CVE-2024-43xxx

There are 862 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-43005 A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2...
CVE-2024-43006 A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at li...
CVE-2024-43009 A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 20...
CVE-2024-43011 An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 a...
CVE-2024-43022 An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v...
CVE-2024-43024 Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlie...
CVE-2024-43025 An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter...
CVE-2024-43027 DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 3...
CVE-2024-43031 autMan v2.9.6 was discovered to contain an access control issue....
CVE-2024-43032 autMan v2.9.6 allows attackers to bypass authentication via a crafted web request....
CVE-2024-43033 JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrar...
CVE-2024-43040 Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injec...
CVE-2024-43042 Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute forc...
E
CVE-2024-43044 Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files fr...
CVE-2024-43045 Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP en...
CVE-2024-43046 Information Exposure in TZ Secure OS
CVE-2024-43047 Use After Free in DSP Service
KEV S
CVE-2024-43048 Stack-based Buffer Overflow in Performance
CVE-2024-43049 Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host
CVE-2024-43050 Stack-based Buffer Overflow in WLAN Windows Host
CVE-2024-43051 Improper Authorization in SPS-HLOS
CVE-2024-43052 Improper Input Validation in Video Analytics and Processing
CVE-2024-43053 Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host
CVE-2024-43055 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera_Linux
CVE-2024-43056 Buffer Over-read in Hypervisor
CVE-2024-43057 Use After Free in MProc
S
CVE-2024-43058 Incorrect Type Conversion or Cast in Multimedia Frameworks
CVE-2024-43059 Use After Free in Automotive Multimedia
S
CVE-2024-43060 Use of Out-of-range Pointer Offset in Automotive Audio
S
CVE-2024-43061 Use After Free in Audio
S
CVE-2024-43062 Use After Free in Camera Linux
S
CVE-2024-43063 Buffer Over-read in Automotive Autonomy
CVE-2024-43064 Permissions, Privileges, and Access Controls issue in Automotive OS Platform
CVE-2024-43065 Exposed Dangerous Method or Function in HLOS
CVE-2024-43066 Use After Free in HLOS
CVE-2024-43067 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera
CVE-2024-43077 In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory...
CVE-2024-43080 In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to uns...
S
CVE-2024-43081 In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restrictio...
S
CVE-2024-43082 In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due t...
S
CVE-2024-43083 In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to ...
S
CVE-2024-43084 In visitUris of multiple files, there is a possible information disclosure due to a confused deputy....
S
CVE-2024-43085 In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over...
S
CVE-2024-43086 In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account c...
S
CVE-2024-43087 In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hi...
S
CVE-2024-43088 In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission sett...
S
CVE-2024-43089 In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a...
S
CVE-2024-43090 In multiple locations, there is a possible cross-user image read due to a missing permission check. ...
S
CVE-2024-43091 In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer o...
S
CVE-2024-43093 In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path fil...
KEV S
CVE-2024-43095 In multiple locations, there is a possible way to obtain any system permission due to a logic error ...
CVE-2024-43096 In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing boun...
CVE-2024-43097 In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overfl...
CVE-2024-43098 i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
S
CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
M
CVE-2024-43101 Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software be...
CVE-2024-43102 umtx Kernel panic or Use-After-Free
CVE-2024-43105 Excessive Resource Consumption via `/export`
S
CVE-2024-43106 A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted lib...
CVE-2024-43107 Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permit...
CVE-2024-43108 goTenna Pro ATAK Plugin Missing Support for Integrity Check
S
CVE-2024-43110 Multiple issues in ctl(4) CAM Target Layer
CVE-2024-43111 Long pressing on a download link could potentially allow Javascript commands to be executed within t...
CVE-2024-43112 Long pressing on a download link could potentially provide a means for cross-site scripting This vul...
CVE-2024-43113 The contextual menu for links could provide an opportunity for cross-site scripting attacks This vul...
CVE-2024-43114 In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory perm...
CVE-2024-43116 WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43117 WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43118 WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability
S
CVE-2024-43119 WordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerability
S
CVE-2024-43120 WordPress TypeSquare Webfonts plugin <= 2.0.7 - Broken Access Control vulnerability
S
CVE-2024-43121 WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability
S
CVE-2024-43122 WordPress Robin image optimizer plugin <= 1.6.9 - Broken Access Control vulnerability
S
CVE-2024-43123 WordPress Card Elements for Elementor plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43124 WordPress Graphina plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43125 WordPress WP Table Builder plugin <= 1.4.15 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43126 WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43127 WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.11 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43128 WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability
S
CVE-2024-43129 WordPress BetterDocs plugin <= 3.5.8 - Local File Inclusion vulnerability
S
CVE-2024-43130 WordPress Football Pool plugin <= 2.11.10 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43131 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability
S
CVE-2024-43132 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability
S
CVE-2024-43133 WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43134 WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability
S
CVE-2024-43135 WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion vulnerability
S
CVE-2024-43136 WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability
S
CVE-2024-43137 WordPress WappPress Basic plugin <= 6.0.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43138 WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability
S
CVE-2024-43139 WordPress Football Pool plugin <= 2.11.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43140 WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.4 - Local File Inclusion vulnerability
S
CVE-2024-43141 WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability
S
CVE-2024-43142 WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability
S
CVE-2024-43143 WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability
S
CVE-2024-43144 WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
S
CVE-2024-43145 WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability
S
CVE-2024-43146 WordPress Accelerated Mobile Pages plugin <= 1.0.96.1 - Broken Access Control vulnerability
S
CVE-2024-43147 WordPress Selection Lite plugin <= 1.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43148 WordPress StreamCast <= 2.2.3 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43149 WordPress CM Tooltip Glossary Plugin <= 4.3.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43150 WordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43151 WordPress Ultimate Addons for Beaver Builder – Lite plugin <= 1.5.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43152 WordPress 3D FlipBook plugin <= 1.15.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43153 WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability
S
CVE-2024-43154 WordPress Advanced Cron Manager – debug & control plugin <= 2.5.9 - Broken Access Control vulnerability
S
CVE-2024-43155 WordPress ComboBlocks plugin <= 2.2.86 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43156 WordPress Post Grid Master plugin <= 3.4.10 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43157 WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability
S
CVE-2024-43158 WordPress Masteriyo LMS plugin <= 1.11.4 - Broken Access Control vulnerability
S
CVE-2024-43159 WordPress Masteriyo LMS plugin <= 1.11.6 - Broken Access Control vulnerability
S
CVE-2024-43160 WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
S
CVE-2024-43161 WordPress Slider & Popup Builder by Depicter plugin <= 3.1.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43162 WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability
S
CVE-2024-43163 WordPress ParcelPanel plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43164 WordPress Blockspare plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43165 WordPress WPSection plugin <= 1.3.8 - Contributor+ Limited Local File Inclusion vulnerability
S
CVE-2024-43167 Unbound: null pointer dereference in unbound
M
CVE-2024-43168 Unbound: heap-buffer-overflow in unbound
M
CVE-2024-43169 IBM Engineering Requirements Management DOORS Next file download
CVE-2024-43173 IBM Concert information disclosure
CVE-2024-43176 IBM OpenPages information disclosure
CVE-2024-43177 IBM Concert improper certificate validation
CVE-2024-43180 IBM Concert information disclosure
CVE-2024-43186 IBM InfoSphere Information Server information disclosure
CVE-2024-43187 IBM Security Verify Access information disclosure
CVE-2024-43188 IBM Business Automation Workflow improper input validation
CVE-2024-43189 IBM Concert Software information disclosure
CVE-2024-43191 IBM ManageIQ command execution
CVE-2024-43196 IBM OpenPages data manipulation
CVE-2024-43199 Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executa...
S
CVE-2024-43201 Planet Fitness Workouts mobile apps do not properly validate TLS certificates
E
CVE-2024-43202 Apache DolphinScheduler: Remote Code Execution Vulnerability
S
CVE-2024-43207 WordPress Unite Gallery Lite plugin <= 1.7.62 - SQL Injection vulnerability
CVE-2024-43208 WordPress Send Emails with Mandrill plugin <= 1.4.1 - Broken Access Control vulnerability
S
CVE-2024-43209 WordPress Bitly's WordPress Plugin plugin <= 2.7.2 - Broken Access Control vulnerability
S
CVE-2024-43210 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43211 WordPress MailChimp Subscribe Form plugin <=4.0.9.9 - Stored Cross-Site Scripting vulnerability
CVE-2024-43212 WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability
S
CVE-2024-43213 WordPress MultiVendorX Marketplace plugin <= 4.1.17 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43214 WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability
S
CVE-2024-43215 WordPress Social Slider Feed plugin <= 2.2.2 - Broken Access Control vulnerability
S
CVE-2024-43216 WordPress Filr – Secure document library plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43217 WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43218 WordPress Mediavine Control Panel plugin <= 2.10.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43219 WordPress Persian WooCommerce plugin <= 7.1.6 - Broken Access Control vulnerability
S
CVE-2024-43220 WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43221 WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
S
CVE-2024-43222 WordPress Sweet Date - More than a Wordpress Dating Theme theme <= 3.7.3 - Privilege Escalation vulnerability
S
CVE-2024-43223 WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability
S
CVE-2024-43224 WordPress YaMaps for WordPress Plugin plugin <= 0.6.27 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43225 WordPress Enter Addons plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43226 WordPress WP Dashboard Notes plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43227 WordPress BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg plugin <= 3.5.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43229 WordPress WP Search Analytics plugin <= 1.4.9 - Broken Access Control vulnerability
S
CVE-2024-43230 WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability
S
CVE-2024-43231 WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43232 WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability
S
CVE-2024-43233 WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43234 WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability
S
CVE-2024-43235 WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability
S
CVE-2024-43236 WordPress Easy PayPal & Stripe Buy Now Button plugin <= 1.9 - Open Redirection vulnerability
S
CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability
S
CVE-2024-43238 WordPress weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability
S
CVE-2024-43240 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-43241 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43242 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated PHP Object Injection vulnerability
CVE-2024-43243 WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability
S
CVE-2024-43244 WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43245 WordPress JobSearch plugin <= 2.3.4 - Unauthenticated Account Takeover vulnerability
CVE-2024-43246 WordPress WHMpress plugin <= 6.2-revision-5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43247 WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability
CVE-2024-43248 WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability
CVE-2024-43249 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability
CVE-2024-43250 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability
CVE-2024-43251 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability
CVE-2024-43252 WordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerability
S
CVE-2024-43253 WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability
S
CVE-2024-43254 WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability
S
CVE-2024-43255 WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.3.9 - CSRF to XSS vulnerability
CVE-2024-43256 WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability
CVE-2024-43257 WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability
CVE-2024-43258 WordPress Store Locator Plus® for WordPress plugin <= 2311.17.01 - Sensitive Data Exposure vulnerability
CVE-2024-43259 WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability
S
CVE-2024-43260 WordPress Clearfy Cache plugin <= 2.2.4 - Broken Access Control vulnerability
S
CVE-2024-43261 WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability
CVE-2024-43262 WordPress Busiprof theme <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43263 WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43264 WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability
CVE-2024-43265 WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability
S
CVE-2024-43266 WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.6 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-43267 WordPress Mega Addons For Elementor plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43268 WordPress Backup and Restore WordPress plugin <= 1.50 - Broken Access Control vulnerability
CVE-2024-43269 WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-43270 WordPress Backup and Restore WordPress plugin <= 1.50 - Unauthenticated Broken Access Control vulnerability
CVE-2024-43271 WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.0 - Local File Inclusion vulnerability
CVE-2024-43272 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability
S
CVE-2024-43273 WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability
S
CVE-2024-43274 WordPress JS Help Desk – The Ultimate Help Desk plugin <= 2.8.6 - Broken Access Control vulnerability
S
CVE-2024-43275 WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43276 WordPress Child Theme Creator by Orbisius plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43277 WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability
S
CVE-2024-43278 WordPress Meta Field Block plugin <= 1.2.13 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43279 WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43280 WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability
S
CVE-2024-43281 WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.3 - Local File Inclusion vulnerability
S
CVE-2024-43282 WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability
S
CVE-2024-43283 WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
S
CVE-2024-43284 WordPress WP Travel Gutenberg Blocks plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43285 WordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerability
S
CVE-2024-43286 WordPress Squirrly SEO plugin <= 12.3.19 - SQL Injection vulnerability
S
CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43288 WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-43289 WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability
S
CVE-2024-43290 WordPress Atarim plugin <= 4.0.1 - Broken Access Control vulnerability
S
CVE-2024-43291 WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43292 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43293 WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability
S
CVE-2024-43294 WordPress Bold Timeline Lite plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43295 WordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43296 WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability
S
CVE-2024-43297 WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability
S
CVE-2024-43298 WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability
S
CVE-2024-43299 WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43300 WordPress Movie Database plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43301 WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability
S
CVE-2024-43302 WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability
S
CVE-2024-43303 WordPress White Label CMS plugin <= 2.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43304 WordPress Cryptocurrency Widgets plugin <= 2.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43305 WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43306 WordPress WP-Lister Lite for eBay plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43307 WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43308 WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43309 WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43310 WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability
S
CVE-2024-43311 WordPress Login As Users plugin <= 1.4.2 - Broken Authentication vulnerability
S
CVE-2024-43312 WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability
S
CVE-2024-43313 WordPress FormFacade – WordPress plugin for Google Forms plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43314 WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerability
S
CVE-2024-43315 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-43316 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43317 WordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43318 WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43319 WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability
S
CVE-2024-43320 WordPress WPBakery Page Builder Addons plugin <= 3.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43321 WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43322 WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-43323 WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability
S
CVE-2024-43324 WordPress Clever Addons for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43325 WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability
S
CVE-2024-43326 WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability
S
CVE-2024-43327 WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43328 WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability
S
CVE-2024-43329 WordPress Allegiant theme <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43330 WordPress PowerPack for Beaver Builder plugin < 2.37.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43331 WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability
S
CVE-2024-43332 WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability
S
CVE-2024-43333 WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.2.1 - Privilege Escalation vulnerability
S
CVE-2024-43335 WordPress Responsive Blocks – WordPress Gutenberg Blocks plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43336 WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-43337 WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43338 WordPress Crowdsignal Polls & Ratings plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-43339 WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43340 WordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43341 WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability
S
CVE-2024-43342 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43343 WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability
S
CVE-2024-43344 WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43345 WordPress Landing Page Builder plugin <= 1.5.2.0 - Local File Inclusion vulnerability
S
CVE-2024-43346 WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43347 WordPress Button contact VR plugin <= 4.7.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43348 WordPress Purity Of Soul theme <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43349 WordPress All Bootstrap Blocks plugin <= 1.3.19 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43350 WordPress Propovoice CRM plugin <= 1.7.6.4 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-43351 WordPress Bravada theme <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43352 WordPress GivingPress Lite theme <= 1.8.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43353 WordPress myCred plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43354 WordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerability
S
CVE-2024-43355 WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability
S
CVE-2024-43356 WordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerability
S
CVE-2024-43357 JavaScript specification issue may lead to type confusion and pointer dereference in implementations
CVE-2024-43358 XSS vulnerability in filter view
S
CVE-2024-43359 XSS vulnerabilities in montagereview
S
CVE-2024-43360 ZoneMinder Time-based SQL Injection
E S
CVE-2024-43362 Stored Cross-site Scripting (XSS) when creating external links in Cacti
E
CVE-2024-43363 Remote code execution via Log Poisoning in Cacti
E
CVE-2024-43364 Stored Cross-site Scripting (XSS) when creating external links in Cacti
E
CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti
E
CVE-2024-43366 zkvyper ignored loop range bounds
E
CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF)
CVE-2024-43372 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43369. Reason: ...
R
CVE-2024-43373 webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
E S
CVE-2024-43374 Vim heap-use-after-free in src/arglist.c:207
CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
S
CVE-2024-43377 Umbraco CMS Improper Access Control vulnerability
S
CVE-2024-43378 calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
CVE-2024-43379 TruffleHog has a Blind SSRF in some Detectors
S
CVE-2024-43380 fugit parse and parse_nat stall on lengthy input
S
CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning
E S
CVE-2024-43382 Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can re...
CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
CVE-2024-43385 Phoenix Contact: OS command execution through PROXY_HTTP_PORT in mGuard devices
CVE-2024-43386 Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices.
CVE-2024-43387 Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices
CVE-2024-43388 Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices
CVE-2024-43389 Phoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devices
CVE-2024-43390 Phoenix Contact: Firewall reconfiguration due to improper input validation in MGUARD devices
CVE-2024-43391 Phoenix Contact: Firewall reconfiguration through the FW_PORTFORWARDING.SRC_IP in MGUARD devices
CVE-2024-43392 Phoenix Contact: Firewall reconfiguration through the FW_environment variables in MGUARD devices
CVE-2024-43393 Phoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devices
CVE-2024-43395 CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)
CVE-2024-43396 Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
E S
CVE-2024-43397 Potential unauthorized access issue in apollo-portal
S
CVE-2024-43398 REXML denial of service vulnerability
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
E S
CVE-2024-43400 XWiki Platform allows XSS through XClass name in string properties
S
CVE-2024-43401 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability
S
CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
CVE-2024-43404 Remote Code Execution Vulnerability in MEGABOT
S
CVE-2024-43405 Nuclei Template Signature Verification Bypass
S
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
E S
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
S
CVE-2024-43408 Discourse Placeholder Forms has a XSS stopped by CSP
CVE-2024-43409 Ghost's improper authentication allows access to member information and actions
S
CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount
CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover
CVE-2024-43412 Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS
S
CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns
S
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
E
CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability
CVE-2024-43416 GLPI vulnerable to enumeration of users' email addresses by unauthenticated user
S
CVE-2024-43417 Reflected XSS in Software form
CVE-2024-43418 GLPI has multiple reflected XSS
CVE-2024-43420 Exposure of sensitive information caused by shared microarchitectural predictor state that influence...
CVE-2024-43423 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Use of Hard-coded Password
S
CVE-2024-43424 Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Re...
CVE-2024-43425 Moodle: remote code execution via calculated question types
CVE-2024-43426 Moodle: arbitrary file read risk through pdftex
CVE-2024-43427 Moodle: admin presets export tool includes some secrets that should not be exported
CVE-2024-43428 Moodle: cache poisoning via injection into storage
M
CVE-2024-43429 Moodle: user information visibility control issues in gradebook reports
CVE-2024-43430 Moodle: lack of access control when using external methods for quiz overrides
CVE-2024-43431 Moodle: idor in badges allows deletion of arbitrary badges
M
CVE-2024-43432 Moodle: authorization headers preserved between "emulated redirects"
CVE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users
CVE-2024-43434 Moodle: csrf risk in feedback non-respondents report
M
CVE-2024-43435 Moodle: can create global glossary without being admin
CVE-2024-43436 Moodle: site administration sql injection via xmldb editor
M
CVE-2024-43437 Moodle: xss risk when restoring malicious course backup file
CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users
M
CVE-2024-43439 Moodle: reflected xss via h5p error message
CVE-2024-43440 Moodle: lfi vulnerability when restoring malformed block backups
CVE-2024-43441 Apache HugeGraph-Server: Fixed JWT Token(Secret)
CVE-2024-43442 Stored XSS in System Configuration
S
CVE-2024-43443 Stored XSS in process management
S
CVE-2024-43444 Passwords are written to Admin Log Module
S
CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing
S
CVE-2024-43446 Improper check of permissions in Generic Interface
S
CVE-2024-43447 Windows SMBv3 Server Remote Code Execution Vulnerability
S
CVE-2024-43449 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
S
CVE-2024-43450 Windows DNS Spoofing Vulnerability
S
CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
KEV S
CVE-2024-43452 Windows Registry Elevation of Privilege Vulnerability
S
CVE-2024-43453 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43454 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-43455 Windows Remote Desktop Licensing Service Spoofing Vulnerability
S
CVE-2024-43456 Windows Remote Desktop Services Tampering Vulnerability
S
CVE-2024-43457 Windows Setup and Deployment Elevation of Privilege Vulnerability
S
CVE-2024-43458 Windows Networking Information Disclosure Vulnerability
S
CVE-2024-43459 SQL Server Native Client Remote Code Execution Vulnerability
S
CVE-2024-43460 Dynamics 365 Business Central Elevation of Privilege Vulnerability
S
CVE-2024-43461 Windows MSHTML Platform Spoofing Vulnerability
KEV S
CVE-2024-43462 SQL Server Native Client Remote Code Execution Vulnerability
S
CVE-2024-43463 Microsoft Office Visio Remote Code Execution Vulnerability
S
CVE-2024-43464 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2024-43465 Microsoft Excel Elevation of Privilege Vulnerability
S
CVE-2024-43466 Microsoft SharePoint Server Denial of Service Vulnerability
S
CVE-2024-43467 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-43468 Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2024-43469 Azure CycleCloud Remote Code Execution Vulnerability
S
CVE-2024-43470 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
S
CVE-2024-43472 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
S
CVE-2024-43474 Microsoft SQL Server Information Disclosure Vulnerability
CVE-2024-43475 Microsoft Windows Admin Center Information Disclosure Vulnerability
S
CVE-2024-43476 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
S
CVE-2024-43477 Microsoft Entra ID Elevation of Privilege Vulnerability
CVE-2024-43479 Microsoft Power Automate Desktop Remote Code Execution Vulnerability
S
CVE-2024-43480 Azure Service Fabric for Linux Remote Code Execution Vulnerability
S
CVE-2024-43481 Power BI Report Server Spoofing Vulnerability
S
CVE-2024-43482 Microsoft Outlook for iOS Information Disclosure Vulnerability
S
CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
S
CVE-2024-43484 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
S
CVE-2024-43485 .NET and Visual Studio Denial of Service Vulnerability
S
CVE-2024-43487 Windows Mark of the Web Security Feature Bypass Vulnerability
S
CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
S
CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
S
CVE-2024-43492 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
S
CVE-2024-43495 Windows libarchive Remote Code Execution Vulnerability
S
CVE-2024-43496 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43497 DeepSpeed Remote Code Execution Vulnerability
S
CVE-2024-43498 .NET and Visual Studio Remote Code Execution Vulnerability
S
CVE-2024-43499 .NET and Visual Studio Denial of Service Vulnerability
S
CVE-2024-43500 Windows Resilient File System (ReFS) Information Disclosure Vulnerability
S
CVE-2024-43501 Windows Common Log File System Driver Elevation of Privilege Vulnerability
S
CVE-2024-43502 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43503 Microsoft SharePoint Elevation of Privilege Vulnerability
S
CVE-2024-43504 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2024-43505 Microsoft Office Visio Remote Code Execution Vulnerability
S
CVE-2024-43506 BranchCache Denial of Service Vulnerability
S
CVE-2024-43508 Windows Graphics Component Information Disclosure Vulnerability
S
CVE-2024-43509 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-43511 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43512 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
S
CVE-2024-43513 BitLocker Security Feature Bypass Vulnerability
S
CVE-2024-43514 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
S
CVE-2024-43515 Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
S
CVE-2024-43516 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
S
CVE-2024-43517 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
S
CVE-2024-43518 Windows Telephony Server Remote Code Execution Vulnerability
S
CVE-2024-43519 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
S
CVE-2024-43520 Windows Kernel Denial of Service Vulnerability
S
CVE-2024-43521 Windows Hyper-V Denial of Service Vulnerability
S
CVE-2024-43522 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
S
CVE-2024-43523 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-43524 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-43525 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-43526 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-43527 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43528 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
S
CVE-2024-43529 Windows Print Spooler Elevation of Privilege Vulnerability
S
CVE-2024-43530 Windows Update Stack Elevation of Privilege Vulnerability
S
CVE-2024-43532 Remote Registry Service Elevation of Privilege Vulnerability
S
CVE-2024-43533 Remote Desktop Client Remote Code Execution Vulnerability
S
CVE-2024-43534 Windows Graphics Component Information Disclosure Vulnerability
S
CVE-2024-43535 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-43536 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-43537 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43538 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43540 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43541 Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
S
CVE-2024-43542 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43543 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-43544 Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
S
CVE-2024-43545 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
S
CVE-2024-43546 Windows Cryptographic Information Disclosure Vulnerability
S
CVE-2024-43547 Windows Kerberos Information Disclosure Vulnerability
S
CVE-2024-43549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43550 Windows Secure Channel Spoofing Vulnerability
S
CVE-2024-43551 Windows Storage Elevation of Privilege Vulnerability
S
CVE-2024-43552 Windows Shell Remote Code Execution Vulnerability
S
CVE-2024-43553 NT OS Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43554 Windows Kernel-Mode Driver Information Disclosure Vulnerability
S
CVE-2024-43555 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43556 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-43557 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43558 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43559 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43560 Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
S
CVE-2024-43561 Windows Mobile Broadband Driver Denial of Service Vulnerability
S
CVE-2024-43562 Windows Network Address Translation (NAT) Denial of Service Vulnerability
S
CVE-2024-43563 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
S
CVE-2024-43564 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43565 Windows Network Address Translation (NAT) Denial of Service Vulnerability
S
CVE-2024-43566 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-43567 Windows Hyper-V Denial of Service Vulnerability
S
CVE-2024-43570 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43571 Sudo for Windows Spoofing Vulnerability
S
CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability
KEV S
CVE-2024-43573 Windows MSHTML Platform Spoofing Vulnerability
KEV S
CVE-2024-43574 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
S
CVE-2024-43575 Windows Hyper-V Denial of Service Vulnerability
S
CVE-2024-43576 Microsoft Office Remote Code Execution Vulnerability
S
CVE-2024-43577 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-43578 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43579 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43580 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2024-43581 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
S
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability
S
CVE-2024-43583 Winlogon Elevation of Privilege Vulnerability
E S
CVE-2024-43584 Windows Scripting Engine Security Feature Bypass Vulnerability
S
CVE-2024-43585 Code Integrity Guard Security Feature Bypass Vulnerability
S
CVE-2024-43587 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43589 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43590 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
S
CVE-2024-43591 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
S
CVE-2024-43592 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43593 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability
CVE-2024-43595 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43596 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-43598 LightGBM Remote Code Execution Vulnerability
S
CVE-2024-43599 Remote Desktop Client Remote Code Execution Vulnerability
S
CVE-2024-43600 Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-43601 Visual Studio Code for Linux Remote Code Execution Vulnerability
S
CVE-2024-43602 Azure CycleCloud Remote Code Execution Vulnerability
S
CVE-2024-43603 Visual Studio Collector Service Denial of Service Vulnerability
S
CVE-2024-43604 Outlook for Android Elevation of Privilege Vulnerability
S
CVE-2024-43607 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43608 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43609 Microsoft Office Spoofing Vulnerability
S
CVE-2024-43610 Copilot Studio Information Disclosure Vulnerability
CVE-2024-43611 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-43612 Power BI Report Server Spoofing Vulnerability
S
CVE-2024-43613 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
S
CVE-2024-43615 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
S
CVE-2024-43616 Microsoft Office Remote Code Execution Vulnerability
S
CVE-2024-43620 Windows Telephony Service Remote Code Execution Vulnerability
S
CVE-2024-43621 Windows Telephony Service Remote Code Execution Vulnerability
S
CVE-2024-43622 Windows Telephony Service Remote Code Execution Vulnerability
S
CVE-2024-43623 Windows NT OS Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43624 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
S
CVE-2024-43625 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
S
CVE-2024-43626 Windows Telephony Service Elevation of Privilege Vulnerability
S
CVE-2024-43627 Windows Telephony Service Remote Code Execution Vulnerability
S
CVE-2024-43628 Windows Telephony Service Remote Code Execution Vulnerability
S
CVE-2024-43629 Windows DWM Core Library Elevation of Privilege Vulnerability
S
CVE-2024-43630 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-43631 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
S
CVE-2024-43633 Windows Hyper-V Denial of Service Vulnerability
S
CVE-2024-43634 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
S
CVE-2024-43635 Windows Telephony Service Remote Code Execution Vulnerability
S
CVE-2024-43636 Win32k Elevation of Privilege Vulnerability
S
CVE-2024-43637 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
S
CVE-2024-43638 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
S
CVE-2024-43639 Windows KDC Proxy Remote Code Execution Vulnerability
S
CVE-2024-43640 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-43641 Windows Registry Elevation of Privilege Vulnerability
S
CVE-2024-43642 Windows SMB Denial of Service Vulnerability
S
CVE-2024-43643 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
S
CVE-2024-43644 Windows Client-Side Caching Elevation of Privilege Vulnerability
S
CVE-2024-43645 Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
S
CVE-2024-43646 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
S
CVE-2024-43647 A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versi...
CVE-2024-43648 Authenticated command injection via .exe parameter
CVE-2024-43649 Authenticated command injection via .exe parameter
CVE-2024-43650 Authenticated command injection in the action leads to full remote code execution as root on the charging station
CVE-2024-43651 Authenticated command injection in the action leads to full remote code execution as root on the charging station
CVE-2024-43652 Authenticated command injection in the action leads to full remote code execution as root on the charging station
CVE-2024-43653 Authenticated command injection in the action leads to full remote code execution as root on the charging station
CVE-2024-43654 Authenticated command injection in the action leads to full remote code execution as root on the charging station
CVE-2024-43655 Any authenticated users can execute OS commands as root using the .sh CGI script.
CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.
CVE-2024-43657 When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station.
CVE-2024-43658 Using the action or .sh script, arbitrary files and directories can be deleted using directory traversal.
CVE-2024-43659 Plaintext default credentials in firmware
CVE-2024-43660 Arbitrary file download using .sh
CVE-2024-43661 Buffer overflow in .so leads to DoS of OCPP service
CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/
CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault
CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100
M
CVE-2024-43684 Cross-Site Request Forgery vulnerability in TimeProvider 4100
M
CVE-2024-43685 Session token fixation in TimeProvider 4100
M
CVE-2024-43686 Reflected XSS in TimeProvider 4100 chart component
M
CVE-2024-43687 XSS vulnerability in bannerconfig endpoint in TimeProvider 4100
E S
CVE-2024-43688 cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffe...
CVE-2024-43689 Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a s...
CVE-2024-43690 Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and W...
CVE-2024-43692 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel
S
CVE-2024-43693 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection
S
CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information
S
CVE-2024-43696 Liteos_a has an Memory Leak vulnerability
CVE-2024-43697 Liteos_a has an Improper Input Validation vulnerability
CVE-2024-43698 Kieback&Peter DDC4000 Series Use of Weak Credentials
S
CVE-2024-43699 Delta Electronics DIAEnergie SQL Injection
S
CVE-2024-43700 xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, res...
S
CVE-2024-43701 GPU DDK - PowerVR: TLB invalidate UAF of dma_buf imported into multiple GPU devices
CVE-2024-43702 GPU DDK - MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages
CVE-2024-43703 GPU DDK - Duplicate calls to RGXCreateFreeList on the same reservation leads to GPU UAF
CVE-2024-43704 GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused
CVE-2024-43705 GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so)
CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor
CVE-2024-43708 An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a sp...
CVE-2024-43709 Elasticsearch allocation of resources without limits or throttling leads to crash
CVE-2024-43710 Kibana server-side request forgery
CVE-2024-43712 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43713 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43714 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43715 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43716 Adobe Experience Manager | Improper Access Control (CWE-284)
CVE-2024-43717 Adobe Experience Manager | Improper Access Control (CWE-284)
CVE-2024-43718 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43719 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43720 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43721 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43722 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43723 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43724 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43725 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43726 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43727 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43728 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43729 Adobe Experience Manager | Improper Authorization (CWE-285)
CVE-2024-43730 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43731 Adobe Experience Manager | Improper Authorization (CWE-285)
CVE-2024-43732 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43733 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43734 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43735 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-43736 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43737 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43738 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43739 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43740 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43742 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43743 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43744 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43745 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-43746 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43747 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43748 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43749 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43750 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43751 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43752 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-43754 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43755 Adobe Experience Manager | Improper Input Validation (CWE-20)
CVE-2024-43756 Photoshop Desktop | Heap-based Buffer Overflow (CWE-122)
CVE-2024-43758 Illustrator | Use After Free (CWE-416)
CVE-2024-43759 Illustrator | NULL Pointer Dereference (CWE-476)
CVE-2024-43760 Photoshop Desktop | Out-of-bounds Write (CWE-787)
CVE-2024-43762 In multiple locations, there is a possible way to avoid unbinding of a service from the system due t...
CVE-2024-43763 In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in...
CVE-2024-43764 In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock ...
CVE-2024-43765 In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/over...
CVE-2024-43767 In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to i...
CVE-2024-43768 In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overf...
CVE-2024-43769 In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could pre...
CVE-2024-43770 In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing b...
CVE-2024-43771 In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bo...
CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection
CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection
CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection
CVE-2024-43775 Huachu Easytest Online Learning Test Platform - SQL Injection
CVE-2024-43776 Huachu Easytest Online Learning Test Platform - SQL Injection
CVE-2024-43778 OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEER...
CVE-2024-43779 An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise ...
CVE-2024-43780 Unauthorized channel file upload
S
CVE-2024-43781 A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D ...
CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation
S
CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
E S
CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion
CVE-2024-43785 gitoxide-core does not neutralize special characters for terminals
CVE-2024-43787 Hono CSRF middleware can be bypassed using crafted Content-Type header
CVE-2024-43788 DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)
E S
CVE-2024-43789 Denial of service by the absence of restrictions on replies to posts in Discourse
CVE-2024-43790 heap-buffer-overflow in do_search() in Vim < 9.1.0689
CVE-2024-43791 RequestStore has Incorrect Default Permissions
CVE-2024-43792 Halo's editor has a stored Cross-Site Scripting vulnerability
E
CVE-2024-43793 Halo's editor has a stored XSS vulnerability
E
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)
S
CVE-2024-43796 express vulnerable to XSS via response.redirect()
S
CVE-2024-43797 Path Traversal in audiobookshelf
E M
CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint
CVE-2024-43799 send vulnerable to template injection that can lead to XSS
S
CVE-2024-43800 serve-static affected by template injection that can lead to XSS
S
CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin
S
CVE-2024-43802 heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697
CVE-2024-43803 BMO can expose particularly named secrets from other namespaces via BMH CRD
CVE-2024-43804 OS Command Injection via Port Scan Functionality in Roxy-WI
E
CVE-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
CVE-2024-43807 In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page...
CVE-2024-43808 In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin...
CVE-2024-43809 In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page...
CVE-2024-43810 In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin...
CVE-2024-43811 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or...
R
CVE-2024-43812 Kieback&Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials
S
CVE-2024-43813 IDOR when marking read a user's channel
S
CVE-2024-43814 goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data
S
CVE-2024-43815 crypto: mxs-dcp - Ensure payload is zero when using key slot
S
CVE-2024-43816 scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
CVE-2024-43817 net: missing check virtio
S
CVE-2024-43818 ASoC: amd: Adjust error handling in case of absent codec device
S
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
S
CVE-2024-43820 dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
CVE-2024-43821 scsi: lpfc: Fix a possible null pointer dereference
S
CVE-2024-43822 ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe()
S
CVE-2024-43823 PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
S
CVE-2024-43824 PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
S
CVE-2024-43825 iio: Fix the sorting functionality in iio_gts_build_avail_time_table
S
CVE-2024-43826 nfs: pass explicit offset/count to trace events
CVE-2024-43827 drm/amd/display: Add null check before access structs
S
CVE-2024-43828 ext4: fix infinite loop when replaying fast_commit
S
CVE-2024-43829 drm/qxl: Add check for drm_cvt_mode
S
CVE-2024-43830 leds: trigger: Unregister sysfs attributes before calling deactivate()
CVE-2024-43831 media: mediatek: vcodec: Handle invalid decoder vsi
CVE-2024-43832 s390/uv: Don't call folio_wait_writeback() without a folio reference
CVE-2024-43833 media: v4l: async: Fix NULL pointer dereference in adding ancillary links
S
CVE-2024-43834 xdp: fix invalid wait context of page_pool_destroy()
S
CVE-2024-43835 virtio_net: Fix napi_skb_cache_put warning
S
CVE-2024-43836 net: ethtool: pse-pd: Fix possible null-deref
S
CVE-2024-43837 bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT
S
CVE-2024-43838 bpf: fix overflow check in adjust_jmp_off()
S
CVE-2024-43839 bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
S
CVE-2024-43840 bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
S
CVE-2024-43841 wifi: virt_wifi: avoid reporting connection success with wrong SSID
S
CVE-2024-43842 wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
S
CVE-2024-43843 riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
S
CVE-2024-43844 wifi: rtw89: wow: fix GTK offload H2C skbuff issue
S
CVE-2024-43845 udf: Fix bogus checksum computation in udf_rename()
S
CVE-2024-43846 lib: objagg: Fix general protection fault
S
CVE-2024-43847 wifi: ath12k: fix invalid memory access while processing fragmented packets
S
CVE-2024-43848 wifi: mac80211: fix TTLM teardown work
S
CVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex
S
CVE-2024-43850 soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
S
CVE-2024-43851 soc: xilinx: rename cpu_number1 to dummy_cpu_number
S
CVE-2024-43852 hwmon: (ltc2991) re-order conditions to fix off by one bug
S
CVE-2024-43853 cgroup/cpuset: Prevent UAF in proc_cpuset_show()
S
CVE-2024-43854 block: initialize integrity buffer to zero before writing it to media
S
CVE-2024-43855 md: fix deadlock between mddev_suspend and flush bio
S
CVE-2024-43856 dma: fix call order in dmam_free_coherent
S
CVE-2024-43857 f2fs: fix null reference error when checking end of zone
S
CVE-2024-43858 jfs: Fix array-index-out-of-bounds in diFree
S
CVE-2024-43859 f2fs: fix to truncate preallocated blocks in f2fs_file_open()
S
CVE-2024-43860 remoteproc: imx_rproc: Skip over memory region when node value is NULL
S
CVE-2024-43861 net: usb: qmi_wwan: fix memory leak for not ip packets
S
CVE-2024-43862 net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex
S
CVE-2024-43863 drm/vmwgfx: Fix a deadlock in dma buf fence polling
S
CVE-2024-43864 net/mlx5e: Fix CT entry update leaks of modify header context
CVE-2024-43865 s390/fpu: Re-add exception handling in load_fpu_state()
CVE-2024-43866 net/mlx5: Always drain health in shutdown callback
S
CVE-2024-43867 drm/nouveau: prime: fix refcount underflow
CVE-2024-43868 riscv/purgatory: align riscv_kernel_entry
CVE-2024-43869 perf: Fix event leak upon exec and file release
CVE-2024-43870 perf: Fix event leak upon exit
CVE-2024-43871 devres: Fix memory leakage caused by driver API devm_free_percpu()
S
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
S
CVE-2024-43873 vhost/vsock: always initialize seqpacket_allow
S
CVE-2024-43874 crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked
S
CVE-2024-43875 PCI: endpoint: Clean up error handling in vpci_scan_bus()
CVE-2024-43876 PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
CVE-2024-43877 media: pci: ivtv: Add check for DMA map result
CVE-2024-43878 xfrm: Fix input error path memory access
CVE-2024-43879 wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning
CVE-2024-43881 wifi: ath12k: change DMA direction while mapping reinjected packets
CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage
S
CVE-2024-43883 usb: vhci-hcd: Do not drop references before new references are gained
CVE-2024-43884 Bluetooth: MGMT: Add error handling to pair_device()
S
CVE-2024-43885 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-43886 drm/amd/display: Add null check in resource_log_pipe_topology_update
S
CVE-2024-43887 net/tcp: Disable TCP-AO static key after RCU grace period
S
CVE-2024-43888 mm: list_lru: fix UAF for memory cgroup
S
CVE-2024-43889 padata: Fix possible divide-by-0 panic in padata_mt_helper()
S
CVE-2024-43890 tracing: Fix overflow in get_free_elt()
S
CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED
S
CVE-2024-43892 memcg: protect concurrent access to mem_cgroup_idr
S
CVE-2024-43893 serial: core: check uartclk for zero to avoid divide by zero
S
CVE-2024-43894 drm/client: fix null pointer dereference in drm_client_modeset_probe
S
CVE-2024-43895 drm/amd/display: Skip Recompute DSC Params if no Stream on Link
S
CVE-2024-43896 ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL
S
CVE-2024-43897 net: drop bad gso csum_start and offset in virtio_net_hdr
S
CVE-2024-43898 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-43899 drm/amd/display: Fix null pointer deref in dcn20_resource.c
S
CVE-2024-43900 media: xc2028: avoid use-after-free in load_firmware_cb()
S
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
S
CVE-2024-43902 drm/amd/display: Add null checker before passing variables
S
CVE-2024-43903 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-43904 drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
S
CVE-2024-43905 drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
S
CVE-2024-43906 drm/admgpu: fix dereferencing null pointer context
S
CVE-2024-43907 drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
S
CVE-2024-43908 drm/amdgpu: Fix the null pointer dereference to ras_manager
S
CVE-2024-43909 drm/amdgpu/pm: Fix the null pointer dereference for smu7
S
CVE-2024-43910 bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses
S
CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session
S
CVE-2024-43912 wifi: nl80211: disallow setting special AP channel widths
S
CVE-2024-43913 nvme: apple: fix device reference counting
S
CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling
S
CVE-2024-43915 WordPress Zephyr Project Manager plugin <=3.3.102 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43916 WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-43917 WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
CVE-2024-43918 WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability
S
CVE-2024-43919 WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability
CVE-2024-43920 WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43921 WordPress Generate Images – Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43922 WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability
S
CVE-2024-43923 WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability
S
CVE-2024-43924 WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability
S
CVE-2024-43925 WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability
S
CVE-2024-43926 WordPress Beaver Builder plugin <= 2.8.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43927 WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43928 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability
S
CVE-2024-43929 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability
S
CVE-2024-43930 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability
S
CVE-2024-43931 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - PHP Object Injection vulnerability
S
CVE-2024-43932 WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability
S
CVE-2024-43933 WordPress WPMobile.App plugin <= 11.48 - CSRF to Stored XSS vulnerability
S
CVE-2024-43934 WordPress Collapsing Archives plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43935 WordPress WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43936 WordPress EmbedPress plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43937 WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability
S
CVE-2024-43938 WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43939 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability
CVE-2024-43940 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability
CVE-2024-43941 WordPress Propovoice Pro plugin <= 1.7.0.3 - Unauthenticated SQL Injection vulnerability
CVE-2024-43942 WordPress Greenshift Query and Meta Addon plugin < 3.9.2 - Subscriber+ SQL Injection vulnerability
S
CVE-2024-43943 WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability
S
CVE-2024-43944 WordPress Maintenance & Coming Soon Redirect Animation plugin <= 2.1.3 - IP Bypass vulnerability
CVE-2024-43945 WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-43946 WordPress SKT Blocks plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43947 WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-43948 WordPress WP Armour Extended plugin <= 1.26 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability
CVE-2024-43950 WordPress Brickscore plugin <= 1.4.2.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43951 WordPress Tempera theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43952 WordPress Esotera theme <= 1.2.5.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43953 WordPress Classic Addons – WPBakery Page Builder plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43954 WordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure Vulnerability
CVE-2024-43955 WordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability
CVE-2024-43956 WordPress MemberPress plugin <= 1.11.34 - Broken Access Control vulnerability
S
CVE-2024-43957 WordPress Animated Number Counters plugin <= 1.9 - Editor+ Limited Local File Inclusion vulnerability
CVE-2024-43958 WordPress Into The Dark theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43959 WordPress Super Testimonials plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43960 WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43961 WordPress azurecurve Toggle Show/Hide plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43962 WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability
S
CVE-2024-43963 WordPress Visual CSS Style Editor plugin <= 7.6.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43964 WordPress DSGVO All in one for WP plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43965 WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
CVE-2024-43966 WordPress WP Testimonial Widget plugin <= 3.1 - SQL Injection vulnerability
CVE-2024-43967 WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability
S
CVE-2024-43969 WordPress Spiffy Calendar plugin <= 4.9.12 - SQL Injection vulnerability
S
CVE-2024-43970 WordPress SureCart plugin <= 2.29.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43971 WordPress Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43972 WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43973 WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability
S
CVE-2024-43974 WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability
S
CVE-2024-43975 WordPress Super Store Finder plugin <= 6.9.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43976 WordPress Super Store Finder plugin <= 6.9.7 - SQL Injection vulnerability
S
CVE-2024-43977 WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43978 WordPress Super Store Finder plugin < 6.9.8 - SQL Injection vulnerability
S
CVE-2024-43979 WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability
S
CVE-2024-43980 WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability
S
CVE-2024-43981 WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability
S
CVE-2024-43982 WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability
S
CVE-2024-43983 WordPress Podlove Podcast Publisher plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43984 WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability
S
CVE-2024-43985 WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43986 WordPress E-cab taxi booking manager plugin <=1.0.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43987 WordPress Sliding Door theme <= 3.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43988 WordPress Mystique theme <= 2.5.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43989 WordPress Justified Image Grid plugin <= 4.6.1 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability
CVE-2024-43990 WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability
S
CVE-2024-43991 WordPress Hotel Galaxy theme <= 4.4.24 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43992 WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43993 WordPress Liquido theme <= 1.0.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43994 WordPress Kahuna theme <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43995 WordPress Posterity theme <= 3.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43996 WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability
S
CVE-2024-43997 WordPress easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg plugin <= 2.4.14 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-43998 WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability
S
CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.