CVE-2024-4xxx

There are 933 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-4000 The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2024-4001 Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode
S
CVE-2024-4002 Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Editor+ Stored XSS
E
CVE-2024-4003 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-4004 Advanced Cron Manager < 2.5.7 - Admin+ Stored XSS
E
CVE-2024-4005 Social Pixel <= 2.1 - Admin+ Stored XSS
E
CVE-2024-4006 Incorrect Authorization in GitLab
E S
CVE-2024-4007 Hard coded default credential contained in install package
S
CVE-2024-4008 FDSK Leak in KNX Secure Devices
CVE-2024-4009 Replay Attack in KNX Secure Devices
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request
CVE-2024-4011 Improper Access Control in GitLab
E S
CVE-2024-4012 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4013 Failure to update BT Mesh Replay Protection List
CVE-2024-4014 The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE-2024-4017 Privilege Escalation in U-Series Appliance
CVE-2024-4018 Privilege Escalation in U-Series Appliance
CVE-2024-4019 Byzoro Smart S80 Management Platform importhtml.php deserialization
E
CVE-2024-4020 Tenda FH1206 addressNat fromAddressNat buffer overflow
E
CVE-2024-4021 Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure
E
CVE-2024-4022 Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure
E
CVE-2024-4023 Stored XSS in flatpressblog/flatpress
CVE-2024-4024 Authentication Bypass by Assumed-Immutable Data in GitLab
E S
CVE-2024-4026 Cross-Site Scripting in the Holded application
S
CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console
M
CVE-2024-4029 Wildfly: no timeout for eap management interface may lead to denial of service (dos)
M
CVE-2024-4030 tempfile.mkdtemp() may be readable and writeable by all users on Windows
S
CVE-2024-4031 MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability
CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges
S
CVE-2024-4033 All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image
CVE-2024-4034 The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name...
CVE-2024-4035 The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable t...
CVE-2024-4036 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style p...
S
CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-4039 Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP
KEV E S
CVE-2024-4041 Yoast SEO <= 22.5 - Reflected Cross-Site Scripting
CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute
S
CVE-2024-4043 WP Ultimate Post Grid <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode
CVE-2024-4044 Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio
CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4046 Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerabili...
CVE-2024-4056 Denial of service condition in M-Files Server
M
CVE-2024-4057 Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
E
CVE-2024-4058 Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potenti...
CVE-2024-4059 Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to le...
E
CVE-2024-4060 Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentia...
E
CVE-2024-4061 Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings
E
CVE-2024-4062 Hualai Xiaofang iSC5 certificate validation
CVE-2024-4063 EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation
CVE-2024-4064 Tenda AC8 execCommand R7WebsSecurityHandler stack-based overflow
E
CVE-2024-4065 Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2024-4066 Tenda AC8 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow
E
CVE-2024-4067 Regular Expression Denial of Service in micromatch
CVE-2024-4068 Memory Exhaustion in braces
S
CVE-2024-4069 Kashipara Online Furniture Shopping Ecommerce Website search.php sql injection
E
CVE-2024-4070 Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection
E
CVE-2024-4071 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php sql injection
E
CVE-2024-4072 Kashipara Online Furniture Shopping Ecommerce Website search.php cross site scripting
E
CVE-2024-4073 Kashipara Online Furniture Shopping Ecommerce Website prodList.php cross site scripting
E
CVE-2024-4074 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php cross site scripting
E
CVE-2024-4075 Kashipara Online Furniture Shopping Ecommerce Website login.php cross site scripting
E
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content
S
CVE-2024-4077 WordPress UDesign theme <= 4.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-4078 Arbitrary Code Execution in parisneo/lollms
CVE-2024-4079 Out of Bounds Read Due to Missing Bounds Check in LabVIEW
CVE-2024-4080 Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll
CVE-2024-4081 Memory Corruption Due to Improper Length Check in NI LabVIEW
CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery
CVE-2024-4083 The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery i...
CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm
E
CVE-2024-4085 The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
CVE-2024-4086 The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site ...
CVE-2024-4087 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget
S
CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization
S
CVE-2024-4089 A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to ex...
S
CVE-2024-4090 My Sticky Bar < 2.7.2 - Admin+ Stored XSS
E
CVE-2024-4091 Responsive Gallery Grid < 2.3.15 - Admin+ Stored XSS
E
CVE-2024-4092 The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htm...
CVE-2024-4093 SourceCodester Simple Subscription Website view_application.php sql injection
E
CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS
E
CVE-2024-4095 Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-4096 Responsive Tabs <= 4.0.8 - Contributor+ Stored XSS
E
CVE-2024-4097 The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion
S
CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab
E S
CVE-2024-4100 Pricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax()
CVE-2024-4101 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4102 Pricing Table <= 2.0.1 - Missing Authorization
CVE-2024-4103 ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery
CVE-2024-4104 ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting
CVE-2024-4105 A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's ...
CVE-2024-4106 A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in acco...
CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
E
CVE-2024-4108 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4109 Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerabili...
R
CVE-2024-4111 Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow
E
CVE-2024-4112 Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow
E
CVE-2024-4113 Tenda TX9 SetSysTimeCfg sub_42D4DC stack-based overflow
E
CVE-2024-4114 Tenda TX9 PowerSaveSet sub_42C014 stack-based overflow
E
CVE-2024-4115 Tenda W15E AddDnsForward formAddDnsForward stack-based overflow
E
CVE-2024-4116 Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow
E
CVE-2024-4117 Tenda W15E DelPortMapping formDelPortMapping stack-based overflow
E
CVE-2024-4118 Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow
E
CVE-2024-4119 Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow
E
CVE-2024-4120 Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow
E
CVE-2024-4121 Tenda W15E formQOSRuleDel stack-based overflow
E
CVE-2024-4122 Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow
E
CVE-2024-4123 Tenda W15E SetPortMapping formSetPortMapping stack-based overflow
E
CVE-2024-4124 Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow
E
CVE-2024-4125 Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow
E
CVE-2024-4126 Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow
E
CVE-2024-4127 Tenda W15E guestWifiRuleRefresh stack-based overflow
E
CVE-2024-4128 CSRF in firebase-tools emulator suite
CVE-2024-4129 Authentication bypass in Snow License Manager
S
CVE-2024-4130 A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to exe...
S
CVE-2024-4131 A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to exec...
S
CVE-2024-4132 A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to e...
S
CVE-2024-4133 The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plu...
CVE-2024-4135 The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versi...
CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
CVE-2024-4140 An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause ...
S
CVE-2024-4141 Out-of-bounds array write in Xpdf 4.05 due to incorrect bounds check
CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow
CVE-2024-4143 Certain HP PC products using AMI BIOS – Buffer Overflow
CVE-2024-4144 Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-4145 Search & Replace < 3.2.2 - Admin+ SQL injection
E
CVE-2024-4146 Incorrect Authorization in lunary-ai/lunary
E S
CVE-2024-4148 Redos (Regular Expression Denial of Service) in lunary-ai/lunary
E
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
E
CVE-2024-4150 Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting
CVE-2024-4151 Improper Access Control in lunary-ai/lunary
E S
CVE-2024-4152 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4153 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4154 Incorrect Synchronization in lunary-ai/lunary
E S
CVE-2024-4155 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4156 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ...
S
CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues
S
CVE-2024-4158 Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4159 Protection mechanisms
CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode
S
CVE-2024-4161 Syslog traffic sent in clear-text
CVE-2024-4162 KW Watcher Vulnerability ALlows Malicious Read Access to Memory
M
CVE-2024-4163 Privilege Escalation on Skylab IIoT Gateway (IGX)
CVE-2024-4164 Tenda G3 ModifyPppAuthWhiteMac formModifyPppAuthWhiteMac stack-based overflow
E
CVE-2024-4165 Tenda G3 modifyDhcpRule stack-based overflow
E
CVE-2024-4166 Tenda 4G300 sub_41E858 stack-based overflow
E
CVE-2024-4167 Tenda 4G300 sub_422AA4 stack-based overflow
E
CVE-2024-4168 Tenda 4G300 sub_4260F0 stack-based overflow
E
CVE-2024-4169 Tenda 4G300 sub_4279CC stack-based overflow
E
CVE-2024-4170 Tenda 4G300 sub_429A30 stack-based overflow
E
CVE-2024-4171 Tenda W30E WizardHandle fromWizardHandle stack-based overflow
E
CVE-2024-4172 idcCMS cross-site request forgery
E
CVE-2024-4173 SANnav versions exposes Kafka in the wan interface.
CVE-2024-4174 Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server
S
CVE-2024-4175 Improper Input Validation vulnerability in Hyperion Web Server
S
CVE-2024-4176 An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to...
CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)
S
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS
E
CVE-2024-4181 Command Injection in run-llama/llama_index
CVE-2024-4182 Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to h...
S
CVE-2024-4183 Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 ...
S
CVE-2024-4184 Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools
S
CVE-2024-4185 The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verifica...
CVE-2024-4186 The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, ...
CVE-2024-4187 Stored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites.
S
CVE-2024-4188 Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.
S
CVE-2024-4189 Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
S
CVE-2024-4190 OpenText ArcSight Logger Stored XSS
CVE-2024-4192 Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2 DOPSoft
S
CVE-2024-4193 Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4194 Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-4195 Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role c...
S
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
CVE-2024-4198 Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role c...
S
CVE-2024-4199 Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization
CVE-2024-4200 Progress Telerik Reporting Local Deserialization Vulnerability
CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-4202 Progress Telerik Reporting Local Instantiation Vulnerability
CVE-2024-4203 The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripti...
S
CVE-2024-4204 Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery
CVE-2024-4205 Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure
S
CVE-2024-4206 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4207 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect
S
CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer
S
CVE-2024-4210 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-4211 Multiple missing permission checks
S
CVE-2024-4212 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
S
CVE-2024-4213 Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure
CVE-2024-4214 WordPress cardealer plugin <= 4.15 - Content Injection vulnerability
S
CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4
CVE-2024-4216 XSS vulnerability in /settings/store API response json payload in pgAdmin 4
CVE-2024-4217 Shortcodes Ultimate Pro < 7.1.5 - Contributor+ Stored Cross-Site Scripting XSS
E
CVE-2024-4218 AffiEasy <= 1.1.7 - Cross-Site Request Forgery to Various Actions
CVE-2024-4219 SSRF In BeyondInsight
CVE-2024-4220 Information Disclosure in BeyondInsight
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization
S
CVE-2024-4224 TP-Link TL-SG1016DE XSS
S
CVE-2024-4225 NGDIN_ST v2.0D.0062 - Multiple Vulnerabilities
CVE-2024-4226 It was identified that in certain versions of Octopus Server, that a user created with no permission...
CVE-2024-4227 gSOAP: Vulnerable to specially crafted unencrypted SDC messages
CVE-2024-4228 SQLi in Magarsus Consultancy's SSO
CVE-2024-4229 Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 an...
CVE-2024-4230 External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions...
CVE-2024-4231 Incorrect Access Control Vulnerability in Digisol Router
S
CVE-2024-4232 Password Storage in Plaintext Vulnerability in Digisol Router
S
CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares
S
CVE-2024-4234 WordPress Filterable Portfolio plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
E
CVE-2024-4236 Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow
E
CVE-2024-4237 Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow
E
CVE-2024-4238 Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow
E
CVE-2024-4239 Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2024-4240 Tenda W9 formQosManageDouble_user stack-based overflow
CVE-2024-4241 Tenda W9 formQosManageDouble_auto stack-based overflow
CVE-2024-4242 Tenda W9 wifiSSIDget formwrlSSIDget stack-based overflow
E
CVE-2024-4243 Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow
E
CVE-2024-4244 Tenda W9 DhcpSetSer fromDhcpSetSer stack-based overflow
E
CVE-2024-4245 Tenda i21 formQosManageDouble_user stack-based overflow
CVE-2024-4246 Tenda i21 formQosManageDouble_auto stack-based overflow
CVE-2024-4247 Tenda i21 formQosManage_auto stack-based overflow
CVE-2024-4248 Tenda i21 formQosManage_user stack-based overflow
CVE-2024-4249 Tenda i21 wifiSSIDget formwrlSSIDget stack-based overflow
E
CVE-2024-4250 Tenda i21 wifiSSIDset formwrlSSIDset stack-based overflow
E
CVE-2024-4251 Tenda i21 DhcpSetSe fromDhcpSetSer stack-based overflow
E
CVE-2024-4252 Tenda i22 formSetUrlFilterRule stack-based overflow
CVE-2024-4253 Command Injection in gradio-app/gradio
CVE-2024-4254 Secrets Exfiltration in gradio-app/gradio
CVE-2024-4255 Ruijie RG-UAC gre_edit_commit.php os command injection
E S
CVE-2024-4256 Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting
CVE-2024-4257 BlueNet Technology Clinical Browsing System deleteStudy.php sql injection
E
CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion
S
CVE-2024-4259 Sensetive Data Exposure in SAMPAS's AKOS
CVE-2024-4260 CoBlocks < 3.1.12 - Contributor+ SSRF
E
CVE-2024-4261 Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
CVE-2024-4262 Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes
CVE-2024-4263 Improper Access Control in mlflow/mlflow
E S
CVE-2024-4264 Remote Code Execution in berriai/litellm
CVE-2024-4265 The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin...
S
CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure
S
CVE-2024-4267 Remote Code Execution in parisneo/lollms-webui
CVE-2024-4268 Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks
S
CVE-2024-4269 SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload
E
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
E
CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload
E
CVE-2024-4272 Support SVG < 1.1.0 - Stored XSS via SVG Upload
E
CVE-2024-4273 Essential Real Estate <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion
CVE-2024-4275 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles'
S
CVE-2024-4276 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter
CVE-2024-4278 Incorrect Synchronization in GitLab
E S
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
S
CVE-2024-4280 White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset
CVE-2024-4281 The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ...
S
CVE-2024-4282 Weak TLS Ciphers on Brocade SANnav OVA SSH port 22
CVE-2024-4283 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
E S
CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm
CVE-2024-4285 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm
CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm
CVE-2024-4288 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4289 Sailthru Triggermail <= 1.1 - Reflected XSS
E
CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS
E
CVE-2024-4291 Tenda A301 setBlackRule formAddMacfilterRule stack-based overflow
E
CVE-2024-4292 Contemporary Controls BASrouter BACnet BASRT-B Device-Communication-Control Service denial of service
E
CVE-2024-4293 PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php cross site scripting
E
CVE-2024-4294 PHPGurukul Doctor Appointment Management System view-appointment-detail.php resource injection
E
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
S
CVE-2024-4296 HGiga iSherlock - Arbitrary File Download
S
CVE-2024-4297 HGiga iSherlock - Arbitrary File Download
S
CVE-2024-4298 HGiga iSherlock - Command Injection
S
CVE-2024-4299 HGiga iSherlock - Command Injection
S
CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure
S
CVE-2024-4301 N-Reporter and N-Cloud from N-Partner - Os Command Injection
S
CVE-2024-4302 Super 8 livechat SDK - Cross-site Scripting
S
CVE-2024-4303 ArmorX Android APP - MFA Bypass
S
CVE-2024-4304 Vulnerability on SWAL platform from GT3 Soluciones
S
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
E
CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank
CVE-2024-4307 SQL injection vulnerability in HubBank
CVE-2024-4308 SQL injection vulnerability in HubBank
CVE-2024-4309 SQL injection vulnerability in HubBank
CVE-2024-4310 Cross-site Scripting (XSS) vulnerability in HubBank
CVE-2024-4311 Lack of login attempt rate-limiting in zenml-io/zenml
E S
CVE-2024-4312 Soccer Engine – Soccer Plugin for WordPress <= 1.12 - Cross-Site Request Forgery
CVE-2024-4313 Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter
S
CVE-2024-4314 hostel <= 1.1.5.3 - Cross-Site Request Forgery
CVE-2024-4315 LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms
CVE-2024-4316 EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
M
CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection
S
CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure
CVE-2024-4320 Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
E
CVE-2024-4321 Local File Inclusion (LFI) in gaizhenbiao/chuanhuchatgpt
CVE-2024-4322 Path Traversal in parisneo/lollms-webui
CVE-2024-4323 Fluent Bit Memory Corruption Vulnerability
E S
CVE-2024-4324 The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wid...
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio
E
CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting
E M
CVE-2024-4328 CSRF in clear_personality_files_list in parisneo/lollms-webui
E
CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-4330 Path Traversal in parisneo/lollms-webui
CVE-2024-4331 Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attac...
E
CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs
S
CVE-2024-4333 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting
S
CVE-2024-4334 The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerab...
CVE-2024-4335 Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4336 Múltiple vulnerabilities on Adive Framework
S
CVE-2024-4337 Múltiple vulnerabilities on Adive Framework
S
CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4340 Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
S
CVE-2024-4341 Information Disclosure in ExtremePacs's Extreme XDS
CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4343 Python Command Injection in imartinez/privategpt
CVE-2024-4344 Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request Forgery
CVE-2024-4345 The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to i...
CVE-2024-4346 The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all ...
CVE-2024-4347 WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion
CVE-2024-4348 osCommerce all-products cross site scripting
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
E
CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer
S
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
CVE-2024-4353 Stored XSS in Generate Board Name Input Field
S
CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind
S
CVE-2024-4355 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.24 - Missing Authorization to Information Expsoure
CVE-2024-4356 List categories <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-4357 XML External Entity Processing Information Disclosure
CVE-2024-4358 Registration Authentication Bypass Vulnerability
KEV M
CVE-2024-4359 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read
S
CVE-2024-4360 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag
S
CVE-2024-4361 Page Builder by SiteOrigin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode
CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode
S
CVE-2024-4363 Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter
CVE-2024-4364 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
S
CVE-2024-4365 Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4366 Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting
S
CVE-2024-4367 A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execu...
CVE-2024-4368 Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potenti...
E
CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
CVE-2024-4370 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget
S
CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection
CVE-2024-4372 Carousel Slider < 2.2.11 - Editor+ Stored XSS
E
CVE-2024-4373 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'
CVE-2024-4374 DethemeKit For Elementor <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-4375 Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
CVE-2024-4376 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget
S
CVE-2024-4377 DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode
E
CVE-2024-4378 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider
S
CVE-2024-4379 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip
S
CVE-2024-4381 CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS
E
CVE-2024-4382 CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
E
CVE-2024-4383 Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-4384 CSSable Countdown <= 1.5 - Admin+ Stored XSS
E
CVE-2024-4385 Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting
S
CVE-2024-4386 Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4387 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4388 CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
E
CVE-2024-4389 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation
CVE-2024-4391 Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget
S
CVE-2024-4392 Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode
CVE-2024-4393 The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, an...
CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
S
CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload
CVE-2024-4398 HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-4399 CAS <= 1.0.0 - Unauthenticated SSRF
E
CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting
S
CVE-2024-4401 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters
S
CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery
CVE-2024-4405 Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability
CVE-2024-4406 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability
CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery
CVE-2024-4410 IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization
CVE-2024-4411 Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-4413 Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection
CVE-2024-4417 Falang multilanguage for WordPress <= 1.3.49 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-4418 Libvirt: stack use-after-free in virnetclientioeventloop()
CVE-2024-4419 Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-4420 Denial of Service in Tink-cc
CVE-2024-4422 Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-4423 Authentication bypass in CemiPark
CVE-2024-4424 Stored XSS in CemiPark
CVE-2024-4425 Storing credentials in plaintext in CemiPark
CVE-2024-4426 Comparison Slider <= 1.0.5 - Cross-Site Request Forgery
CVE-2024-4427 Comparison Slider <= 1.0.5 - Missing Authorization
CVE-2024-4428 Sensetive Data Exposure in Menulux Managment Portal
CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager
CVE-2024-4430 Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute
S
CVE-2024-4431 LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-4432 Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-4433 WordPress Simple Image Popup plugin <= 2.4.0 - Cross-Site Scripting (XSS) vulnerability
CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection
E
CVE-2024-4435 BTreeMap memory leak when deallocating nodes with overflows
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform
CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform
CVE-2024-4439 WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar blo...
CVE-2024-4440 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-4441 XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion
CVE-2024-4442 Salon booking system <= 9.8 - Unauthenticated Arbitrary File Deletion
S
CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter
S
CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration
E
CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization
CVE-2024-4446 Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter
CVE-2024-4447 In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the...
CVE-2024-4448 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'
S
CVE-2024-4449 Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets
CVE-2024-4450 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Missing Authorization via Several Functions
CVE-2024-4451 Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode
S
CVE-2024-4452 ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4453 GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
S
CVE-2024-4454 WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2024-4456 In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-S...
CVE-2024-4458 Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs
CVE-2024-4459 Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles
S
CVE-2024-4460 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4461 Unquoted path or search item vulnerability in SugarSync
S
CVE-2024-4462 Nafeza Prayer Time <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-4463 Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery
CVE-2024-4464 Authorization bypass through user-controlled key vulnerability in streaming service in Synology Medi...
CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0
S
CVE-2024-4466 SQL injection vulnerability in Gescen
S
CVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/write
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization
S
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
E
CVE-2024-4470 Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab
E S
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget
S
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
E
CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF
E
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
E
CVE-2024-4478 Happy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget
S
CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets
S
CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
E
CVE-2024-4481 Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link
S
CVE-2024-4482 The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
CVE-2024-4483 Email Encoder < 2.2.2 - Admin+ Stored XSS
E
CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4485 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4486 Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget
CVE-2024-4487 Blocksy Companion <= 2.0.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads
S
CVE-2024-4488 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads
S
CVE-2024-4490 Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2024-4491 Tenda i21 formGetDiagnoseInfo stack-based overflow
E
CVE-2024-4492 Tenda i21 setStaOffline formOfflineSet stack-based overflow
E
CVE-2024-4493 Tenda i21 formSetAutoPing stack-based overflow
E
CVE-2024-4494 Tenda i21 setUplinkInfo formSetUplinkInfo stack-based overflow
E
CVE-2024-4495 Tenda i21 formWifiMacFilterGet stack-based overflow
E
CVE-2024-4496 Tenda i21 formWifiMacFilterSet stack-based overflow
E
CVE-2024-4497 Tenda i21 formexeCommand stack-based overflow
E
CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui
CVE-2024-4499 CSRF Vulnerability in parisneo/lollms XTTS Server
E
CVE-2024-4500 SourceCodester Prison Management System edit-photo.php unrestricted upload
E
CVE-2024-4501 Ruijie RG-UAC commit.php os command injection
E S
CVE-2024-4502 Ruijie RG-UAC dhcp_client_commit.php os command injection
E S
CVE-2024-4503 Ruijie RG-UAC dhcp_relay_commit.php os command injection
E S
CVE-2024-4504 Ruijie RG-UAC commit.php os command injection
E S
CVE-2024-4505 Ruijie RG-UAC ip_addr_add_commit.php os command injection
E S
CVE-2024-4506 Ruijie RG-UAC ip_addr_edit_commit.php os command injection
E S
CVE-2024-4507 Ruijie RG-UAC static_route_add_ipv6.php os command injection
E
CVE-2024-4508 Ruijie RG-UAC static_route_edit_ipv6.php os command injection
E
CVE-2024-4509 Ruijie RG-UAC add_commit.php os command injection
E S
CVE-2024-4510 Ruijie RG-UAC arp_add_commit.php os command injection
E S
CVE-2024-4511 Shanghai Sunfull Automation BACnet Server HMI1002-ARM Message buffer overflow
E
CVE-2024-4512 SourceCodester Prison Management System edit-profile.php cross site scripting
E
CVE-2024-4513 Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting
E
CVE-2024-4514 Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting
E
CVE-2024-4515 Campcodes Complete Web-Based School Management System timetable_grade_wise.php cross site scripting
E
CVE-2024-4516 Campcodes Complete Web-Based School Management System timetable.php cross site scripting
E
CVE-2024-4517 Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php cross site scripting
E
CVE-2024-4518 Campcodes Complete Web-Based School Management System teacher_salary_invoice.php cross site scripting
E
CVE-2024-4519 Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting
E
CVE-2024-4520 Improper Access Control in gaizhenbiao/chuanhuchatgpt
E
CVE-2024-4521 Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting
E
CVE-2024-4522 Campcodes Complete Web-Based School Management System teacher_salary_details.php cross site scripting
E
CVE-2024-4523 Campcodes Complete Web-Based School Management System teacher_attendance_history1.php cross site scripting
E
CVE-2024-4524 Campcodes Complete Web-Based School Management System student_payment_invoice.php cross site scripting
E
CVE-2024-4525 Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting
E
CVE-2024-4526 Campcodes Complete Web-Based School Management System student_payment_details3.php cross site scripting
E
CVE-2024-4527 Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting
E
CVE-2024-4528 SourceCodester Prison Management System user-record.php cross site scripting
E
CVE-2024-4529 Business Card <= 1.0.0 - Category Deletion via CSRF
E
CVE-2024-4530 Business Card <= 1.0.0 - Category Edit via CSRF
E
CVE-2024-4531 Business Card <= 1.0.0 - Card Edit via CSRF
E
CVE-2024-4532 Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF
E
CVE-2024-4533 KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection
E
CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
E
CVE-2024-4535 KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF
E
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability
S
CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software
S
CVE-2024-4538 IDOR vulnerability in Janto Ticketing Software
S
CVE-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab
S
CVE-2024-4540 Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
M
CVE-2024-4541 Custom Product List Table <= 3.0.0 - Cross-Site Request Forgery
CVE-2024-4542 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3548. Reason: T...
R
CVE-2024-4543 Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery
S
CVE-2024-4544 Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass
CVE-2024-4545 EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr
CVE-2024-4546 Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode
CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection
CVE-2024-4548 Delta Electronics DIAEnergie SQL Injection
CVE-2024-4549 Delta Electronics DIAEnergie SQL Injection
CVE-2024-4550 A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation p...
S
CVE-2024-4551 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode
E S
CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
CVE-2024-4553 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode
S
CVE-2024-4554 Multiple xss vulnerability in NetIQ Access Manager
CVE-2024-4555 User impersonation with MFA when configure in specific way
CVE-2024-4556 Directory traversal vulnerability in NetIQ Access Manager
CVE-2024-4557 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-4558 Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potent...
E
CVE-2024-4559 Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker ...
E
CVE-2024-4560 Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
CVE-2024-4561 WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController
CVE-2024-4562 WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings
CVE-2024-4563 The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length
CVE-2024-4564 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-4565 Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access
E
CVE-2024-4566 ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification
CVE-2024-4567 Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode
S
CVE-2024-4568 Stack overflow in Xpdf 4.05 due to object loop in PDF resources
CVE-2024-4569 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4570 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4571 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-4572 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-4574 Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-4575 LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode
CVE-2024-4576 TIBCO EBX File Inclusion Vulnerability
CVE-2024-4577 Argument Injection in PHP-CGI
KEV E S
CVE-2024-4578 Privilege escalation in Arista Wireless Access Points
S
CVE-2024-4579 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4295. Reason: T...
R
CVE-2024-4580 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4581 Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes
CVE-2024-4582 Faraday GM8181/GM828x NTP Service os command injection
E
CVE-2024-4583 Faraday GM8181/GM828x Request information disclosure
E
CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure
E
CVE-2024-4585 DedeCMS member_type.php cross-site request forgery
E
CVE-2024-4586 DedeCMS shops_delivery.php cross-site request forgery
E
CVE-2024-4587 DedeCMS tpl.php cross-site request forgery
E
CVE-2024-4588 DedeCMS mytag_add.php cross-site request forgery
E
CVE-2024-4589 DedeCMS mytag_edit.php cross-site request forgery
E
CVE-2024-4590 DedeCMS sys_info.php cross-site request forgery
E
CVE-2024-4591 DedeCMS sys_group_add.php cross-site request forgery
E
CVE-2024-4592 DedeCMS sys_group_edit.php cross-site request forgery
E
CVE-2024-4593 DedeCMS sys_multiserv.php cross-site request forgery
E
CVE-2024-4594 DedeCMS sys_safe.php cross-site request forgery
E
CVE-2024-4595 SEMCMS function.php locate sql injection
E
CVE-2024-4596 Kimai Session information disclosure
S
CVE-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab
S
CVE-2024-4599 Denial of service vulnerability in LAN Messenger
S
CVE-2024-4600 Cross-Site Request Forgery vulnerability in Socomec Net Vision
S
CVE-2024-4601 Improper Authentication vulnerability in Socomec Net Vision
S
CVE-2024-4602 Embed Peertube Playlist < 1.10 - Editor+ Stored XSS
E
CVE-2024-4603 Excessive time spent checking DSA keys and parameters
S
CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO
CVE-2024-4605 Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
CVE-2024-4606 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability
S
CVE-2024-4607 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2024-4608 SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
S
CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
S
CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations
KEV S
CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
E S
CVE-2024-4614 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-4615 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget
CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
E
CVE-2024-4617 Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4618 Exclusive Addons for Elementor <= 2.6.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget
S
CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2024-4620 ArForms < 6.6 - Unauthenticated RCE
E
CVE-2024-4621 ArForms < 6.6 - Admin+ Stored XSS
E
CVE-2024-4622 alpitronic Hypercharger EV Charger Use of Default Credentials
M
CVE-2024-4623 Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter
CVE-2024-4624 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4625 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters
CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS
E
CVE-2024-4629 Keycloak: potential bypass of brute force protection
M
CVE-2024-4630 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4631 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3557. Reason: T...
R
CVE-2024-4632 WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4633 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting
CVE-2024-4634 Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4635 Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex
CVE-2024-4638 OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey
S
CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec
S
CVE-2024-4640 OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail
S
CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors
S
CVE-2024-4642 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4644 SourceCodester Prison Management System changepassword.php cross site scripting
E
CVE-2024-4645 SourceCodester Prison Management System changepassword.php cross site scripting
E
CVE-2024-4646 Campcodes Complete Web-Based School Management System student_payment_details.php cross site scripting
E
CVE-2024-4647 Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting
E
CVE-2024-4648 Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php cross site scripting
E
CVE-2024-4649 Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting
E
CVE-2024-4650 Campcodes Complete Web-Based School Management System student_due_payment.php cross site scripting
E
CVE-2024-4651 Campcodes Complete Web-Based School Management System student_attendance_history1.php cross site scripting
E
CVE-2024-4652 Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting
E
CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection
E
CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection
E
CVE-2024-4655 Ultimate Blocks < 3.1.9 - Contributor+ Stored XSS
E
CVE-2024-4656 Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-4657 Strored XSS in Talent Software's BAP Automation
CVE-2024-4658 SQLi in TE Informatics' Nova CMS
CVE-2024-4660 Missing Authorization in GitLab
E S
CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification
S
CVE-2024-4662 Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution
CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-4664 WP Chat App < 3.6.5 - Admin+ Stored XSS
E
CVE-2024-4665 EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update
E
CVE-2024-4666 Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-4667 Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget
S
CVE-2024-4668 Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets
CVE-2024-4669 Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-4670 All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode
CVE-2024-4671 Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had...
KEV
CVE-2024-4672 Campcodes Complete Web-Based School Management System show_student_subject.php cross site scripting
E
CVE-2024-4673 Campcodes Complete Web-Based School Management System show_student_grade_subject.php cross site scripting
E
CVE-2024-4674 Campcodes Complete Web-Based School Management System show_friend_request.php cross site scripting
E
CVE-2024-4675 Campcodes Complete Web-Based School Management System show_events.php cross site scripting
E
CVE-2024-4676 Campcodes Complete Web-Based School Management System range_grade_text.php cross site scripting
E
CVE-2024-4677 Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting
E
CVE-2024-4678 Campcodes Complete Web-Based School Management System find_friends.php cross site scripting
E
CVE-2024-4679 Folder Permission Vulnerability in JP1/Extensible SNMP Agent
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
E
CVE-2024-4681 Campcodes Legal Case Management System Setting general-setting unrestricted upload
E
CVE-2024-4682 Campcodes Complete Web-Based School Management System exam_timetable_update_form.php cross site scripting
E
CVE-2024-4683 Campcodes Complete Web-Based School Management System exam_timetable_insert_form.php cross site scripting
E
CVE-2024-4684 Campcodes Complete Web-Based School Management System exam_timetable_grade_wise.php cross site scripting
E
CVE-2024-4685 Campcodes Complete Web-Based School Management System exam_timetable.php cross site scripting
E
CVE-2024-4686 Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting
E
CVE-2024-4687 Campcodes Complete Web-Based School Management System create_events.php cross site scripting
E
CVE-2024-4688 Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting
E
CVE-2024-4689 WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-4690 Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools
S
CVE-2024-4692 Multiple missing permission checks
S
CVE-2024-4693 Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash
CVE-2024-4695 Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-4696 A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17...
S
CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter
CVE-2024-4698 Testimonial Carousel For Elementor <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4699 D-Link DAR-8000-10 importhtml.php deserialization
CVE-2024-4700 WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4701 Path Traversal vulnerability via File Uploads in Genie
CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
S
CVE-2024-4703 One Page Express Companion <= 1.6.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via one_page_express_contact_form Shortcode
S
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
E
CVE-2024-4705 Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode
S
CVE-2024-4706 WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode
CVE-2024-4707 Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode
S
CVE-2024-4708 mySCADA myPRO Use of Hard-coded Password
S
CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4710 Uber Menu <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
CVE-2024-4711 WordPress Infinite Scroll – Ajax Load More <= 7.1.1 - Authenticated (Contributor+) Cross-Site Scripting
S
CVE-2024-4712 Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler
CVE-2024-4713 Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting
E
CVE-2024-4714 Campcodes Complete Web-Based School Management System update_subject.php cross site scripting
E
CVE-2024-4715 Campcodes Complete Web-Based School Management System update_grade.php cross site scripting
E
CVE-2024-4716 Campcodes Complete Web-Based School Management System update_exam.php cross site scripting
E
CVE-2024-4717 Campcodes Complete Web-Based School Management System update_classroom.php cross site scripting
E
CVE-2024-4718 Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting
E
CVE-2024-4719 Campcodes Complete Web-Based School Management System delete_record.php cross site scripting
E
CVE-2024-4720 Campcodes Complete Web-Based School Management System approve_petty_cash.php cross site scripting
E
CVE-2024-4721 Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting
E
CVE-2024-4722 Campcodes Complete Web-Based School Management System index.php cross site scripting
E
CVE-2024-4723 Campcodes Legal Case Management System case-status cross site scripting
E
CVE-2024-4724 Campcodes Legal Case Management System case-type cross site scripting
E
CVE-2024-4725 Campcodes Legal Case Management System client_user cross site scripting
E
CVE-2024-4726 Campcodes Legal Case Management System clients cross site scripting
E
CVE-2024-4727 Campcodes Legal Case Management System court-type cross site scripting
E
CVE-2024-4728 Campcodes Legal Case Management System court cross site scripting
E
CVE-2024-4729 Campcodes Legal Case Management System expense-type cross site scripting
E
CVE-2024-4730 Campcodes Legal Case Management System judge cross site scripting
E
CVE-2024-4731 Campcodes Legal Case Management System role cross site scripting
E
CVE-2024-4732 Campcodes Legal Case Management System service cross site scripting
E
CVE-2024-4733 ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-4734 Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-4735 Campcodes Legal Case Management System tasks cross site scripting
E
CVE-2024-4736 Campcodes Legal Case Management System tax cross site scripting
E
CVE-2024-4737 Campcodes Legal Case Management System vendor cross site scripting
E
CVE-2024-4738 Campcodes Legal Case Management System cross site scripting
E
CVE-2024-4739 MXsecurity License Generation Function Disclosure
S
CVE-2024-4740 MXsecurity Use of Hard-coded Credentials
S
CVE-2024-4741 Use After Free with SSL_free_buffers
S
CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection
CVE-2024-4743 LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode
S
CVE-2024-4744 WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability
S
CVE-2024-4745 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability
S
CVE-2024-4746 WordPress Netgsm plugin <= 2.9.16 - Broken Access Control vulnerability
CVE-2024-4747 WordPress Propovoice CRM plugin <= 1.7.6.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-4748 RCE in Cruddiy
CVE-2024-4749 WP eMember < 10.3.9 - Reflected XSS
E
CVE-2024-4750 BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
E
CVE-2024-4751 WP Prayer II <= 2.4.7 - Settings Update via CSRF
E
CVE-2024-4752 EventON < 2.2.15 - Admin+ Stored Cross-Site Scripting via event subtitle
E
CVE-2024-4753 WP Secure Maintenance < 1.7 - Admin+ Stored XSS
E
CVE-2024-4754 Stored XSS in Next4Biz's BPM
CVE-2024-4755 Google CSE <= 1.0.7 - Admin+ Stored XSS
E
CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS
E
CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
E
CVE-2024-4758 Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
E
CVE-2024-4759 Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
E
CVE-2024-4760 Voltage glitch during startup of the EEFC NVM controller can bypass the security bit
E
CVE-2024-4761 Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perf...
KEV
CVE-2024-4762 An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC ...
S
CVE-2024-4763 An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Acc...
S
CVE-2024-4764 Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. ...
E
CVE-2024-4765 Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collisi...
CVE-2024-4766 Different techniques existed to obscure the fullscreen notification in Firefox for Android. These c...
CVE-2024-4767 If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly ...
E
CVE-2024-4768 A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a us...
E
CVE-2024-4769 When importing resources using Web Workers, error messages would distinguish the difference between ...
CVE-2024-4770 When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. T...
E
CVE-2024-4771 A memory allocation check was missing which would lead to a use-after-free if the allocation failed....
E
CVE-2024-4772 An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictab...
E
CVE-2024-4773 When a network error occurred during page load, the prior content could have remained in view with a...
CVE-2024-4774 The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing th...
CVE-2024-4775 An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially...
E
CVE-2024-4776 A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. ...
E
CVE-2024-4777 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these...
CVE-2024-4778 Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption a...
CVE-2024-4779 Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]
S
CVE-2024-4780 Image Hover Effects – Elementor Addon <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via eihe_link Parameter
CVE-2024-4781 A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthent...
S
CVE-2024-4782 A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthent...
S
CVE-2024-4783 jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode
CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab
E S
CVE-2024-4785 BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
S
CVE-2024-4786 An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially...
S
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
CVE-2024-4788 Boostify Header Footer Builder for Elementor <= 1.3.3 - Missing Authorization to Page/Post Creation
S
CVE-2024-4789 Cost Calculator Builder Pro <= 3.1.72 - Authenticated (Subscriber+) Server-Side Request Forgery
CVE-2024-4790 DedeCMS path traversal
E
CVE-2024-4791 Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service
E
CVE-2024-4792 Campcodes Online Laundry Management System admin_class.php sql injection
E
CVE-2024-4793 Campcodes Online Laundry Management System manage_laundry.php sql injection
E
CVE-2024-4794 Campcodes Online Laundry Management System manage_receiving.php sql injection
E
CVE-2024-4795 Campcodes Online Laundry Management System manage_user.php sql injection
E
CVE-2024-4796 Campcodes Online Laundry Management System manage_inv.php sql injection
E
CVE-2024-4797 Campcodes Online Laundry Management System ajax.php cross site scripting
E
CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection
E
CVE-2024-4799 Kashipara College Management System view_each_faculty.php sql injection
E
CVE-2024-4800 Kashipara College Management System submit_student.php sql injection
E
CVE-2024-4801 Kashipara College Management System submit_new_faculty.php sql injection
E
CVE-2024-4802 Kashipara College Management System submit_extracurricular_activity.php sql injection
E
CVE-2024-4803 Kashipara College Management System submit_admin.php sql injection
E
CVE-2024-4804 Kashipara College Management System edit_user.php sql injection
E
CVE-2024-4805 Kashipara College Management System edit_faculty.php sql injection
E
CVE-2024-4806 Kashipara College Management System each_extracurricula_activities.php sql injection
E
CVE-2024-4807 Kashipara College Management System delete_user.php sql injection
E
CVE-2024-4808 Kashipara College Management System delete_faculty.php sql injection
E
CVE-2024-4809 SourceCodester Open Source Clinic Management System setting.php unrestricted upload
E
CVE-2024-4810 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This CVE...
R
CVE-2024-4811 In affected versions of Octopus Server under certain conditions, a user with specific role assignmen...
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
CVE-2024-4813 Ruijie RG-UAC interface_commit.php os command injection
E S
CVE-2024-4814 Ruijie RG-UAC static_route_edit_commit.php os command injection
E S
CVE-2024-4815 Ruijie RG-UAC detail.php os command injection
E
CVE-2024-4816 Ruijie RG-UAC gre_add_commit.php os command injection
E S
CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection
E
CVE-2024-4818 Campcodes Online Laundry Management System index.php file inclusion
E
CVE-2024-4819 Campcodes Online Laundry Management System admin_class.php improper authorization
E
CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload
E
CVE-2024-4821 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode
S
CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
S
CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
S
CVE-2024-4824 SQL Injection in School ERP Pro+Responsive by AROX SOLUTION
S
CVE-2024-4825 Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo
S
CVE-2024-4826 SQL injection vulnerability in Simple PHP Shopping Cart
CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-4836 LFI in sites managed by Edito CMS
M
CVE-2024-4837 Trust Boundary Violation Vulnerability
CVE-2024-4838 ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-4839 CSRF in Servers Configurations in parisneo/lollms-webui
CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs
CVE-2024-4841 Path Traversal in parisneo/lollms-webui
CVE-2024-4842 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Not a vulnerability...
R
CVE-2024-4843 ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object r...
CVE-2024-4844 Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 S...
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]
S
CVE-2024-4846 Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an aut...
CVE-2024-4847 Alt Text AI – Automatically generate image alt text for SEO and accessibility <= 1.4.9 - Authenticated (Subscriber+) SQL Injection
CVE-2024-4848 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter
CVE-2024-4851 SSRF Vulnerability in stangirard/quivr
E
CVE-2024-4853 Mismatched Memory Management Routines in editcap
S
CVE-2024-4854 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
S
CVE-2024-4855 Use After Free in editcap
S
CVE-2024-4856 FS Product Inquiry <= 1.1.1 - Reflected XSS
E
CVE-2024-4857 FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
E
CVE-2024-4858 Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update
S
CVE-2024-4859 Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking UR...
CVE-2024-4860 The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scri...
E
CVE-2024-4862 WPBITS Addons For Elementor Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter
S
CVE-2024-4865 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter
S
CVE-2024-4866 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-4868 Extensions for Elementor <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget
CVE-2024-4869 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header
CVE-2024-4870 Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation
CVE-2024-4871 Foreman: host ssh key not being checked in remote execution
M
CVE-2024-4872 A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited ...
CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference
CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
S
CVE-2024-4876 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4877 OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to cre...
CVE-2024-4878 Rejected reason: Unused CVE record, incorrectly reserved...
R
CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros
KEV
CVE-2024-4880 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4881 Path Traversal in parisneo/lollms
E S
CVE-2024-4882 URL Redirection to Arbitrary Site Exists in Sitefinity
CVE-2024-4883 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
CVE-2024-4884 WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2024-4885 WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
KEV
CVE-2024-4886 BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR
E
CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion
S
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
E
CVE-2024-4889 Code Injection in berriai/litellm
E
CVE-2024-4890 Blind SQL Injection in berriai/litellm
E
CVE-2024-4891 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4892 BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-4893 DigiWin EasyFlow .NET - SQL Injection
S
CVE-2024-4894 ITPison OMICARD EDM - Server-Side Request Forgery
S
CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import
CVE-2024-4896 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
S
CVE-2024-4897 Remote Code Execution in parisneo/lollms-webui
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
S
CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS
E
CVE-2024-4900 SEOPress < 7.8 - Contributor+ Open Redirect
E
CVE-2024-4901 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection
S
CVE-2024-4903 Tongda OA delete.php sql injection
E
CVE-2024-4904 Byzoro Smart S200 Management Platform userattestation.php unrestricted upload
E
CVE-2024-4905 Kashipara College Management System view_students_each_detail.php sql injection
E
CVE-2024-4906 Campcodes Complete Web-Based School Management System show_student1.php sql injection
E
CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection
E
CVE-2024-4908 Campcodes Complete Web-Based School Management System student_attendance_history1.php sql injection
E
CVE-2024-4909 Campcodes Complete Web-Based School Management System student_due_payment.php sql injection
E
CVE-2024-4910 Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php sql injection
E
CVE-2024-4911 Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injection
E
CVE-2024-4912 Campcodes Online Examination System addExamExe.php sql injection
E
CVE-2024-4913 Campcodes Online Examination System exam.php sql injection
E
CVE-2024-4914 Campcodes Online Examination System ranking-exam.php sql injection
E
CVE-2024-4915 Campcodes Online Examination System result.php sql injection
E
CVE-2024-4916 Campcodes Online Examination System selExamAttemptExe.php sql injection
E
CVE-2024-4917 Campcodes Online Examination System submitAnswerExe.php sql injection
E
CVE-2024-4918 Campcodes Online Examination System updateQuestion.php sql injection
E S
CVE-2024-4919 Campcodes Online Examination System addCourseExe.php sql injection
E
CVE-2024-4920 SourceCodester Online Discussion Forum Site registerH.php unrestricted upload
E
CVE-2024-4921 SourceCodester Employee and Visitor Gate Pass Logging System unrestricted upload
E
CVE-2024-4922 SourceCodester Simple Image Stack Website cross site scripting
E
CVE-2024-4923 Codezips E-Commerce Site addproduct.php unrestricted upload
E
CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting
E
CVE-2024-4925 SourceCodester School Intramurals Student Attendance Management System manage_course.php sql injection
E
CVE-2024-4926 SourceCodester School Intramurals Student Attendance Management System manage_student.php sql injection
E
CVE-2024-4927 SourceCodester Simple Online Bidding System unrestricted upload
E
CVE-2024-4928 SourceCodester Simple Online Bidding System sql injection
E
CVE-2024-4929 SourceCodester Simple Online Bidding System cross-site request forgery
E
CVE-2024-4930 SourceCodester Simple Online Bidding System sql injection
E
CVE-2024-4931 SourceCodester Simple Online Bidding System sql injection
E
CVE-2024-4932 SourceCodester Simple Online Bidding System sql injection
E
CVE-2024-4933 SourceCodester Simple Online Bidding System sql injection
E
CVE-2024-4934 Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
E
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
S
CVE-2024-4939 Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode
S
CVE-2024-4940 Open Redirect in gradio-app/gradio
CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio
E S
CVE-2024-4942 Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-4943 Blocksy <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4944 Mobile VPN with SSL Local Privilege Escalation Vulnerability
CVE-2024-4945 SourceCodester Best Courier Management System view_parcel.php unrestricted upload
E
CVE-2024-4946 SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload
E
CVE-2024-4947 Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute ar...
KEV E
CVE-2024-4948 Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentia...
E
CVE-2024-4949 Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentiall...
E
CVE-2024-4950 Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote a...
E
CVE-2024-4951 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4952 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-4956 Nexus Repository 3 - Path Traversal
CVE-2024-4957 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS
E
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation
CVE-2024-4959 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items
E
CVE-2024-4960 D-Link DAR-7000-40 licenseauthorization.php unrestricted upload
E
CVE-2024-4961 D-Link DAR-7000-40 onlineuser.php unrestricted upload
E
CVE-2024-4962 D-Link DAR-7000-40 resmanage.php unrestricted upload
E
CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload
E
CVE-2024-4964 D-Link DAR-7000-40 urlblist.php unrestricted upload
E
CVE-2024-4965 D-Link DAR-7000-40 resmanage.php os command injection
E
CVE-2024-4966 SourceCodester SchoolWebTech home.php unrestricted upload
E
CVE-2024-4967 SourceCodester Interactive Map with Marker delete-mark.php sql injection
E
CVE-2024-4968 SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting
E
CVE-2024-4969 Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
E
CVE-2024-4970 Widget Bundle <= 2.0.0 - Admin+ Stored XSS
E
CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2024-4972 code-projects Simple Chat System login.php sql injection
E
CVE-2024-4973 code-projects Simple Chat System register.php sql injection
E
CVE-2024-4974 code-projects Simple Chat System register.php cross site scripting
E
CVE-2024-4975 code-projects Simple Chat System Message cross site scripting
E
CVE-2024-4976 Out-of-bounds array write in Xpdf 4.05 due to missing object type check
CVE-2024-4977 Index WP MySQL For Speed < 1.4.18 - Admin+ Reflected XSS
E
CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer
KEV E
CVE-2024-4980 WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters
CVE-2024-4981 Pagure: _update_file_in_git() follows symbolic links in temporary clones
CVE-2024-4982 Pagure: path traversal in view_issue_raw_file()
CVE-2024-4983 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-4985 An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utili...
CVE-2024-4988 Improper permission control in com.transsion.videocallenhancer
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
E
CVE-2024-4991 SQL injection vulnerability in SiAdmin
CVE-2024-4992 SQL injection vulnerability in SiAdmin
CVE-2024-4993 SQL injection vulnerability in SiAdmin
CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop
CVE-2024-4996 Hardcoded Password in Wapro ERP Desktop
CVE-2024-4997 WPUpper Share Buttons <= 3.43 - Missing Authorization
CVE-2024-4998 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4566. Reason: T...
R
CVE-2024-4999 Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
M
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.