-2024-31887 | IBM Security Verify Privilege information disclosure | | |
| CVE-2024-31889 | IBM Planning Analytics Local cross-site scripting | | |
| CVE-2024-31890 | IBM i privilege escalation | | |
| CVE-2024-31891 | IBM Storage Scale privilege escalation | | |
| CVE-2024-31892 | IBM Storage Scale SQL injection | | |
| CVE-2024-31893 | IBM App Connect Enterprise information disclosure | S | |
| CVE-2024-31894 | IBM App Connect Enterprise information disclosure | S | |
| CVE-2024-31895 | IBM App Connect Enterprise information disclosure | S | |
| CVE-2024-31896 | IBM SPSS Statistics information disclosure | | |
| CVE-2024-31897 | IBM Cloud Pak for Business Automation server-side request forgery | | |
| CVE-2024-31898 | IBM InfoSphere Information Server data modification | | |
| CVE-2024-31899 | IBM Cognos Command Center information disclosure | | |
| CVE-2024-31902 | IBM InfoSphere Information Server cross-site request forgery | | |
| CVE-2024-31903 | IBM Sterling B2B Integrator Standard Edition code execution | | |
| CVE-2024-31904 | IBM App Connect Enterprise denial of service | S | |
| CVE-2024-31905 | IBM QRadar Network Packet Capture information disclosure | | |
| CVE-2024-31906 | IBM Automation Decision Services information disclosure | | |
| CVE-2024-31907 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability a... | | |
| CVE-2024-31908 | IBM Planning Analytics Local cross-site scripting | | |
| CVE-2024-31912 | IBM MQ privilege escalation | | |
| CVE-2024-31913 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2024-31914 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2024-31916 | IBM OpenBMC information disclosure | | |
| CVE-2024-31919 | IBM MQ denial of service | | |
| CVE-2024-31920 | WordPress Currency per Product for WooCommerce plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31921 | WordPress Ultimate Product Catalog plugin <= 5.2.15 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31922 | WordPress Hosting Benchmark tool plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31923 | WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31924 | WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31925 | WordPress F4 Improvements plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31926 | WordPress Advanced Cron Manager – debug & control plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31927 | WordPress WP Login and Logout Redirect plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31928 | WordPress Top Bar plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31929 | WordPress Intagrate Lite plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31930 | WordPress Save as PDF by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31931 | WordPress Save as Image plugin by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31932 | WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31933 | WordPress Page Builder: Live Composer plugin <= 1.5.35 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31934 | WordPress Link Whisper Free plugin <= 0.6.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31935 | WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31936 | WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31937 | WordPress TWIPLA (Visitor Analytics IO) plugin <= 1.2.0 - Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2024-31938 | WordPress NewsXpress theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31939 | WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31940 | WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.104 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31941 | WordPress CP Media Player plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31942 | WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31943 | WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31944 | WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-31946 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3... | | |
| CVE-2024-31947 | StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authentica... | | |
| CVE-2024-31948 | In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE p... | S | |
| CVE-2024-31949 | In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dy... | S | |
| CVE-2024-31950 | In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri ... | S | |
| CVE-2024-31951 | In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflo... | S | |
| CVE-2024-31952 | An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the ins... | | |
| CVE-2024-31953 | An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with th... | | |
| CVE-2024-31954 | An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because i... | | |
| CVE-2024-31955 | An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through... | | |
| CVE-2024-31956 | An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks ... | | |
| CVE-2024-31957 | A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they l... | | |
| CVE-2024-31958 | An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks... | | |
| CVE-2024-31959 | An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks ... | | |
| CVE-2024-31960 | An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu dri... | | |
| CVE-2024-31961 | A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attack... | | |
| CVE-2024-31963 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SI... | | |
| CVE-2024-31964 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SI... | | |
| CVE-2024-31965 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SI... | | |
| CVE-2024-31966 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SI... | | |
| CVE-2024-31967 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SI... | | |
| CVE-2024-31970 | AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SS... | | |
| CVE-2024-31971 | Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E dev... | | |
| CVE-2024-31972 | EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could... | | |
| CVE-2024-31973 | Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity t... | | |
| CVE-2024-31974 | The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Andr... | | |
| CVE-2024-31975 | EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via... | | |
| CVE-2024-31976 | EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS comma... | | |
| CVE-2024-31977 | Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Com... | | |
| CVE-2024-31978 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow a... | | |
| CVE-2024-31979 | Apache StreamPipes: Possibility of SSRF in pipeline element installation process | | |
| CVE-2024-31980 | A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (... | | |
| CVE-2024-31981 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass | E S | |
| CVE-2024-31982 | XWiki Platform: Remote code execution as guest via DatabaseSearch | E S | |
| CVE-2024-31983 | XWiki Platform: Remote code execution from edit in multilingual wikis via translations | E S | |
| CVE-2024-31984 | XWiki Platform: Remote code execution through space title and Solr space facet | E S | |
| CVE-2024-31985 | XWiki Platform CSRF in the job scheduler | E S | |
| CVE-2024-31986 | XWiki Platform CSRF remote code execution through scheduler job's document reference | E S | |
| CVE-2024-31987 | XWiki Platform remote code execution from account via custom skins support | E S | |
| CVE-2024-31988 | XWiki Platform CSRF remote code execution through the realtime HTML Converter API | E S | |
| CVE-2024-31989 | ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache | E S | |
| CVE-2024-31990 | Argo CD' API server does not enforce project sourceNamespaces | S | |
| CVE-2024-31991 | Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225) | S | |
| CVE-2024-31992 | Mealie contains a DoS vulnerability in recipe importer | S | |
| CVE-2024-31993 | Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227) | S | |
| CVE-2024-31994 | Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228) | E S | |
| CVE-2024-31995 | zcap has incomplete expiration checks in capability chains. | | |
| CVE-2024-31996 | XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution | E S | |
| CVE-2024-31997 | XWiki Platform remote code execution from account through UIExtension parameters | E S | |
| CVE-2024-31998 | CSRF security issue on CSV import in Combodo iTop | | |
| CVE-2024-31999 | @fastify/secure-session: Reuse of destroyed secure session cookie | |