| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-34000 | moodle: stored XSS in lesson overview report via user ID number | | |
| CVE-2024-34001 | moodle: CSRF risk in admin preset tool management of presets | | |
| CVE-2024-34002 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup | | |
| CVE-2024-34003 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup | | |
| CVE-2024-34004 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup | | |
| CVE-2024-34005 | moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup | | |
| CVE-2024-34006 | moodle: unsanitized HTML in site log for config_log_created | | |
| CVE-2024-34007 | moodle: logout CSRF in admin/tool/mfa/auth.php | | |
| CVE-2024-34008 | moodle: CSRF risk in analytics management of models | | |
| CVE-2024-34009 | moodle: ReCAPTCHA can be bypassed on the login page | | |
| CVE-2024-34010 | Local privilege escalation due to unquoted search path vulnerability. The following products are aff... | | |
| CVE-2024-34011 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2024-34012 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2024-34013 | Local privilege escalation due to OS command injection vulnerability. The following products are aff... | | |
| CVE-2024-34014 | Arbitrary file overwrite during recovery due to improper symbolic link handling. The following produ... | | |
| CVE-2024-34015 | Sensitive information disclosure during file browsing due to improper symbolic link handling. The fo... | | |
| CVE-2024-34016 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-34017 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-34018 | Sensitive information disclosure due to insecure folder permissions. The following products are affe... | | |
| CVE-2024-34019 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-34020 | A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.... | | |
| CVE-2024-34021 | Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers.... | | |
| CVE-2024-34022 | Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an ... | | |
| CVE-2024-34023 | Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to p... | | |
| CVE-2024-34024 | Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. I... | | |
| CVE-2024-34025 | CyberPower PowerPanel business Use of Hard-coded Password | S | |
| CVE-2024-34026 | A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functio... | E | |
| CVE-2024-34027 | f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock | S | |
| CVE-2024-34028 | Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for... | | |
| CVE-2024-34029 | AD/LDAP Group Members Leak | S | |
| CVE-2024-34030 | PCI: of_property: Return error for int_map allocation failure | S | |
| CVE-2024-34031 | SQL Injection vulnerability in Delta Electronics DIAEnergie | S | |
| CVE-2024-34032 | SQL Injection in Delta Electronics DIAEnergie | S | |
| CVE-2024-34033 | Path Traversal vulnerability in Delta Electronics DIAEnergie | S | |
| CVE-2024-34034 | An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service... | | |
| CVE-2024-34035 | An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, ... | | |
| CVE-2024-34036 | An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an atta... | | |
| CVE-2024-34043 | O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message.... | | |
| CVE-2024-34044 | The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because pee... | | |
| CVE-2024-34045 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message... | | |
| CVE-2024-34046 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message... | | |
| CVE-2024-34047 | O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.... | S | |
| CVE-2024-34048 | O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.... | S | |
| CVE-2024-34049 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "r... | E | |
| CVE-2024-34050 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "r... | | |
| CVE-2024-34051 | A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of D... | | |
| CVE-2024-34055 | Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbound... | S | |
| CVE-2024-34057 | Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size chec... | | |
| CVE-2024-34058 | The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if a... | | |
| CVE-2024-34060 | Arbitrary File Write in IRIS EVTX Pipeline | | |
| CVE-2024-34061 | Reflected cross site scripting in changedetection.io | | |
| CVE-2024-34062 | tqdm CLI arguments injection attack | | |
| CVE-2024-34063 | Degraded secret zeroization capabilities in vodozemac | | |
| CVE-2024-34064 | Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter | | |
| CVE-2024-34065 | @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass | E | |
| CVE-2024-34066 | Arbitrary File Write/Read in Pterodactyl wings | S | |
| CVE-2024-34067 | Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel | | |
| CVE-2024-34068 | Server-side Request Forgery during remote file pull in Pterodactyl wings | S | |
| CVE-2024-34069 | Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution | | |
| CVE-2024-34070 | Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise | | |
| CVE-2024-34071 | Open Redirect Bypass Protection | S | |
| CVE-2024-34072 | Deserialization of Untrusted Data in sagemaker-python-sdk | | |
| CVE-2024-34073 | Command Injection in sagemaker-python-sdk | | |
| CVE-2024-34074 | Frappe vuilnerable to an open redirect on login page | | |
| CVE-2024-34075 | kurwov vulnerable to Denial of Service due to improper data sanitization | | |
| CVE-2024-34077 | MantisBT user account takeover in the signup/reset password process | E S | |
| CVE-2024-34078 | html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization | | |
| CVE-2024-34079 | octo-sts allows unauthenticated attackers to cause unbounded CPU and memory usage | | |
| CVE-2024-34080 | MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-34081 | MantisBT Cross-site Scripting vulnerability | S | |
| CVE-2024-34082 | Grav Arbitrary File Read to Account Takeover | E S | |
| CVE-2024-34083 | STARTTLS unencrypted commands injection | | |
| CVE-2024-34084 | Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests | | |
| CVE-2024-34085 | A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V... | | |
| CVE-2024-34086 | A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V... | | |
| CVE-2024-34087 | An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with... | | |
| CVE-2024-34088 | In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF ... | S | |
| CVE-2024-34089 | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting ... | | |
| CVE-2024-34090 | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting ... | | |
| CVE-2024-34091 | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting ... | | |
| CVE-2024-34092 | An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because l... | | |
| CVE-2024-34093 | An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypa... | | |
| CVE-2024-34094 | ZDI-CAN-23474: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-34095 | ZDI-CAN-23475: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-34096 | ZDI-CAN-23472: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-34097 | ZDI-CAN-23473: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-34098 | ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 1 of 2 | | |
| CVE-2024-34099 | ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 2 of 2 | | |
| CVE-2024-34100 | Use-After-Free vulnerability in the latest Adobe Acrobat Reader DC when open malicious PDF file | | |
| CVE-2024-34101 | ZDI-CAN-23614: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-34102 | XXE can expose crypt key and other secrets granting full admin access | KEV E | |
| CVE-2024-34103 | Customer account takeover via web API call & subsequent password reset | | |
| CVE-2024-34104 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2024-34105 | Stored Cross Site Scripting in Order Comment | | |
| CVE-2024-34106 | Insecure Direct Object Reference - An attacker can able to erase the victim quote details | | |
| CVE-2024-34107 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-34108 | Large attack surface through legit webhook usage in Adobe Commerce | | |
| CVE-2024-34109 | Adobe Commerce | Improper Input Validation (CWE-20) | | |
| CVE-2024-34110 | RCE in the Adobe Commerce Webhook module through a legit webhook definition | | |
| CVE-2024-34111 | SSRF in service connector | | |
| CVE-2024-34112 | ColdFusion CFDOCUMENT file retrieval / access control bypass | | |
| CVE-2024-34113 | ColdFusion | Weak Cryptography for Passwords (CWE-261) | S | |
| CVE-2024-34115 | ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2024-34116 | Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation | S | |
| CVE-2024-34117 | Adobe Photoshop 2024 MPO File Parsing Use-After-Free vulnerability | | |
| CVE-2024-34118 | Adobe illustrator 2024 TIF File parsing Division by zero denial of service | | |
| CVE-2024-34119 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-34120 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-34121 | Illustrator | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2024-34122 | T5 Acrobat Vulnerability - Exploitable crash in DecodeTile | S | |
| CVE-2024-34123 | Adobe Premiere Pro arbitrary DLL loading lead to remote code execution | | |
| CVE-2024-34124 | ZDI-CAN-24031: Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-34125 | ZDI-CAN-24027: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-34126 | ZDI-CAN-24028: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-34127 | Adobe Indesign TIF File Parsing Out Of Bound Read | | |
| CVE-2024-34128 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-34129 | Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths | S | |
| CVE-2024-34130 | Acrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configuration | S | |
| CVE-2024-34133 | Adobe Illustrator CC 2023 v27.9 Vulnerability I | | |
| CVE-2024-34134 | Illustrator | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-34135 | Adobe Illustrator CC 2023 v27.9 Vulnerability II | | |
| CVE-2024-34136 | Adobe Illustrator PSD File Parsing Null Pointer dereference | | |
| CVE-2024-34137 | Adobe Illustrator 2024 CGM File Parsing Null Pointer Dereference | | |
| CVE-2024-34138 | Adobe Illustrator CGM File Parsing Division By zero | | |
| CVE-2024-34139 | Adobe Bridge has an integer overflow vulnerability when parsing SVG file | | |
| CVE-2024-34140 | Adobe Bridge PDF File Parsing Memory Corruption | | |
| CVE-2024-34141 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-34142 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-34144 | A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugi... | | |
| CVE-2024-34145 | A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-de... | | |
| CVE-2024-34146 | Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for rea... | | |
| CVE-2024-34147 | Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its globa... | | |
| CVE-2024-34148 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fi... | | |
| CVE-2024-34149 | In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy s... | | |
| CVE-2024-34152 | Playbook Run Metadata leak to Guest | S | |
| CVE-2024-34153 | Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an... | | |
| CVE-2024-34155 | Stack exhaustion in all Parse functions in go/parser | | |
| CVE-2024-34156 | Stack exhaustion in Decoder.Decode in encoding/gob | | |
| CVE-2024-34158 | Stack exhaustion in Parse in go/build/constraint | | |
| CVE-2024-34161 | NGINX HTTP/3 QUIC vulnerability | | |
| CVE-2024-34162 | The web interface of the affected devices is designed to hide the LDAP credentials even for administ... | | |
| CVE-2024-34163 | Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potential... | | |
| CVE-2024-34164 | Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authe... | | |
| CVE-2024-34165 | Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow ... | | |
| CVE-2024-34166 | An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality... | | |
| CVE-2024-34167 | Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update softw... | | |
| CVE-2024-34170 | Improper buffer restrictions in some Intel(R) Graphics Drivers may allow an authenticated user to po... | | |
| CVE-2024-34171 | Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow | S | |
| CVE-2024-34191 | htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post(... | | |
| CVE-2024-34193 | smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in... | | |
| CVE-2024-34195 | TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. I... | E | |
| CVE-2024-34196 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulne... | | |
| CVE-2024-34198 | TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The ... | | |
| CVE-2024-34199 | TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer ... | | |
| CVE-2024-34200 | TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerab... | E | |
| CVE-2024-34201 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34202 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34203 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34204 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vuln... | E | |
| CVE-2024-34205 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in... | E | |
| CVE-2024-34206 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vuln... | E | |
| CVE-2024-34207 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34209 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34210 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vuln... | E | |
| CVE-2024-34211 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability i... | E | |
| CVE-2024-34212 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34213 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34215 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34217 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerabilit... | E | |
| CVE-2024-34218 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vuln... | E | |
| CVE-2024-34219 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg ... | E | |
| CVE-2024-34220 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' p... | E | |
| CVE-2024-34221 | Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting ... | E | |
| CVE-2024-34222 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccoun... | E | |
| CVE-2024-34223 | Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Manageme... | E | |
| CVE-2024-34224 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Manag... | E | |
| CVE-2024-34225 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Managem... | E | |
| CVE-2024-34226 | SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor M... | E | |
| CVE-2024-34230 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow... | E | |
| CVE-2024-34231 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow... | E | |
| CVE-2024-34235 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed A... | E | |
| CVE-2024-34240 | QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code exe... | | |
| CVE-2024-34241 | A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to s... | E | |
| CVE-2024-34243 | Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.... | | |
| CVE-2024-34244 | libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue ca... | E | |
| CVE-2024-34245 | An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbi... | E | |
| CVE-2024-34246 | wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault... | E | |
| CVE-2024-34249 | wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via ... | E | |
| CVE-2024-34250 | A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 w... | | |
| CVE-2024-34251 | An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.... | | |
| CVE-2024-34252 | wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault vi... | E | |
| CVE-2024-34255 | jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.... | | |
| CVE-2024-34256 | OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.... | | |
| CVE-2024-34257 | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that a... | E | |
| CVE-2024-34273 | njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse meth... | | |
| CVE-2024-34274 | OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglob... | | |
| CVE-2024-34308 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password pa... | | |
| CVE-2024-34310 | Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerabil... | | |
| CVE-2024-34312 | Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XS... | E S | |
| CVE-2024-34313 | An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a cra... | | |
| CVE-2024-34314 | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_cont... | | |
| CVE-2024-34315 | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_cont... | E | |
| CVE-2024-34329 | Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-pa... | | |
| CVE-2024-34331 | A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attacker... | | |
| CVE-2024-34332 | An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalat... | | |
| CVE-2024-34334 | ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the fo... | E | |
| CVE-2024-34335 | ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting ... | E | |
| CVE-2024-34336 | User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if... | E | |
| CVE-2024-34338 | Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command ... | | |
| CVE-2024-34340 | Authentication Bypass when using using older password hashes | E | |
| CVE-2024-34341 | The Trix Editor Contains an Arbitrary Code Execution Vulnerability | | |
| CVE-2024-34342 | react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF | | |
| CVE-2024-34343 | Cross-site Scripting (XSS) in navigateTo if used after SSR in nuxt | E | |
| CVE-2024-34344 | Remote code execution via the browser when running the test locally in nuxt | | |
| CVE-2024-34345 | @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability | | |
| CVE-2024-34346 | Deno contains a permission escalation via open of privileged files with missing `--deny` flag | | |
| CVE-2024-34347 | @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE | | |
| CVE-2024-34349 | Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel | | |
| CVE-2024-34350 | Next.js Vulnerable to HTTP Request Smuggling | | |
| CVE-2024-34351 | Next.js Server-Side Request Forgery in Server Actions | | |
| CVE-2024-34352 | Arbitrary file write vulnerability in 1Panel | E | |
| CVE-2024-34353 | matrix-sdk-crypto contains a log exposure of private key of the server-side key backup | | |
| CVE-2024-34354 | CMSaasStarter: JWT Token Not Verified on Server Session | | |
| CVE-2024-34355 | TYPO3 vulnerable to an HTML Injection in the History Module | S | |
| CVE-2024-34356 | TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module | | |
| CVE-2024-34357 | TYPO3 vulnerable to Cross-Site Scripting in ShowImageController | | |
| CVE-2024-34358 | TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController | | |
| CVE-2024-34359 | llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata | | |
| CVE-2024-34360 | Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX | | |
| CVE-2024-34361 | Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) | | |
| CVE-2024-34362 | Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream | E | |
| CVE-2024-34363 | Envoy can crash due to uncaught nlohmann JSON exception | E | |
| CVE-2024-34364 | Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response | E | |
| CVE-2024-34365 | Apache Karaf Cave: Cave SSRF and arbitrary file access | | |
| CVE-2024-34366 | WordPress AltText.ai plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34367 | WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability | S | |
| CVE-2024-34368 | WordPress Mooberry Book Manager plugin <= 4.15.12 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34369 | WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34370 | WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability | S | |
| CVE-2024-34371 | WordPress Login with phone number plugin <= 1.7.18 - Broken Access Control vulnerability | S | |
| CVE-2024-34372 | WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability | S | |
| CVE-2024-34373 | WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34374 | WordPress ElementsReady Addons for Elementor plugin <= 5.8.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34375 | WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34376 | WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34377 | WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability | S | |
| CVE-2024-34378 | WordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerability | S | |
| CVE-2024-34379 | WordPress Restaurant and Cafe theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34380 | WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34381 | WordPress PropertyHive plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34382 | WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34383 | WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34384 | WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability | S | |
| CVE-2024-34385 | WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34386 | WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability | S | |
| CVE-2024-34387 | WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability | | |
| CVE-2024-34388 | WordPress GDPR Compliance plugin <= 1.2.5 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-34389 | WordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerability | | |
| CVE-2024-34390 | WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34391 | libxmljs attrs type confusion RCE | | |
| CVE-2024-34392 | libxmljs namespaces type confusion RCE | | |
| CVE-2024-34393 | libxmljs2 attrs type confusion RCE | | |
| CVE-2024-34394 | libxmljs2 namespaces type confusion RCE | | |
| CVE-2024-34397 | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDB... | | |
| CVE-2024-34398 | An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Inject... | | |
| CVE-2024-34399 | **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthentica... | | |
| CVE-2024-34400 | An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2... | | |
| CVE-2024-34401 | Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter.... | | |
| CVE-2024-34402 | An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer ... | | |
| CVE-2024-34403 | An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an inte... | | |
| CVE-2024-34404 | A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 a... | | |
| CVE-2024-34405 | Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow... | | |
| CVE-2024-34406 | Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow a... | | |
| CVE-2024-34408 | Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/uti... | | |
| CVE-2024-34411 | WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-34412 | WordPress ParcelPanel plugin <= 3.8.1 - Auth. SQL Injection vulnerability | S | |
| CVE-2024-34413 | WordPress SliceWP Affiliates plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34414 | WordPress Raindrops theme <= 1.600 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34415 | WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34416 | WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-34417 | WordPress Viet Nam Affiliate plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34418 | WordPress WPCS ( WordPress Custom Search ) plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34419 | WordPress Configure Login Timeout plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34420 | WordPress Comments Evolved for WordPress plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34421 | WordPress BlogLentor – Blog Designer Pack for Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34422 | WordPress Viet Affiliate Link plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34423 | WordPress Forty Four – 404 Plugin for WordPress plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34424 | WordPress Featured Content Gallery plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34425 | WordPress QuickieBar plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34426 | WordPress Brozzme Scroll Top plugin <= 1.8.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34427 | WordPress WP Favorite Posts plugin <= 1.6.8 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-34428 | WordPress AWSOM News Announcement plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34429 | WordPress Simple Website Banner plugin <= 1.8.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34430 | WordPress TT Custom Post Type Creator plugin <=1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34431 | WordPress WP etracker plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34432 | WordPress Better Elementor Addons plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34433 | WordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerability | S | |
| CVE-2024-34434 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability | S | |
| CVE-2024-34435 | WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability | S | |
| CVE-2024-34436 | WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34437 | WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34439 | WordPress DS Site Message plugin <= 1.14.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-34440 | WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability | S | |
| CVE-2024-34441 | WordPress Easy Affiliate Links plugin <= 3.7.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34442 | WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability | S | |
| CVE-2024-34443 | WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34444 | WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2024-34445 | WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34446 | Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard ... | | |
| CVE-2024-34447 | An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identi... | | |
| CVE-2024-34448 | Ghost before 5.82.0 allows CSV Injection during a member CSV export.... | E | |
| CVE-2024-34449 | Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is... | | |
| CVE-2024-34451 | Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mecha... | | |
| CVE-2024-34452 | CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.... | E | |
| CVE-2024-34453 | TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_da... | | |
| CVE-2024-34454 | Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they ... | | |
| CVE-2024-34455 | Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024... | | |
| CVE-2024-34457 | Apache StreamPark IDOR Vulnerability | | |
| CVE-2024-34458 | Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could res... | | |
| CVE-2024-34459 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting... | | |
| CVE-2024-34460 | The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This componen... | | |
| CVE-2024-34461 | Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wi... | | |
| CVE-2024-34462 | Alinto SOGo through 5.10.0 allows XSS during attachment preview.... | | |
| CVE-2024-34463 | BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted... | | |
| CVE-2024-34466 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34467. Reason: This candidat... | R | |
| CVE-2024-34467 | ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argume... | | |
| CVE-2024-34468 | Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.... | | |
| CVE-2024-34469 | Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=sav... | | |
| CVE-2024-34470 | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Trav... | | |
| CVE-2024-34471 | An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in ... | | |
| CVE-2024-34472 | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL i... | | |
| CVE-2024-34473 | An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unin... | | |
| CVE-2024-34474 | Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to loa... | | |
| CVE-2024-34475 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS mess... | | |
| CVE-2024-34476 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS mess... | | |
| CVE-2024-34477 | configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges ... | | |
| CVE-2024-34478 | btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, ... | | |
| CVE-2024-34479 | SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.... | E | |
| CVE-2024-34480 | SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id ... | E | |
| CVE-2024-34481 | drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a W... | | |
| CVE-2024-34483 | OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service ... | E | |
| CVE-2024-34484 | OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinit... | E | |
| CVE-2024-34486 | OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (in... | E | |
| CVE-2024-34487 | OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infi... | E | |
| CVE-2024-34488 | OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service ... | E | |
| CVE-2024-34489 | OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite... | E | |
| CVE-2024-34490 | In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under ... | | |
| CVE-2024-34500 | An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before ... | | |
| CVE-2024-34502 | An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41... | | |
| CVE-2024-34506 | An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x ... | | |
| CVE-2024-34507 | An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1... | | |
| CVE-2024-34508 | dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.... | | |
| CVE-2024-34509 | dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.... | | |
| CVE-2024-34510 | Gradio before 4.20 allows credential leakage on Windows.... | | |
| CVE-2024-34511 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1561. Reason: This candidate... | R | |
| CVE-2024-34515 | image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to... | | |
| CVE-2024-34517 | The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations ... | | |
| CVE-2024-34519 | Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, ak... | | |
| CVE-2024-34520 | An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, ver... | | |
| CVE-2024-34521 | A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, versi... | | |
| CVE-2024-34523 | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php pa... | | |
| CVE-2024-34524 | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using ... | | |
| CVE-2024-34525 | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.... | | |
| CVE-2024-34527 | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The prin... | | |
| CVE-2024-34528 | WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_pat... | | |
| CVE-2024-34529 | Nebari through 2024.4.1 prints the temporary Keycloak root password.... | | |
| CVE-2024-34532 | A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x b... | | |
| CVE-2024-34533 | A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) ... | | |
| CVE-2024-34534 | A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander... | | |
| CVE-2024-34535 | In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request head... | | |
| CVE-2024-34537 | TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend)... | | |
| CVE-2024-34538 | Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.... | | |
| CVE-2024-34539 | Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfull... | | |
| CVE-2024-34542 | Advantech ADAM-5630 Weak Encoding for Password | S | |
| CVE-2024-34543 | Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenti... | | |
| CVE-2024-34544 | A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC300... | | |
| CVE-2024-34545 | Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authe... | | |
| CVE-2024-34546 | WordPress Sticky Social Link plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34547 | WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34548 | WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34549 | WordPress WP Job Manager plugin <= 2.2.2 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34550 | WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34551 | WordPress Stockholm theme <= 9.6 - Unauthenticated Local File Inclusion vulnerability | S | |
| CVE-2024-34552 | WordPress Stockholm theme <= 9.6 - Local File Inclusion vulnerability | S | |
| CVE-2024-34553 | WordPress Stockholm Core plugin <= 2.4.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34554 | WordPress Stockholm Core plugin <= 2.4.1 - Local File Inclusion vulnerability | S | |
| CVE-2024-34555 | WordPress Z-Downloads plugin <= 1.11.3 - Auth. Arbitrary File Upload vulnerability | S | |
| CVE-2024-34556 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Sensitive Data Exposure via Exported File vulnerability | S | |
| CVE-2024-34557 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34558 | WordPress WOLF plugin <= 1.0.8.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34559 | WordPress Ghost plugin <= 1.4.0 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-34560 | WordPress gee Search Plus plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34561 | WordPress Real3D Flipbook PDF Viewer Lite plugin <= 3.71 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34562 | WordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34563 | WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34564 | WordPress Counter Up plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34565 | WordPress Debug Info plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34566 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34567 | WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34568 | WordPress LetterPress Newsletter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34569 | WordPress Zotpress plugin <= 7.3.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34570 | WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34571 | WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34572 | WordPress Fancy Elementor Flipbox plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34573 | WordPress Pootle Pagebuilder plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34574 | WordPress Table Maker plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34575 | WordPress DethemeKit For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34577 | Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due... | | |
| CVE-2024-34579 | Fuji Electric Alpha5 SMART Stack-Based Buffer Overflow | S | |
| CVE-2024-34580 | Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsi... | | |
| CVE-2024-34581 | The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was original... | | |
| CVE-2024-34582 | Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS wit... | | |
| CVE-2024-34583 | Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to... | | |
| CVE-2024-34584 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. Reason: An additional patch is required.... | R | |
| CVE-2024-34585 | Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attack... | | |
| CVE-2024-34586 | Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local att... | | |
| CVE-2024-34587 | Improper input validation in parsing application information from RTCP packet in librtp.so prior to ... | | |
| CVE-2024-34588 | Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 all... | | |
| CVE-2024-34589 | Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 all... | | |
| CVE-2024-34590 | Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Ju... | | |
| CVE-2024-34591 | Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Ju... | | |
| CVE-2024-34592 | Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 a... | | |
| CVE-2024-34593 | Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024... | | |
| CVE-2024-34594 | Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local a... | | |
| CVE-2024-34595 | Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local... | | |
| CVE-2024-34596 | Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the... | | |
| CVE-2024-34597 | Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to wr... | | |
| CVE-2024-34599 | Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to se... | | |
| CVE-2024-34600 | Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version... | | |
| CVE-2024-34601 | Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version ... | | |
| CVE-2024-34602 | Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release... | | |
| CVE-2024-34603 | Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to... | | |
| CVE-2024-34604 | Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to... | | |
| CVE-2024-34605 | Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attacke... | | |
| CVE-2024-34606 | Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers... | | |
| CVE-2024-34607 | Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attacker... | | |
| CVE-2024-34608 | Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attack... | | |
| CVE-2024-34609 | Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers t... | | |
| CVE-2024-34610 | Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local atta... | | |
| CVE-2024-34611 | Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get... | | |
| CVE-2024-34612 | Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers ... | | |
| CVE-2024-34613 | Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to ac... | | |
| CVE-2024-34614 | Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute a... | | |
| CVE-2024-34615 | Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause mem... | | |
| CVE-2024-34616 | Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 al... | | |
| CVE-2024-34617 | Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows loc... | | |
| CVE-2024-34618 | Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to... | | |
| CVE-2024-34619 | Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to ex... | | |
| CVE-2024-34620 | Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attacker... | | |
| CVE-2024-34621 | Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows l... | | |
| CVE-2024-34622 | Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local ... | | |
| CVE-2024-34623 | Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 al... | | |
| CVE-2024-34624 | Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local a... | | |
| CVE-2024-34625 | Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows l... | | |
| CVE-2024-34626 | Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local a... | | |
| CVE-2024-34627 | Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local ... | | |
| CVE-2024-34628 | Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows l... | | |
| CVE-2024-34629 | Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.... | | |
| CVE-2024-34630 | Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 a... | | |
| CVE-2024-34631 | Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local a... | | |
| CVE-2024-34632 | Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker... | | |
| CVE-2024-34633 | Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local... | | |
| CVE-2024-34634 | Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allo... | | |
| CVE-2024-34635 | Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows loca... | | |
| CVE-2024-34636 | Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows... | | |
| CVE-2024-34637 | Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and S... | | |
| CVE-2024-34638 | Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows lo... | | |
| CVE-2024-34639 | Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows ph... | | |
| CVE-2024-34640 | Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows loc... | | |
| CVE-2024-34641 | Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allo... | | |
| CVE-2024-34642 | Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to t... | | |
| CVE-2024-34643 | Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 a... | | |
| CVE-2024-34644 | Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allow... | | |
| CVE-2024-34645 | Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers t... | | |
| CVE-2024-34646 | Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attacker... | | |
| CVE-2024-34647 | Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local ... | | |
| CVE-2024-34648 | Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allo... | | |
| CVE-2024-34649 | Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 al... | | |
| CVE-2024-34650 | Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers... | | |
| CVE-2024-34651 | Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access ... | | |
| CVE-2024-34652 | Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access... | | |
| CVE-2024-34653 | Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access direc... | | |
| CVE-2024-34654 | Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows ... | | |
| CVE-2024-34655 | Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows... | | |
| CVE-2024-34656 | Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitra... | | |
| CVE-2024-34657 | Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers ... | | |
| CVE-2024-34658 | Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.... | | |
| CVE-2024-34659 | Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers... | | |
| CVE-2024-34660 | Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to... | | |
| CVE-2024-34661 | Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows ... | | |
| CVE-2024-34662 | Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 ... | | |
| CVE-2024-34663 | Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write ... | | |
| CVE-2024-34664 | Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physica... | | |
| CVE-2024-34665 | Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allo... | | |
| CVE-2024-34666 | Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-... | | |
| CVE-2024-34667 | Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allo... | | |
| CVE-2024-34668 | Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allo... | | |
| CVE-2024-34669 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 all... | | |
| CVE-2024-34670 | Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allow... | | |
| CVE-2024-34671 | Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to versi... | | |
| CVE-2024-34672 | Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 i... | | |
| CVE-2024-34673 | Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attac... | | |
| CVE-2024-34674 | Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to acc... | | |
| CVE-2024-34675 | Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to tem... | | |
| CVE-2024-34676 | Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 a... | | |
| CVE-2024-34677 | Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers... | | |
| CVE-2024-34678 | Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to... | | |
| CVE-2024-34679 | Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to acc... | | |
| CVE-2024-34680 | Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allow... | | |
| CVE-2024-34681 | Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers... | | |
| CVE-2024-34682 | Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to acce... | | |
| CVE-2024-34683 | Unrestricted file upload in SAP Document Builder (HTTP service) | S | |
| CVE-2024-34684 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling) | S | |
| CVE-2024-34685 | [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor | | |
| CVE-2024-34686 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | S | |
| CVE-2024-34687 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform | | |
| CVE-2024-34688 | Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository) | S | |
| CVE-2024-34689 | [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services) | | |
| CVE-2024-34690 | Missing Authorization check in SAP Student Life Cycle Management (SLcM) | S | |
| CVE-2024-34691 | Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) | S | |
| CVE-2024-34692 | [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now | | |
| CVE-2024-34693 | Apache Superset: Server arbitrary file read | | |
| CVE-2024-34694 | LNbits improperly handles potential network and payment failures when using Eclair backend | | |
| CVE-2024-34695 | WOWS Karma vulnerable to a post submission bounce/timing attack | | |
| CVE-2024-34696 | GeoServer's Server Status shows sensitive environmental variables and Java properties | | |
| CVE-2024-34697 | Freescout vulnerable to Stored HTML Injection in Editing Received Emails | E S | |
| CVE-2024-34698 | Prototype Pollution in getQueryParam Function (URL Query Parser) | E S | |
| CVE-2024-34699 | GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names. | | |
| CVE-2024-34701 | CreateWiki vulnerable to impersonation of wiki requester | | |
| CVE-2024-34702 | Botan has a Denial of Service Due to Excessive Name Constraints | | |
| CVE-2024-34703 | Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters | | |
| CVE-2024-34704 | era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization | | |
| CVE-2024-34706 | @valtimo/components exposes access token to form.io | | |
| CVE-2024-34707 | Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages | | |
| CVE-2024-34708 | Directus allows redacted data extraction on the API through "alias" | E S | |
| CVE-2024-34709 | Directus Lacks Session Tokens Invalidation | E S | |
| CVE-2024-34710 | Wiki.js Stored XSS through Client Side Template Injection | | |
| CVE-2024-34712 | Oceanic allows unsanitized user input to lead to path traversal in URLs | | |
| CVE-2024-34713 | sshproxy vulnerable to SSH option injection | | |
| CVE-2024-34714 | Hoppscotch Extension responds to calls made by origins not in the domain list | | |
| CVE-2024-34715 | Partial Password Exposure Vulnerability in Fides Webserver Logs | | |
| CVE-2024-34716 | PrestaShop vulnerable to XSS via customer contact form in FO, through file upload | | |
| CVE-2024-34717 | Anonymous PrestaShop customer can download other customers' invoices | | |
| CVE-2024-34719 | In multiple locations, there is a possible permissions bypass due to a missing null check. This coul... | S | |
| CVE-2024-34720 | In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_Zygot... | S | |
| CVE-2024-34721 | In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another... | S | |
| CVE-2024-34722 | In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing ... | S | |
| CVE-2024-34723 | In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to lau... | S | |
| CVE-2024-34724 | In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condit... | | |
| CVE-2024-34725 | In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a... | | |
| CVE-2024-34726 | In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error ... | | |
| CVE-2024-34727 | In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap... | | |
| CVE-2024-34729 | In multiple locations, there is a possible arbitrary code execution due to a logic error in the code... | | |
| CVE-2024-34730 | In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due... | | |
| CVE-2024-34731 | In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to... | S | |
| CVE-2024-34732 | In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race con... | | |
| CVE-2024-34733 | In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an ... | | |
| CVE-2024-34734 | In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable... | S | |
| CVE-2024-34736 | In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-fr... | S | |
| CVE-2024-34737 | In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to ... | S | |
| CVE-2024-34738 | In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read t... | S | |
| CVE-2024-34739 | In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escap... | S | |
| CVE-2024-34740 | In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbit... | S | |
| CVE-2024-34741 | In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for messa... | S | |
| CVE-2024-34742 | In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from bei... | S | |
| CVE-2024-34743 | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a... | S | |
| CVE-2024-34747 | In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error... | | |
| CVE-2024-34748 | In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to i... | | |
| CVE-2024-34749 | Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability i... | | |
| CVE-2024-34750 | Apache Tomcat: HTTP/2 excess header handling DoS | | |
| CVE-2024-34751 | WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability | S | |
| CVE-2024-34752 | WordPress Landing Page Builder <= 1.5.1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34753 | WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability | S | |
| CVE-2024-34754 | WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34755 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34756 | WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34757 | WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34758 | WordPress FundEngine – Donation and Crowdfunding Platform plugin <= 1.6.4 - Broken Access Control vulnerability | S | |
| CVE-2024-34759 | WordPress Picture Gallery plugin <= 1.5.11 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34760 | WordPress Magazine Blocks plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34761 | Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability | S | |
| CVE-2024-34762 | Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability | S | |
| CVE-2024-34763 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability | S | |
| CVE-2024-34764 | WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34765 | WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34766 | WordPress ChaosTheory theme <= 1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34767 | WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34768 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability | S | |
| CVE-2024-34769 | WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34770 | WordPress Popup Maker WP plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34771 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected app... | | |
| CVE-2024-34772 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected app... | | |
| CVE-2024-34773 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected app... | | |
| CVE-2024-34776 | Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially... | | |
| CVE-2024-34777 | dma-mapping: benchmark: fix node id validation | | |
| CVE-2024-34779 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re... | | |
| CVE-2024-34780 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-34781 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-34782 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-34783 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re... | | |
| CVE-2024-34784 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-34785 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re... | | |
| CVE-2024-34786 | UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured... | | |
| CVE-2024-34787 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November ... | | |
| CVE-2024-34788 | An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote ... | | |
| CVE-2024-34789 | WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34790 | WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34791 | WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34792 | WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-34793 | WordPress WP Next Post Navi plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34794 | WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34795 | WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34796 | WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34797 | WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34798 | WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34799 | WordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerability | S | |
| CVE-2024-34800 | WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability | | |
| CVE-2024-34801 | WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34802 | WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability | | |
| CVE-2024-34803 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability | S | |
| CVE-2024-34804 | WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability | S | |
| CVE-2024-34805 | WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-34806 | WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-34807 | WordPress Fast Custom Social Share by CodeBard plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-34808 | WordPress JCH Optimize plugin <= 4.2.0 - Path Traversal vulnerability | S | |
| CVE-2024-34809 | WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34811 | WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-34812 | WordPress ShopBuilder plugin <= 2.1.8 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-34813 | WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability | S | |
| CVE-2024-34814 | WordPress Unyson plugin <= 2.7.29 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34815 | WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability | S | |
| CVE-2024-34816 | WordPress WPCal.io plugin <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34817 | WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34818 | WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-34819 | WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability | S | |
| CVE-2024-34820 | WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability | S | |
| CVE-2024-34821 | WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability | S | |
| CVE-2024-34822 | WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability | S | |
| CVE-2024-34823 | WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34824 | WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability | S | |
| CVE-2024-34825 | WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34826 | WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability | S | |
| CVE-2024-34827 | WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34828 | WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-34831 | cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbit... | | |
| CVE-2024-34832 | Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbit... | E | |
| CVE-2024-34833 | Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images ... | E | |
| CVE-2024-34852 | F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the comm... | | |
| CVE-2024-34854 | F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`... | | |
| CVE-2024-34882 | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows... | | |
| CVE-2024-34883 | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow r... | | |
| CVE-2024-34885 | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows... | | |
| CVE-2024-34887 | Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 all... | | |
| CVE-2024-34891 | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows ... | | |
| CVE-2024-34896 | An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users wh... | | |
| CVE-2024-34897 | Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.... | | |
| CVE-2024-34899 | WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2024-34905 | FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login p... | E | |
| CVE-2024-34906 | An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary cod... | E | |
| CVE-2024-34909 | An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitra... | E | |
| CVE-2024-34913 | An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execu... | E | |
| CVE-2024-34914 | php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its re... | | |
| CVE-2024-34919 | An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E... | | |
| CVE-2024-34921 | TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the discon... | E | |
| CVE-2024-34923 | In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmwar... | | |
| CVE-2024-34927 | A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School ... | E | |
| CVE-2024-34928 | A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based S... | E | |
| CVE-2024-34929 | A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-34930 | A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-34931 | A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Ma... | E | |
| CVE-2024-34932 | A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-34933 | A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Mana... | E | |
| CVE-2024-34934 | A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-... | E | |
| CVE-2024-34935 | A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Base... | E | |
| CVE-2024-34936 | A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management ... | E | |
| CVE-2024-34942 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-34943 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-34944 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | | |
| CVE-2024-34945 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-34946 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-34947 | Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discove... | | |
| CVE-2024-34948 | An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 ... | | |
| CVE-2024-34949 | SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands v... | | |
| CVE-2024-34950 | D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the ... | E | |
| CVE-2024-34952 | taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::Fi... | | |
| CVE-2024-34953 | An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory ... | | |
| CVE-2024-34954 | Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget param... | E | |
| CVE-2024-34955 | Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.... | E | |
| CVE-2024-34957 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/s... | E | |
| CVE-2024-34958 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/b... | E | |
| CVE-2024-34959 | DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.... | E | |
| CVE-2024-34974 | Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the e... | E | |
| CVE-2024-34982 | An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allo... | | |
| CVE-2024-34987 | A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire ... | E | |
| CVE-2024-34988 | SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (a... | | |
| CVE-2024-34989 | In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest c... | | |
| CVE-2024-34990 | In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from F... | | |
| CVE-2024-34991 | In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can do... | | |
| CVE-2024-34992 | SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk... | | |
| CVE-2024-34993 | In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to ver... | | |
| CVE-2024-34994 | In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can... | | |
| CVE-2024-34995 | svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps ... | | |
| CVE-2024-34997 | joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.num... | |