CVE-2024-37xxx

There are 751 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-37000 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37001 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37002 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37003 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37004 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37005 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37006 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
CVE-2024-37007 Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
CVE-2024-37008 Stack-based Overflow Vulnerability in Revit Software
CVE-2024-37014 Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST ...
E
CVE-2024-37015 An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default...
CVE-2024-37016 Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approa...
CVE-2024-37017 asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h...
CVE-2024-37018 The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application...
CVE-2024-37019 Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication....
CVE-2024-37020 Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some In...
CVE-2024-37021 fpga: manager: add owner module and take its refcount
S
CVE-2024-37022 Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
S
CVE-2024-37023 Vonets WiFi Bridges Command Injection
M
CVE-2024-37024 Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3....
CVE-2024-37025 Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition so...
CVE-2024-37026 drm/xe: Only use reserved BCS instances for usm migrate exec queue
CVE-2024-37027 Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may a...
CVE-2024-37028 BIG-IP Next Central Manager vulnerability
CVE-2024-37029 Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
S
CVE-2024-37030 Arkcompiler Ets Runtime has a use after free vulnerability
CVE-2024-37031 The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in cer...
CVE-2024-37032 Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when get...
E
CVE-2024-37034 An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure ...
CVE-2024-37036 CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when...
CVE-2024-37037 CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability...
S
CVE-2024-37038 CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user w...
S
CVE-2024-37039 CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the devic...
S
CVE-2024-37040 CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists...
S
CVE-2024-37041 QTS, QuTS hero
S
CVE-2024-37042 QTS, QuTS hero
S
CVE-2024-37043 QTS, QuTS hero
S
CVE-2024-37044 QTS, QuTS hero
S
CVE-2024-37045 QTS, QuTS hero
S
CVE-2024-37046 QTS, QuTS hero
S
CVE-2024-37047 QTS, QuTS hero
S
CVE-2024-37048 QTS, QuTS hero
S
CVE-2024-37049 QTS, QuTS hero
S
CVE-2024-37050 QTS, QuTS hero
S
CVE-2024-37051 GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and...
CVE-2024-37052 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0...
E
CVE-2024-37053 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0...
E
CVE-2024-37054 Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0...
E
CVE-2024-37055 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24....
E
CVE-2024-37056 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23....
E
CVE-2024-37057 Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0...
E
CVE-2024-37058 Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0...
E
CVE-2024-37059 Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0...
E
CVE-2024-37060 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27....
E
CVE-2024-37061 Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, ...
E
CVE-2024-37062 Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling op...
CVE-2024-37063 A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling ope...
CVE-2024-37064 Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling op...
CVE-2024-37065 Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, en...
CVE-2024-37066 A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which ...
E
CVE-2024-37068 IBM Maximo Application Suite information disclosure
CVE-2024-37070 IBM Concert Software information disclosure
CVE-2024-37071 IBM Db2 denial of service
CVE-2024-37077 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
CVE-2024-37078 nilfs2: fix potential kernel bug due to lack of writeback flag waiting
CVE-2024-37079 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. ...
S
CVE-2024-37080 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. ...
S
CVE-2024-37081 The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfigurat...
CVE-2024-37082 When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configura...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
CVE-2024-37085 VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Activ...
KEV S
CVE-2024-37086 VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrati...
CVE-2024-37087 The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access...
CVE-2024-37089 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability
S
CVE-2024-37090 SQL Injection vulnerability in multiple StylemixThemes premium themes
S
CVE-2024-37091 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability
S
CVE-2024-37092 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability
S
CVE-2024-37093 WordPress MasterStudy LMS WordPress Plugin plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37094 WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability
S
CVE-2024-37095 WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability
S
CVE-2024-37096 WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability
S
CVE-2024-37097 WordPress Shortcodes by United Themes plugin < 5.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-37099 WordPress GiveWP plugin <= 3.14.1 - Unauthenticated PHP Object Injection vulnerability
S
CVE-2024-37100 WordPress Elegant Themes Icons plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37101 WordPress WP Post Author plugin <= 3.6.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37102 WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37103 WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37104 WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37106 WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability
S
CVE-2024-37107 WordPress WishList Member X plugin < 3.26.7 - Authenticated Privilege Escalation vulnerability
S
CVE-2024-37108 WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability
S
CVE-2024-37109 WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability
S
CVE-2024-37110 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability
S
CVE-2024-37111 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability
S
CVE-2024-37112 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability
S
CVE-2024-37113 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability
S
CVE-2024-37114 WordPress My Favorites plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37115 WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
S
CVE-2024-37116 WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37117 WordPress Uncanny Automator Pro plugin <= 5.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37118 WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability
CVE-2024-37119 WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability
S
CVE-2024-37120 WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37121 WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37122 WordPress Accordions plugin <= 2.3.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37123 WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability
S
CVE-2024-37124 Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnera...
CVE-2024-37125 Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontro...
CVE-2024-37126 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln...
CVE-2024-37127 Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulner...
CVE-2024-37129 Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A loca...
CVE-2024-37130 Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escala...
CVE-2024-37131 SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) ...
CVE-2024-37132 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vul...
CVE-2024-37133 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln...
CVE-2024-37134 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln...
CVE-2024-37135 DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privil...
CVE-2024-37136 Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information t...
CVE-2024-37137 Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Im...
CVE-2024-37138 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC conta...
CVE-2024-37139 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Im...
CVE-2024-37140 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS...
CVE-2024-37141 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an op...
CVE-2024-37142 Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulner...
CVE-2024-37143 Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versio...
M
CVE-2024-37144 Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versio...
CVE-2024-37145 GHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/id
E
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id
E
CVE-2024-37147 GLPI allows Authenticated File Upload to Restricted Tickets
CVE-2024-37148 GLPI allows account takeover via SQL Injection in AJAX scripts
CVE-2024-37149 GLPI allows remote code execution through the plugin loader
CVE-2024-37150 Private npm registry support used scope auth token for downloading tarballs
S
CVE-2024-37151 Suricata defrag: IP ID reuse can lead to policy bypass
S
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD
S
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction
E S
CVE-2024-37154 Evmos allows unvested token delegations
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction
S
CVE-2024-37156 TokenController formName not sanitized in hidden input
S
CVE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage
S
CVE-2024-37158 Evmos is missing precompile checks
S
CVE-2024-37159 Evmos is missing create validator check
S
CVE-2024-37160 Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata
E S
CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability
CVE-2024-37162 zsa Generates Error Messages Containing Sensitive Information
S
CVE-2024-37163 SkyScrape Secure API Requests
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
S
CVE-2024-37165 Discourse has an XSS via Onebox system
S
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
CVE-2024-37167 Tuleap has improper permissions of the backlog items
CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
CVE-2024-37171 [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)
CVE-2024-37172 [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
CVE-2024-37173 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
CVE-2024-37174 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
CVE-2024-37175 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP
S
CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
CVE-2024-37178 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
CVE-2024-37179 Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
CVE-2024-37180 [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-37181 Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version ...
CVE-2024-37182 Lack of permissions prompting when opening external URLs
S
CVE-2024-37183 Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information
M
CVE-2024-37184 A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC300...
CVE-2024-37185 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
CVE-2024-37186 An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink ...
CVE-2024-37187 Advantech ADAM-5550 Weak Encoding for Password
S
CVE-2024-37198 WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37199 WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37201 WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability
S
CVE-2024-37202 WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.16 - Broken Access Control to XSS vulnerability
CVE-2024-37203 WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability
S
CVE-2024-37204 WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability
S
CVE-2024-37205 WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability
S
CVE-2024-37206 WordPress Demo Awesome plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37207 WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability
S
CVE-2024-37208 WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-37209 WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability
S
CVE-2024-37211 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37212 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability
CVE-2024-37213 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.9 - CSRF to XSS vulnerability
CVE-2024-37214 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerability
S
CVE-2024-37215 WordPress Transition Slider – Responsive Image Slider and Gallery plugin <= 2.20.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37216 WordPress Sketchfab Embed plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37217 WordPress Empty Cart Button for WooCommerce plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37218 WordPress Page Builder Sandwich <= 5.1.0 - Broken Access Control vulnerability
S
CVE-2024-37219 WordPress Page Builder Sandwich plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37220 WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability
S
CVE-2024-37221 WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37222 WordPress Master Slider plugin <= 3.10.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37223 WordPress Restaurant Reservations plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37224 WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability
CVE-2024-37225 WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability
CVE-2024-37226 WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Broken Access Control vulnerability
S
CVE-2024-37227 WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
S
CVE-2024-37229 WordPress Blogmentor – Blog Layouts for Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37230 WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability
S
CVE-2024-37232 WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability
S
CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability
CVE-2024-37234 WordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability
CVE-2024-37235 WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37236 WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37237 WordPress FS Poster plugin <= 6.5.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37238 WordPress WPAdverts – Classifieds plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37239 WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37240 WordPress Falang multilanguage for WordPress plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37241 WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37242 WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37243 WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37244 WordPress Ninja Beaver Add-ons for Beaver Builder plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37245 WordPress All In One Redirection plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37246 WordPress Gallery Slideshow plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37247 WordPress jQuery T(-) Countdown Widget plugin <= 2.3.25 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37248 WordPress Anima theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37249 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability
S
CVE-2024-37250 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability
S
CVE-2024-37251 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37252 WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability
S
CVE-2024-37253 WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability
S
CVE-2024-37254 WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability
S
CVE-2024-37255 WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability
S
CVE-2024-37256 WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability
S
CVE-2024-37257 WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37258 WordPress Social Rocket plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37259 WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37260 WordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-37261 WordPress WP-Lister Lite for Amazon plugin <= 2.6.16 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37262 WordPress Online Booking & Scheduling Calendar plugin <= 4.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37263 WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37264 WordPress Groundhogg plugin <= 3.4.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37265 WordPress IdeaPush plugin <= 8.60 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37266 WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability
S
CVE-2024-37267 WordPress Striking theme <= 2.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37268 WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability
S
CVE-2024-37269 WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability
S
CVE-2024-37270 WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability
S
CVE-2024-37271 WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37272 WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37273 An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows...
E
CVE-2024-37274 WordPress WP Mobile Menu plugin <= 2.8.4.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37275 WordPress NextScripts plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-37276 WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability
S
CVE-2024-37277 WordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-37278 WordPress Cards for Beaver Builder plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37279 Kibana Broken Access Control issue
CVE-2024-37280 Elasticsearch StackOverflow vulnerability
CVE-2024-37281 Kibana Denial of Service issue
CVE-2024-37282 It was identified that under certain specific preconditions, an API key that was originally created ...
CVE-2024-37283 Elastic Agent Insertion of Sensitive Information into Log File
CVE-2024-37284 Elastic Defend Improper Handling of Alternate Encoding Leads to Crash
CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization
CVE-2024-37286 APM Server Insertion of Sensitive Information into Log File
CVE-2024-37287 Kibana arbitrary code execution via prototype pollution
CVE-2024-37288 A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse...
M
CVE-2024-37289 An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to esc...
CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation
CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups
CVE-2024-37295 Aimeos Core remote code execution in web server context
CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check
CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
S
CVE-2024-37298 Potential memory exhaustion attack due to sparse slice deserialization
CVE-2024-37299 Discourse vulnerable to DoS via Tag Group
S
CVE-2024-37300 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
CVE-2024-37302 Synapse denial of service through media disk space consumption
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content
CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting
CVE-2024-37305 Buffer overflow in deserialization in oqs-provider
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
S
CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool
S
CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
E S
CVE-2024-37309 Client initialized Session-Renegotiation DoS
CVE-2024-37310 EVerest has an integer overflow in the "v2g_incoming_v2gtp" function
CVE-2024-37311 Collabora Online's remote host TLS certificates are not fully verified
CVE-2024-37312 Nextcloud user_oidc app's ID4me feature is available even when disabled
CVE-2024-37313 Nextcloud server allows the by-pass the second factor
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
S
CVE-2024-37315 Nextcloud Server's read-only users can restore old versions
S
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites
S
CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in
S
CVE-2024-37318 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37319 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37320 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37321 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37322 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37323 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
CVE-2024-37326 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37327 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37328 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37329 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37330 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37334 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
S
CVE-2024-37335 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
S
CVE-2024-37336 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-37337 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
S
CVE-2024-37338 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
S
CVE-2024-37339 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
S
CVE-2024-37340 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
S
CVE-2024-37341 Microsoft SQL Server Elevation of Privilege Vulnerability
S
CVE-2024-37342 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
S
CVE-2024-37343 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37344 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37345 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37346 Insufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06
S
CVE-2024-37347 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37348 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37349 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37350 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37351 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
S
CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
CVE-2024-37353 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-37354 btrfs: fix crash on racing fsync and size-extending write into prealloc
CVE-2024-37355 Improper access control in some Intel(R) Graphics software may allow an authenticated user to potent...
CVE-2024-37356 tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
CVE-2024-37357 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M3...
CVE-2024-37358 Apache James: denial of service through the use of IMAP literals
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
CVE-2024-37360 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
CVE-2024-37363 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
CVE-2024-37364 Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physic...
CVE-2024-37365 FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
S
CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
S
CVE-2024-37368 Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction
S
CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions
S
CVE-2024-37370 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field o...
S
CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS me...
S
CVE-2024-37372 The Permission Model assumes that any path starting with two backslashes \ has a four-character pref...
CVE-2024-37373 Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authent...
CVE-2024-37374 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2024-13842....
R
CVE-2024-37375 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2024-13843....
R
CVE-2024-37376 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S...
CVE-2024-37377 A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remo...
CVE-2024-37380 A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs...
CVE-2024-37381 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenti...
CVE-2024-37382 An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway befor...
CVE-2024-37383 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes....
KEV S
CVE-2024-37384 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferen...
S
CVE-2024-37385 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_con...
S
CVE-2024-37386 An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4....
CVE-2024-37387 Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnera...
CVE-2024-37388 An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4....
CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description
CVE-2024-37391 ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' +...
S
CVE-2024-37392 A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version <...
CVE-2024-37393 Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper vali...
E
CVE-2024-37397 An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022...
CVE-2024-37398 Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated at...
CVE-2024-37399 A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthent...
CVE-2024-37400 An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticat...
CVE-2024-37401 An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unau...
CVE-2024-37403 Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The app...
CVE-2024-37404 Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9,...
CVE-2024-37405 Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (p...
CVE-2024-37406 In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right in...
CVE-2024-37407 Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file a...
E S
CVE-2024-37408 fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be au...
CVE-2024-37409 WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37410 WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability
S
CVE-2024-37411 WordPress Progress Planner plugin <= 0.9.1 - Broken Access Control vulnerability
S
CVE-2024-37412 WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37413 WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37414 WordPress Depicter Slider plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37415 WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability
S
CVE-2024-37416 WordPress WP Photo Album Plus plugin <= 8.8.00.002 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37417 WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37418 WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability
S
CVE-2024-37419 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Local File Inclusion vulnerability
S
CVE-2024-37420 WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
S
CVE-2024-37421 WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37422 WordPress Progress Planner plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37423 WordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerability
S
CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability
S
CVE-2024-37425 WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability
S
CVE-2024-37426 WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37427 WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability
S
CVE-2024-37428 WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37429 WordPress Login with phone number plugin <= 1.7.35 - Admin+ Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37430 WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
S
CVE-2024-37431 WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37432 WordPress Esteem theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37433 WordPress Mailster plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37434 WordPress Atarim plugin <= 3.31 - Authenticated Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37435 WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37436 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37437 WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability
S
CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability
S
CVE-2024-37440 WordPress Church Admin plugin <= 4.4.4 - Broken Access Control vulnerability
S
CVE-2024-37441 WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37442 WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability
S
CVE-2024-37443 WordPress WP Job Manager plugin <= 2.1.0 - Broken Access Control vulnerability
S
CVE-2024-37444 WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability
S
CVE-2024-37445 WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37446 WordPress Chained Quiz plugin <= 1.3.2.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37447 WordPress PixelYourSite plugin <= 9.6.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37448 WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37449 WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37450 WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37451 WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37452 WordPress Schema Lite theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37453 WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability
S
CVE-2024-37454 WordPress AWSM Team – Team Showcase Plugin plugin <= 1.3.1 - Local File Inclusion vulnerability
S
CVE-2024-37455 WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability
S
CVE-2024-37456 WordPress Simple Newsletter Plugin – Noptin plugin <= 3.4.2 - Broken Access Control vulnerability
S
CVE-2024-37457 WordPress Ultimate Blocks – WordPress Blocks Plugin plugin <= 3.1.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37458 WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37459 WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37460 WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37461 WordPress IdeaPush plugin <= 8.65 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37462 WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.2 - Local File Inclusion vulnerability
S
CVE-2024-37463 WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability
S
CVE-2024-37464 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability
S
CVE-2024-37465 WordPress AI Power: Complete AI Pack – Powered by GPT-4 plugin <= 1.8.66 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37466 WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37467 WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37468 WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability
S
CVE-2024-37469 WordPress Blocksy theme <= 1.9.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability
S
CVE-2024-37471 WordPress Woffice Core plugin <= 5.4.8 - Site Wide Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37473 WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37475 WordPress Newspack Newsletters plugin <= 2.13.2 - Broken Access Control vulnerability
S
CVE-2024-37476 WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37477 WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability
S
CVE-2024-37478 WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37479 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
S
CVE-2024-37480 WordPress Apollo13 Framework Extensions plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37481 WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability
S
CVE-2024-37482 WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability
S
CVE-2024-37483 WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability
S
CVE-2024-37484 WordPress Zephyr Project Manager plugin <= 3.3.97 - Privilege Escalation vulnerability
S
CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37486 WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability
S
CVE-2024-37487 WordPress WP Directory Kit plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37488 WordPress HelloAsso plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37489 WordPress Ocean Extra plugin <= 2.2.9 - Authenticated Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37490 WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37491 WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37492 WordPress Gutenberg plugin <= 18.6.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37493 WordPress Posterity theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37494 WordPress Youzify plugin <= 1.2.5 - SQL Injection vulnerability
S
CVE-2024-37495 WordPress Create by Mediavine plugin <= 1.9.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37497 WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability
S
CVE-2024-37498 WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability
S
CVE-2024-37499 WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerability
S
CVE-2024-37500 WordPress Beaver Builder plugin <= 2.8.2.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37501 WordPress Advanced Classifieds & Directory Pro plugin <= 3.1.3 - Local File Inclusion vulnerability
S
CVE-2024-37502 WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability
S
CVE-2024-37503 WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37504 WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability
S
CVE-2024-37505 WordPress Business One Page theme <= 1.2.9 - Broken Access Control on Notice Dismissal vulnerability
S
CVE-2024-37506 WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
S
CVE-2024-37507 WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37508 WordPress Construction Landing Page theme <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37509 WordPress MakeCommerce for WooCommerce plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37510 WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
S
CVE-2024-37511 WordPress Swift Performance Lite plugin <= 2.3.6.20 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37512 WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37513 WordPress WPCafe plugin <= 2.2.27 - Local File Inclusion vulnerability
S
CVE-2024-37514 WordPress CopySafe Web Protection plugin <= 3.14 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37515 WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37516 WordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerability
S
CVE-2024-37517 WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability
S
CVE-2024-37518 WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37519 WordPress Premium Blocks – Gutenberg Blocks for WordPress plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37520 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability
S
CVE-2024-37521 WordPress zBench theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37522 WordPress CC & BCC for Woocommerce Order Emails plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37523 WordPress Login Logo Editor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37526 IBM Watson Query on Cloud Pak for Data information disclosure
CVE-2024-37527 IBM OpenPages with Watson cross-site scripting
CVE-2024-37528 IBM Cloud Pak for Business Automation cross-site scripting
CVE-2024-37529 IBM Db2 denial of service
CVE-2024-37532 IBM WebSphere Application Server identity spoofing
CVE-2024-37533 IBM InfoSphere Information Server information disclosure
CVE-2024-37535 GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a w...
CVE-2024-37536 WordPress Easy Custom Code (LESS/CSS/JS) Plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37537 WordPress WS Contact Form plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37538 WordPress Link To Bible plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37539 WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37540 WordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37541 WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.4.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37542 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability
CVE-2024-37543 WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37544 WordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerability
CVE-2024-37545 WordPress Floating Social Media Links plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37546 WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37547 WordPress Elementor Addons by Livemesh plugin <= 8.4.0 - Local File Inclusion vulnerability
S
CVE-2024-37548 WordPress Meks Easy Ads Widget plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37549 WordPress Save as PDF plugin by Pdfcrowd plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37550 WordPress Template Kit – Export plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37551 WordPress Simple Social Share plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37552 WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.9.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37553 WordPress Testimonials Widget plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37554 WordPress UltraAddons plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37555 WordPress Generate PDF using Contact Form 7 plugin <= 4.0.6 - Arbitrary File Upload vulnerability
CVE-2024-37556 WordPress WordPress Notification Bar plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37557 WordPress WP Cookie Law Info plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37558 WordPress WPFavicon plugin <= 2.1.1 - Cross-Site Scripting (XSS) vulnerability
CVE-2024-37559 WordPress counterpoint theme <= 1.8.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-37560 WordPress WP User Switch plugin <= 1.1.0 - Privilege Escalation vulnerability
CVE-2024-37561 WordPress Plugin Notes Plus plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37562 WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37563 WordPress TOCHAT.BE plugin <= 1.3.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-37564 WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability
S
CVE-2024-37565 WordPress Gum Elementor Addon plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37566 Infoblox NIOS through 8.6.4 has Improper Authentication for Grids....
CVE-2024-37567 Infoblox NIOS through 8.6.4 has Improper Access Control for Grids....
CVE-2024-37568 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorith...
E
CVE-2024-37569 An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A comman...
E
CVE-2024-37570 On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform san...
E
CVE-2024-37571 Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of servi...
CVE-2024-37573 The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application ...
CVE-2024-37574 The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with...
CVE-2024-37575 The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed appli...
CVE-2024-37600 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible ...
CVE-2024-37601 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer o...
CVE-2024-37602 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible ...
CVE-2024-37603 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusio...
CVE-2024-37605 A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause ...
CVE-2024-37606 A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a ...
CVE-2024-37607 A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cau...
CVE-2024-37619 StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t...
E
CVE-2024-37620 PHPVOD v4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the i...
CVE-2024-37621 StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via ...
CVE-2024-37622 Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability v...
E
CVE-2024-37623 Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability v...
E
CVE-2024-37624 Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability v...
E
CVE-2024-37625 zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability...
E
CVE-2024-37626 A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker...
E
CVE-2024-37629 SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function....
E
CVE-2024-37630 D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd...
CVE-2024-37631 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parame...
E
CVE-2024-37632 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password pa...
E
CVE-2024-37633 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the fun...
E
CVE-2024-37634 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the fun...
E
CVE-2024-37635 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the fun...
E
CVE-2024-37637 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the f...
E
CVE-2024-37639 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the fu...
E
CVE-2024-37640 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the f...
E
CVE-2024-37641 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url par...
E
CVE-2024-37642 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via t...
E
CVE-2024-37643 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the ...
E
CVE-2024-37644 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /...
E
CVE-2024-37645 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the ...
E
CVE-2024-37649 Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allow...
E
CVE-2024-37654 An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE,...
CVE-2024-37661 TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the...
CVE-2024-37662 TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WL...
CVE-2024-37663 Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the ...
CVE-2024-37664 Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLA...
CVE-2024-37665 An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges...
CVE-2024-37671 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote...
E
CVE-2024-37672 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote...
E
CVE-2024-37673 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote...
E
CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary...
CVE-2024-37675 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote...
E
CVE-2024-37676 An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Hea...
CVE-2024-37677 An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 all...
E
CVE-2024-37678 Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8...
CVE-2024-37679 Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8...
E
CVE-2024-37680 Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting...
E
CVE-2024-37681 An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 ...
CVE-2024-37694 Rejected reason: This submission has been rejected by the CNA of record. Authentication is user con...
R
CVE-2024-37699 An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption....
CVE-2024-37726 Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows...
CVE-2024-37728 Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18....
CVE-2024-37732 Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitr...
E
CVE-2024-37734 An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request ...
E S
CVE-2024-37741 OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture....
E
CVE-2024-37742 Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an a...
CVE-2024-37758 Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows au...
CVE-2024-37759 DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression...
CVE-2024-37762 MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a ...
E
CVE-2024-37763 MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affect...
E
CVE-2024-37764 MachForm up to version 19 is affected by an authenticated stored cross-site scripting....
E
CVE-2024-37765 Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account se...
E
CVE-2024-37767 Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access al...
CVE-2024-37768 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /...
E
CVE-2024-37769 Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Adm...
E
CVE-2024-37770 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the finger...
CVE-2024-37773 An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as admi...
CVE-2024-37774 A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to...
CVE-2024-37775 Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticke...
CVE-2024-37776 A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execut...
CVE-2024-37779 WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE)...
CVE-2024-37782 An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows a...
CVE-2024-37783 A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allow...
CVE-2024-37790 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ...
R
CVE-2024-37791 DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at ...
CVE-2024-37794 Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) ...
CVE-2024-37795 A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a...
CVE-2024-37798 Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul ...
E
CVE-2024-37799 CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerabil...
E
CVE-2024-37800 CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scr...
E
CVE-2024-37802 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection v...
E
CVE-2024-37803 Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Mana...
E
CVE-2024-37816 Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow....
CVE-2024-37818 Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /str...
CVE-2024-37820 A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the ap...
CVE-2024-37821 An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19...
CVE-2024-37825 An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2....
CVE-2024-37826 A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS...
CVE-2024-37828 A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arb...
CVE-2024-37829 An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user inter...
CVE-2024-37830 An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via in...
E
CVE-2024-37831 Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via t...
CVE-2024-37840 SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project I...
CVE-2024-37843 Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API ...
CVE-2024-37844 A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execut...
CVE-2024-37845 MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerab...
CVE-2024-37846 MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability...
CVE-2024-37847 An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows att...
CVE-2024-37848 SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execu...
CVE-2024-37849 A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute ...
E
CVE-2024-37855 An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0...
CVE-2024-37856 Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker...
CVE-2024-37857 SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to esc...
E
CVE-2024-37858 SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to esc...
E
CVE-2024-37859 Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker...
E
CVE-2024-37860 Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& nav...
CVE-2024-37861 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
CVE-2024-37862 Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humb...
CVE-2024-37863 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
CVE-2024-37865 An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain...
CVE-2024-37868 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote atta...
E
CVE-2024-37869 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote atta...
E
CVE-2024-37870 SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With So...
CVE-2024-37871 SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with...
E
CVE-2024-37872 SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote a...
E
CVE-2024-37873 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In...
E
CVE-2024-37877 UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed P...
CVE-2024-37878 Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary co...
CVE-2024-37879 Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below...
CVE-2024-37880 The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with som...
E S
CVE-2024-37881 SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php an...
CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions
S
CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards
S
CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files
S
CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS
S
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions
S
CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality
CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data
E S
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3
CVE-2024-37893 MFA bypass in oauth flow in Firefly III
CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign
CVE-2024-37895 API Key Leak in lobe-chat
CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin
CVE-2024-37897 Insufficient access control for password reset in sftpgo
CVE-2024-37898 XWiki Platform vulnerable to document deletion and overwrite from edit
S
CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki
E S
CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
E S
CVE-2024-37901 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
S
CVE-2024-37902 Path thraversal in DeepJavaLibrary
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder
CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik
CVE-2024-37906 Admidio has Blind SQL Injection in ecard_send.php
E S
CVE-2024-37917 Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a d...
CVE-2024-37918 WordPress ConeBlog plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37919 WordPress Timeline Module for Beaver Builder plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37920 WordPress ARForms Form Builder plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37921 WordPress Chained Quiz plugin <= 1.3.2.8 - Broken Access Control vulnerability
S
CVE-2024-37922 WordPress Premium Addons for Elementor plugin <= 4.10.34 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37923 WordPress Cliengo - Chatbot plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37924 WordPress WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin <= 1.0.1 - Sensitive Data Exposure vulnerability
CVE-2024-37925 WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37926 WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability
S
CVE-2024-37927 WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-37928 WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Arbitrary File Deletion vulnerability
CVE-2024-37929 WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability
CVE-2024-37930 WordPress SmartMag theme <= 9.3.0 - Sensitive Data Exposure via Log File vulnerability
CVE-2024-37931 WordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37932 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Arbitrary File Deletion vulnerability
CVE-2024-37933 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated SQL Injection vulnerability
CVE-2024-37934 WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability
S
CVE-2024-37935 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability
CVE-2024-37936 WordPress Tabs For WPBakery Page Builder plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37937 WordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37938 WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37939 WordPress Patricia Lite theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-37940 WordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerability
S
CVE-2024-37941 WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-37942 WordPress BerqWP plugin <= 1.7.5 - Unauthenticated Non-Blind Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-37943 WordPress YITH WooCommerce Ajax Product Filter plugin <= 5.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37944 WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 5.9.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37946 WordPress ReCaptcha Integration for WordPress plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37947 WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37948 WordPress Caxton – Create Pro page layouts in Gutenberg plugin <= 1.30.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37949 WordPress Responsive Mobile theme <= 1.15.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37950 WordPress Master Popups plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37951 WordPress Magical Posts Display plugin <= 1.2.38 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37952 WordPress BookYourTravel theme <= 8.18.17 - Subscriber+ Privilege Escalation vulnerability
S
CVE-2024-37953 WordPress MBE eShip plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-37954 WordPress Simple Responsive Slider plugin <= 0.2.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-37955 WordPress GutSlider – All in One Block Slider plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37956 WordPress VK All in One Expansion Unit plugin <= 9.99.1.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37957 WordPress Bradmax Player plugin <= 1.1.27 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37958 WordPress Meks Smart Author Widget plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37959 WordPress Power BI Embedded for WordPress plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-37960 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37961 WordPress codoc plugin <= 0.9.51.12 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37962 WordPress Fusion Page Builder plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-37965 Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37966 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37968 Windows DNS Spoofing Vulnerability
S
CVE-2024-37969 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37970 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37971 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37972 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37973 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37974 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37975 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37976 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
S
CVE-2024-37977 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37978 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37979 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-37980 Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37981 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37982 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
S
CVE-2024-37983 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
S
CVE-2024-37984 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37985 Windows Kernel Information Disclosure Vulnerability
S
CVE-2024-37986 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37987 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37988 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37989 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-37990 A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All version...
CVE-2024-37991 A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All version...
CVE-2024-37992 A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All version...
CVE-2024-37993 A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All version...
CVE-2024-37994 A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All version...
CVE-2024-37995 A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All version...
CVE-2024-37996 A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0...
CVE-2024-37997 A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0...
CVE-2024-37998 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40...
CVE-2024-37999 A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected ...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.