| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | S | |
| CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2024-49023 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2024-49025 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | | |
| CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | S | |
| CVE-2024-49035 | Partner.Microsoft.Com Elevation of Privilege Vulnerability | KEV | |
| CVE-2024-49038 | Microsoft Copilot Studio Elevation Of Privilege Vulnerability | | |
| CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2024-49042 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | | |
| CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | S | |
| CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | S | |
| CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability | S | |
| CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | S | |
| CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | S | |
| CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability | S | |
| CVE-2024-49052 | Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability | | |
| CVE-2024-49053 | Microsoft Dynamics 365 Sales Spoofing Vulnerability | | |
| CVE-2024-49054 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability | | |
| CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | | |
| CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | | |
| CVE-2024-49060 | Azure Stack HCI Elevation of Privilege Vulnerability | | |
| CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability | | |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | | |
| CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability | | |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | | |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability | | |
| CVE-2024-49071 | Windows Defender Information Disclosure Vulnerability | | |
| CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | | |
| CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | | |
| CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | | |
| CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | | |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | | |
| CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | | |
| CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability | | |
| CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | | |
| CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | | |
| CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | | |
| CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | | |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | | |
| CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | | |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | | |
| CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | | |
| CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | | |
| CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | | |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | | |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-49105 | Remote Desktop Client Remote Code Execution Vulnerability | | |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | | |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | | |
| CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | | |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | | |
| CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | | |
| CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | | |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | | |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | | |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | | |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | | |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | | |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | | |
| CVE-2024-49147 | Microsoft Update Catalog Elevation of Privilege Vulnerability | | |
| CVE-2024-49193 | Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, becaus... | | |
| CVE-2024-49194 | Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by trig... | | |
| CVE-2024-49195 | Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque ke... | | |
| CVE-2024-49196 | An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion ... | | |
| CVE-2024-49197 | An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850,... | | |
| CVE-2024-49200 | An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 thoug... | | |
| CVE-2024-49201 | Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Informatio... | | |
| CVE-2024-49202 | Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, a... | | |
| CVE-2024-49203 | Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: thi... | | |
| CVE-2024-49208 | Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability ... | | |
| CVE-2024-49209 | Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerabil... | | |
| CVE-2024-49210 | Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before ... | | |
| CVE-2024-49211 | Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x b... | | |
| CVE-2024-49214 | QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a ... | | |
| CVE-2024-49215 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidat... | R | |
| CVE-2024-49216 | WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49217 | WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability | | |
| CVE-2024-49218 | WordPress Recently plugin <= 1.1 - PHP Object Injection vulnerability | | |
| CVE-2024-49219 | WordPress RS-Members plugin <= 1.0.3 - Privilege Escalation vulnerability | | |
| CVE-2024-49220 | WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-49221 | WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-49222 | WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability | S | |
| CVE-2024-49223 | WordPress CJ Change Howdy plugin <= 3.3.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-49224 | WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49225 | WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49226 | WordPress TAKETIN To WP Membership plugin <= 2.8.0 - PHP Object Injection vulnerability | | |
| CVE-2024-49227 | WordPress Free Stock Photos Foter plugin <= 1.5.4 - PHP Object Injection vulnerability | | |
| CVE-2024-49228 | WordPress bVerse Convert plugin <= 1.3.7.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49229 | WordPress Better Author Bio plugin <= 2.7.10.11 - CSRF to Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49230 | WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49231 | WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49232 | WordPress El mejor Cluster plugin <= 1.1.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49233 | WordPress MAS Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49234 | WordPress Plexx Elementor Extension plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49235 | WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-49236 | WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49237 | WordPress Ahmeti Wp Timeline plugin <= 5.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-49238 | WordPress ADIF Log Search Widget plugin <= 1.0f - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49239 | WordPress Add Categories Post Footer plugin <= 2.2.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49240 | WordPress AB Categories Search Widget plugin <= 0.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49241 | WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49242 | WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49243 | WordPress Dynamic Elementor Addons plugin <= 1.0.0 - Local File Inclusion vulnerability | | |
| CVE-2024-49244 | WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 - SQL Injection vulnerability | | |
| CVE-2024-49245 | WordPress Ahime Image Printer plugin <= 1.0.0 - Arbitrary File Download vulnerability | | |
| CVE-2024-49246 | WordPress Ajax Rating with Custom Login plugin <= 1.1 - SQL Injection vulnerability | | |
| CVE-2024-49247 | WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability | | |
| CVE-2024-49248 | WordPress Ad Inserter plugin <= 2.7.37 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49249 | WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-49250 | WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-49251 | WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability | | |
| CVE-2024-49252 | WordPress leyka plugin <= 3.31.6 - Broken Access Control vulnerability | S | |
| CVE-2024-49253 | WordPress Analyse Uploads plugin <= 0.5 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-49254 | WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-49255 | WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49256 | WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability | S | |
| CVE-2024-49257 | WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49258 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability | | |
| CVE-2024-49259 | WordPress Primary Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49260 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49261 | WordPress Arkhe Blocks plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49262 | WordPress Country Flags for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49263 | WordPress My Favorites plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49264 | WordPress Events Addon for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49265 | WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49266 | WordPress WP-Spreadplugin plugin <= 4.8.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49267 | WordPress Unlimited Addon For Elementor plugin <=2.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49268 | WordPress disconnected theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49270 | WordPress Smart Blocks plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49271 | WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-49272 | WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49273 | WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49274 | WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49275 | WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49276 | WordPress Clio Grow plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49277 | WordPress UltraAddons – Elementor Addons plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49278 | WordPress Omnipress plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49279 | WordPress Hyperlink Group Block plugin <= 1.17.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49280 | WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49281 | WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49282 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49283 | WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49284 | WordPress WP SendFox plugin <= 1.3.1 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-49285 | WordPress SSV MailChimp plugin <= 3.1.5 - Local File Inclusion vulnerability | | |
| CVE-2024-49286 | WordPress SSV Events plugin <= 3.2.7 - Local File Inclusion to RCE vulnerability | | |
| CVE-2024-49287 | WordPress PDF-Rechnungsverwaltung plugin <= 0.0.1 - Local File Inclusion vulnerability | | |
| CVE-2024-49288 | WordPress Email Template Customizer for WooCommerce plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49289 | WordPress Cooked Pro plugin < 1.8.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49290 | WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49291 | WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability | S | |
| CVE-2024-49292 | WordPress Exclusive Addons for Elementor plugin <= 2.7.1 - Cross-Site Scripting vulnerability | S | |
| CVE-2024-49293 | WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability | S | |
| CVE-2024-49294 | WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-49295 | WordPress Simple Testimonials Showcase plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49296 | WordPress Custom Add to Cart Button Label and Link plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49297 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.9.0 - SQL Injection vulnerability | | |
| CVE-2024-49298 | WordPress PeproDev Ultimate Invoice plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49299 | WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability | | |
| CVE-2024-49300 | WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49301 | WordPress G Meta Keywords plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49302 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49303 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability | | |
| CVE-2024-49304 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49305 | WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability | | |
| CVE-2024-49306 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-49307 | WordPress Admin Management Xtended plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49308 | WordPress Animator – Scroll Triggered Animations plugin <= 3.0.11 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49309 | WordPress Digitally theme <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49310 | WordPress Themesflat Addons For Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49311 | WordPress Edwiser Bridge plugin <= 3.0.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49312 | WordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-49313 | WordPress VKontakte Wall Post plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49314 | WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49315 | WordPress FREE DOWNLOAD MANAGER plugin <= 1.0.0 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-49316 | WordPress Akismet htaccess writer plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49317 | WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability | S | |
| CVE-2024-49318 | WordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerability | | |
| CVE-2024-49319 | WordPress Awesome Contact Form7 for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49320 | WordPress Encyclopedia / Glossary / Wiki plugin <= 1.7.60 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49321 | WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability | S | |
| CVE-2024-49322 | WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability | | |
| CVE-2024-49323 | WordPress All in One Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49324 | WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49325 | WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability | | |
| CVE-2024-49326 | WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49327 | WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49328 | WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability | | |
| CVE-2024-49329 | WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49330 | WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49331 | WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49332 | WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability | | |
| CVE-2024-49333 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability | | |
| CVE-2024-49334 | WordPress jLayer Parallax Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49335 | WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49336 | IBM Security Guardium server-side request forgery | | |
| CVE-2024-49337 | IBM OpenPages HTML injection | S | |
| CVE-2024-49338 | IBM App Connect Enterprise information disclosure | | |
| CVE-2024-49339 | IBM Financial Transaction Manager cross-site scripting | | |
| CVE-2024-49340 | IBM Watson Studio Local cross-site request forgery | | |
| CVE-2024-49342 | IBM Informix Dynamic Server information disclosure | S | |
| CVE-2024-49343 | IBM Informix Dynamic Server HTML injection | S | |
| CVE-2024-49344 | IBM OpenPages session fixation | S | |
| CVE-2024-49348 | IBM Cloud Pak for Business Automation incorrect privilege assignment | | |
| CVE-2024-49349 | IBM Financial Transaction Manager cross-site scripting | | |
| CVE-2024-49350 | IBM Db2 denial of service | S | |
| CVE-2024-49351 | IBM Workload Scheduler information disclosure | | |
| CVE-2024-49352 | IBM Cognos Anaytics XML external entity injection | S | |
| CVE-2024-49353 | IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data denial of service | | |
| CVE-2024-49354 | IBM Concert information disclosure | | |
| CVE-2024-49355 | IBM OpenPages log manipulation | S | |
| CVE-2024-49357 | ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak | E | |
| CVE-2024-49358 | ZimaOS vulnerable to Username Enumeration via API Responses | E | |
| CVE-2024-49359 | ZimaOS vulnerable to Directory Listing via Parameter Manipulation | E | |
| CVE-2024-49360 | Path traversal in Sandboxie | E M | |
| CVE-2024-49361 | Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution | | |
| CVE-2024-49362 | Remote Code Execution on click of Link in markdown preview | E | |
| CVE-2024-49363 | Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey | | |
| CVE-2024-49364 | tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment | E | |
| CVE-2024-49365 | tiny-secp256k1 allows for verify() bypass when running in bundled environment | E | |
| CVE-2024-49366 | Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written | E | |
| CVE-2024-49367 | Nginx UI's log path can be controlled | | |
| CVE-2024-49368 | Unchecked logrotate settings lead to arbitrary command execution | E | |
| CVE-2024-49369 | Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections | | |
| CVE-2024-49370 | Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing | E | |
| CVE-2024-49373 | Centurion ERP user can view projects from organizations they're not apart of | S | |
| CVE-2024-49375 | Remote Code Execution via Remote Model Loading in Rasa | | |
| CVE-2024-49376 | Autolab Has Misconfigured Reset Password Permissions | S | |
| CVE-2024-49377 | Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint | | |
| CVE-2024-49378 | smartUp Cross-site Scripting vulnerability | | |
| CVE-2024-49379 | Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel | | |
| CVE-2024-49380 | Plenti arbitrary file write vulnerability | E | |
| CVE-2024-49381 | Plenti arbitrary file deletion vulnerability | E | |
| CVE-2024-49382 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The... | | |
| CVE-2024-49383 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The ... | | |
| CVE-2024-49384 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The... | | |
| CVE-2024-49385 | Sensitive information disclosure due to insecure folder permissions. The following products are affe... | | |
| CVE-2024-49386 | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis ... | | |
| CVE-2024-49387 | Cleartext transmission of sensitive information in acep-collector service. The following products ar... | | |
| CVE-2024-49388 | Sensitive information manipulation due to improper authorization. The following products are affecte... | | |
| CVE-2024-49389 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2024-49390 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-49391 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-49392 | Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following product... | | |
| CVE-2024-49393 | Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing | | |
| CVE-2024-49394 | Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing | | |
| CVE-2024-49395 | Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block | | |
| CVE-2024-49396 | Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100 | | |
| CVE-2024-49397 | Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100 | | |
| CVE-2024-49398 | Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100 | | |
| CVE-2024-49399 | Missing Authentication for Critical Function in Elvaco M-Bus Metering Gateway CMe3100 | | |
| CVE-2024-49400 | Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex ... | | |
| CVE-2024-49401 | Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attac... | | |
| CVE-2024-49402 | Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to a... | | |
| CVE-2024-49403 | Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attack... | | |
| CVE-2024-49404 | Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 i... | | |
| CVE-2024-49405 | Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical... | | |
| CVE-2024-49406 | Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows l... | | |
| CVE-2024-49407 | Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to acces... | | |
| CVE-2024-49408 | Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows loc... | | |
| CVE-2024-49409 | Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galax... | | |
| CVE-2024-49410 | Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to... | | |
| CVE-2024-49411 | Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk ... | | |
| CVE-2024-49412 | Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broa... | | |
| CVE-2024-49413 | Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allo... | | |
| CVE-2024-49414 | Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows phy... | | |
| CVE-2024-49415 | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute... | | |
| CVE-2024-49416 | Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows loc... | | |
| CVE-2024-49417 | Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local... | | |
| CVE-2024-49418 | Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.0... | | |
| CVE-2024-49419 | Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.0... | | |
| CVE-2024-49420 | Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global a... | | |
| CVE-2024-49421 | Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 1... | | |
| CVE-2024-49422 | Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers... | | |
| CVE-2024-49501 | Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If th... | | |
| CVE-2024-49502 | Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web | | |
| CVE-2024-49503 | Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web | | |
| CVE-2024-49504 | grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images | | |
| CVE-2024-49505 | XSS vulnerability found in OpenSuse MirrorCache | E | |
| CVE-2024-49506 | Fixed temporary file path in aeon-checks allows fixing of disk encryption key | | |
| CVE-2024-49507 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49508 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49509 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49510 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49511 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49512 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49513 | Not a product | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49514 | Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-49515 | Substance3D - Painter | Untrusted Search Path (CWE-426) | | |
| CVE-2024-49516 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49517 | Substance3D - Painter | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49518 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49519 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49520 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49521 | Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) | | |
| CVE-2024-49522 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49523 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-49524 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-49525 | Substance3D - Painter | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49526 | Animate | Use After Free (CWE-416) | | |
| CVE-2024-49527 | Animate | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49528 | Animate | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49529 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49530 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2024-49531 | Acrobat Reader | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-49532 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49533 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49534 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49535 | Acrobat Reader | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) | | |
| CVE-2024-49536 | Audition | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49537 | After Effects | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2024-49538 | Illustrator | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49541 | Illustrator | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49543 | InDesign Desktop | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2024-49544 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49545 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49546 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49547 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49548 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49549 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-49550 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-49551 | Media Encoder | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49552 | Media Encoder | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-49553 | Media Encoder | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-49554 | Media Encoder | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-49557 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Imp... | | |
| CVE-2024-49558 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Imp... | | |
| CVE-2024-49559 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use... | | |
| CVE-2024-49560 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a comm... | | |
| CVE-2024-49561 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Inc... | S | |
| CVE-2024-49563 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2024-49564 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2024-49565 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2024-49568 | net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg | | |
| CVE-2024-49569 | nvme-rdma: unquiesce admin_q before destroy it | | |
| CVE-2024-49570 | drm/xe/tracing: Fix a potential TP_printk UAF | S | |
| CVE-2024-49571 | net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg | | |
| CVE-2024-49573 | sched/fair: Fix NEXT_BUDDY | | |
| CVE-2024-49574 | SQL Injection | | |
| CVE-2024-49576 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_... | | |
| CVE-2024-49579 | In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execut... | | |
| CVE-2024-49580 | In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response informat... | | |
| CVE-2024-49581 | Access control issue impacting RV backed objects | | |
| CVE-2024-49588 | Multiple authenticated SQL injections in oracle-sidecar | | |
| CVE-2024-49589 | Foundry artifacts denial of service | | |
| CVE-2024-49592 | Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local p... | | |
| CVE-2024-49593 | In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for Wo... | | |
| CVE-2024-49595 | Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-... | M | |
| CVE-2024-49596 | Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability... | M | |
| CVE-2024-49597 | Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive... | M | |
| CVE-2024-49600 | Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. ... | | |
| CVE-2024-49601 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2024-49602 | Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulner... | | |
| CVE-2024-49603 | Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulne... | | |
| CVE-2024-49604 | WordPress Simple User Registration plugin <= 5.5 - Account Takeover vulnerability | | |
| CVE-2024-49605 | WordPress Community Lite Video Chat plugin <= 2.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-49606 | WordPress Google Map Locations plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49607 | WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49608 | WordPress GERRYWORKS Post by Mail plugin <= 1.0 - Privilege Escalation vulnerability | | |
| CVE-2024-49609 | WordPress Author Discussion plugin <= 0.2.2 - SQL Injection vulnerability | | |
| CVE-2024-49610 | WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49611 | WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49612 | WordPress SW Contact Form plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2024-49613 | WordPress Simple Code Insert Shortcode plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2024-49614 | WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability | | |
| CVE-2024-49615 | WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability | | |
| CVE-2024-49616 | WordPress Rate Own Post plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2024-49617 | WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability | | |
| CVE-2024-49618 | WordPress MyTweetLinks plugin <= 1.1.1 - SQL Injection vulnerability | | |
| CVE-2024-49619 | WordPress Social Link Groups plugin <= 1.1.0 - SQL Injection vulnerability | | |
| CVE-2024-49620 | WordPress FERMA.ru.net plugin <= 1.3.3 - SQL Injection vulnerability | | |
| CVE-2024-49621 | WordPress APA Register Newsletter Form plugin <= 1.0.0 - CSRF to SQL Injection vulnerability | | |
| CVE-2024-49622 | WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability | | |
| CVE-2024-49623 | WordPress Duplicate Title Validate plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2024-49624 | WordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerability | | |
| CVE-2024-49625 | WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability | | |
| CVE-2024-49626 | WordPress Shipyaari Shipping Management plugin <= 1.2 - PHP Object Injection vulnerability | | |
| CVE-2024-49627 | WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-49628 | WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49629 | WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-49630 | WordPress WP Education for Elementor plugin <= 1.2.8 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49631 | WordPress Easy Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49632 | WordPress CWD 3D Image Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49633 | WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49634 | WordPress BP Member Type Manager plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49635 | WordPress Banner Slider plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49636 | WordPress Agile Video Player Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49637 | WordPress Bet WC 2018 Russia plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49638 | WordPress Risk Warning Bar plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49639 | WordPress Monitor.chat plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49640 | WordPress ACL Floating Cart for WooCommerce plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49641 | WordPress Tida URL Screenshot plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49642 | WordPress Todo Custom Field plugin <= 3.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49643 | WordPress Whitelist plugin <= 3.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49644 | WordPress Accessibility by AllAccessible plugin <= 1.3.4 - Privilege Escalation vulnerability | S | |
| CVE-2024-49645 | WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49646 | WordPress Code Generate plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49647 | WordPress Simple Custom Admin plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49648 | WordPress SVG Captcha plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49649 | WordPress Build App Online plugin <= 1.0.23 - Local File Inclusion vulnerability | | |
| CVE-2024-49650 | WordPress BuddyPress Greeting Message plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49651 | WordPress WooCommerce Maintenance Mode plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49652 | WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49653 | WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49654 | WordPress Extra Privacy for Elementor plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49655 | WordPress ARPrice plugin <= 4.0.3 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-49656 | WordPress DocumentPress plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49657 | WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-49658 | WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49659 | WordPress Coub plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49660 | WordPress Campus Explorer Widget plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49661 | WordPress leenk.me plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49662 | WordPress Simple Load More plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49663 | WordPress uCAT – Next Story plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49664 | WordPress chatplusjp plugin <= 1.02 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49665 | WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49666 | WordPress ARPrice plugin <= 4.0.3 - SQL Injection vulnerability | | |
| CVE-2024-49667 | WordPress Local Business Addons For Elementor plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49668 | WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49669 | WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49670 | WordPress Client Power Tools Portal plugin <= 1.8.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49671 | WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49672 | WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49673 | WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49674 | WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability | | |
| CVE-2024-49675 | WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability | | |
| CVE-2024-49676 | WordPress Custom Icons for Elementor plugin <= 0.3.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-49677 | WordPress Bootstrap Buttons plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49678 | WordPress js paper theme <= 2.5.7 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49679 | WordPress WPKoi Templates for Elementor plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49680 | WordPress wpvr plugin <= 8.5.5 - Broken Access Control vulnerability | S | |
| CVE-2024-49681 | WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.9 - SQL Injection vulnerability | S | |
| CVE-2024-49682 | WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability | S | |
| CVE-2024-49683 | WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-49684 | WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - PHP Object Injection vulnerability | S | |
| CVE-2024-49685 | WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-49686 | WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability | S | |
| CVE-2024-49687 | WordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerability | S | |
| CVE-2024-49688 | WordPress ARPrice plugin <= 4.0.3 - Unauthenticated PHP Object Injection vulnerability | | |
| CVE-2024-49689 | WordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerability | S | |
| CVE-2024-49690 | WordPress Qi Blocks plugin <= 1.3.2 - Local File Inclusion vulnerability | S | |
| CVE-2024-49691 | WordPress Product Filter by WBW plugin <= 2.7.0 - SQL Injection vulnerability | S | |
| CVE-2024-49692 | WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49693 | WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49694 | WordPress My Wp Brand – Hide menu & Hide Plugin plugin <= 1.1.2 - Broken Access Control vulnerability | S | |
| CVE-2024-49695 | WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49696 | WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.21 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49697 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability | S | |
| CVE-2024-49698 | WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability | S | |
| CVE-2024-49699 | WordPress ARPrice plugin <= 4.0.3 - PHP Object Injection vulnerability | | |
| CVE-2024-49700 | WordPress ARPrice plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-49701 | WordPress Mags theme <= 1.1.6 - Local File Inclusion vulnerability | S | |
| CVE-2024-49702 | WordPress myCred Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49703 | WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-49704 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All ... | | |
| CVE-2024-49705 | XSS in iKSORIS | | |
| CVE-2024-49706 | XSS in iKSORIS | | |
| CVE-2024-49707 | XSS in iKSORIS | | |
| CVE-2024-49708 | XSS in iKSORIS | | |
| CVE-2024-49709 | XSS in iKSORIS | | |
| CVE-2024-49724 | In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions a... | | |
| CVE-2024-49732 | In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permis... | | |
| CVE-2024-49733 | In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS f... | | |
| CVE-2024-49734 | In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determi... | | |
| CVE-2024-49735 | In multiple locations, there is a possible failure to persist permissions settings due to resource e... | | |
| CVE-2024-49736 | In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user... | | |
| CVE-2024-49737 | In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch a... | | |
| CVE-2024-49738 | In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local esc... | | |
| CVE-2024-49740 | In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to... | | |
| CVE-2024-49742 | In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app ... | | |
| CVE-2024-49744 | In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass... | | |
| CVE-2024-49745 | In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check.... | | |
| CVE-2024-49747 | In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a lo... | | |
| CVE-2024-49748 | In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a... | | |
| CVE-2024-49749 | In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This... | | |
| CVE-2024-49750 | Snowflake Connector for Python has sensitive data in logs | S | |
| CVE-2024-49751 | Frappe Press possible HTML injection through SaaS Signup inputs | | |
| CVE-2024-49753 | Denied Host Validation Bypass in Zitadel Actions | E | |
| CVE-2024-49754 | LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php | E S | |
| CVE-2024-49755 | Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs | | |
| CVE-2024-49756 | AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. | | |
| CVE-2024-49757 | Zitadel User Registration Bypass Vulnerability | S | |
| CVE-2024-49758 | LibreNMS has a stored XSS in ExamplePlugin with Device's Notes | E S | |
| CVE-2024-49759 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php | E S | |
| CVE-2024-49760 | OpenRefine has a path traversal in LoadLanguageCommand | S | |
| CVE-2024-49761 | REXML ReDoS vulnerability | S | |
| CVE-2024-49762 | Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled | | |
| CVE-2024-49763 | PlexRipper allows API leak due to open CORS policy | | |
| CVE-2024-49764 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php | E S | |
| CVE-2024-49765 | Bypass of Discourse Connect using other login paths if enabled in Discourse | | |
| CVE-2024-49766 | Werkzeug safe_join not safe on Windows | | |
| CVE-2024-49767 | Werkzeug possible resource exhaustion when parsing file data in forms | S | |
| CVE-2024-49768 | Waitress has request processing race condition in HTTP pipelining with invalid first request | S | |
| CVE-2024-49769 | Waitress has a denial of service leading to high CPU usage/resource exhaustion | S | |
| CVE-2024-49770 | oak's path traversal allows transfer of hidden files within the served root directory | | |
| CVE-2024-49771 | MPXJ has a Potential Path Traversal Vulnerability | | |
| CVE-2024-49772 | Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM | | |
| CVE-2024-49773 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM | | |
| CVE-2024-49774 | ModuleScanner flaws in SuiteCRM | | |
| CVE-2024-49775 | A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intell... | | |
| CVE-2024-49776 | A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denia... | | |
| CVE-2024-49777 | A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to caus... | | |
| CVE-2024-49778 | A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to caus... | | |
| CVE-2024-49779 | IBM OpenPages cross-site request forgery | S | |
| CVE-2024-49780 | IBM OpenPages path traversal | S | |
| CVE-2024-49781 | IBM OpenPages XML external entity injection | S | |
| CVE-2024-49782 | IBM OpenPages improper certificate validation | S | |
| CVE-2024-49783 | IBM OpenPages with Watson information disclosure | S | |
| CVE-2024-49784 | IBM OpenPages with Watson information disclosure | S | |
| CVE-2024-49785 | IBM watsonx.ai cross-site scripting | | |
| CVE-2024-49790 | IBM Watson Studio on Cloud Pak for Data cross-site scripting | S | |
| CVE-2024-49791 | IBM ApplinX Cross-Site Scripting | | |
| CVE-2024-49792 | IBM ApplinX Cross-Site Scripting | | |
| CVE-2024-49793 | IBM ApplinX Cross-Site Scripting | | |
| CVE-2024-49794 | IBM ApplinX Cross-Site Request Forgery | | |
| CVE-2024-49795 | IBM ApplinX Cross-Site Request Forgery | | |
| CVE-2024-49796 | IBM ApplinX Clickjacking | | |
| CVE-2024-49797 | IBM ApplinX Information Disclosure | | |
| CVE-2024-49798 | IBM ApplinX Information Disclosure | | |
| CVE-2024-49800 | IBM ApplinX Information Disclosure | | |
| CVE-2024-49803 | IBM Security Verify Access Appliance command execution | | |
| CVE-2024-49804 | IBM Security Verify Access Appliance privilege escalation | | |
| CVE-2024-49805 | IBM Security Verify Access Appliance hard coded credentials | | |
| CVE-2024-49806 | IBM Security Verify Access Appliance hard coded credentials | | |
| CVE-2024-49807 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2024-49808 | IBM Sterling Connect:Direct Web Services improper authorization | | |
| CVE-2024-49814 | IBM Security Verify Access Appliance Privilege Escalation | | |
| CVE-2024-49816 | IBM Security Guardium Key Lifecycle Manager information disclosure | | |
| CVE-2024-49817 | IBM Security Guardium Key Lifecycle Manager information disclosure | | |
| CVE-2024-49818 | IBM Security Guardium Key Lifecycle Manager information disclosure | | |
| CVE-2024-49819 | IBM Security Guardium Key Lifecycle Manager information disclosure | | |
| CVE-2024-49820 | IBM Security Guardium Key Lifecycle Manager information disclosure | | |
| CVE-2024-49822 | IBM QRadar Advisor server-side request forgery | | |
| CVE-2024-49823 | IBM Common Cryptographic Architecture denial of service | | |
| CVE-2024-49824 | IBM Robotic Process Automation security bypass | | |
| CVE-2024-49825 | IBM Robotic Process Automation session fixation | | |
| CVE-2024-49827 | IBM Concert Software information disclosure | S | |
| CVE-2024-49828 | IBM Db2 for Linux, UNIX and Windows denial of service | S | |
| CVE-2024-49829 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera | S | |
| CVE-2024-49830 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio | S | |
| CVE-2024-49832 | Improper Validation of Array Index in Camera | S | |
| CVE-2024-49833 | Improper Validation of Array Index in Camera | S | |
| CVE-2024-49834 | Improper Validation of Array Index in Camera | S | |
| CVE-2024-49835 | Out-of-bounds Write in SPS Applications | | |
| CVE-2024-49836 | Improper Validation of Array Index in Camera | S | |
| CVE-2024-49837 | Improper Validation of Array Index in Automotive OS Platform | | |
| CVE-2024-49838 | Buffer Over-read in WLAN HOST | S | |
| CVE-2024-49839 | Buffer Over-read in WLAN Host Cmn | S | |
| CVE-2024-49840 | Use of Out-of-range Pointer Offset in WLAN Windows Host | | |
| CVE-2024-49841 | Detection of Error Condition Without Action in Hypervisor | | |
| CVE-2024-49842 | Improper Access Control in Hypervisor | | |
| CVE-2024-49843 | Improper Validation of Array Index in Graphics_Linux | S | |
| CVE-2024-49844 | Improper Input Validation in Automotive | | |
| CVE-2024-49845 | Improper Input Validation in HLOS | | |
| CVE-2024-49846 | Buffer Over-read in Multi-Mode Call Processor | | |
| CVE-2024-49847 | Buffer Over-read in Multi-Mode Call Processor | | |
| CVE-2024-49848 | Use After Free in DSP Service | | |
| CVE-2024-49849 | A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (... | | |
| CVE-2024-49850 | bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos | S | |
| CVE-2024-49851 | tpm: Clean up TPM space after command failure | S | |
| CVE-2024-49852 | scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() | S | |
| CVE-2024-49853 | firmware: arm_scmi: Fix double free in OPTEE transport | S | |
| CVE-2024-49854 | block, bfq: fix uaf for accessing waker_bfqq after splitting | S | |
| CVE-2024-49855 | nbd: fix race between timeout and normal completion | S | |
| CVE-2024-49856 | x86/sgx: Fix deadlock in SGX NUMA node search | S | |
| CVE-2024-49857 | wifi: iwlwifi: mvm: set the cipher for secured NDP ranging | S | |
| CVE-2024-49858 | efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption | S | |
| CVE-2024-49859 | f2fs: fix to check atomic_file in f2fs ioctl interfaces | S | |
| CVE-2024-49860 | ACPI: sysfs: validate return type of _STR method | S | |
| CVE-2024-49861 | bpf: Fix helper writes to read-only maps | S | |
| CVE-2024-49862 | powercap: intel_rapl: Fix off by one in get_rpi() | S | |
| CVE-2024-49863 | vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() | S | |
| CVE-2024-49864 | rxrpc: Fix a race between socket set up and I/O thread creation | S | |
| CVE-2024-49865 | drm/xe/vm: move xa_alloc to prevent UAF | S | |
| CVE-2024-49866 | tracing/timerlat: Fix a race during cpuhp processing | S | |
| CVE-2024-49867 | btrfs: wait for fixup workers before stopping cleaner kthread during umount | S | |
| CVE-2024-49868 | btrfs: fix a NULL pointer dereference when failed to start a new trasacntion | S | |
| CVE-2024-49869 | btrfs: send: fix buffer overflow detection when copying path to cache entry | S | |
| CVE-2024-49870 | cachefiles: fix dentry leak in cachefiles_open_file() | S | |
| CVE-2024-49871 | Input: adp5589-keys - fix NULL pointer dereference | S | |
| CVE-2024-49872 | mm/gup: fix memfd_pin_folios alloc race panic | S | |
| CVE-2024-49873 | mm/filemap: fix filemap_get_folios_contig THP panic | S | |
| CVE-2024-49874 | i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition | S | |
| CVE-2024-49875 | nfsd: map the EBADMSG to nfserr_io to avoid warning | S | |
| CVE-2024-49876 | drm/xe: fix UAF around queue destruction | S | |
| CVE-2024-49877 | ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate | S | |
| CVE-2024-49878 | resource: fix region_intersects() vs add_memory_driver_managed() | S | |
| CVE-2024-49879 | drm: omapdrm: Add missing check for alloc_ordered_workqueue | S | |
| CVE-2024-49880 | ext4: fix off by one issue in alloc_flex_gd() | S | |
| CVE-2024-49881 | ext4: update orig_path in ext4_find_extent() | S | |
| CVE-2024-49882 | ext4: fix double brelse() the buffer of the extents path | S | |
| CVE-2024-49883 | ext4: aovid use-after-free in ext4_ext_insert_extent() | S | |
| CVE-2024-49884 | ext4: fix slab-use-after-free in ext4_split_extent_at() | S | |
| CVE-2024-49885 | mm, slub: avoid zeroing kmalloc redzone | S | |
| CVE-2024-49886 | platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug | S | |
| CVE-2024-49887 | f2fs: fix to don't panic system for no free segment fault injection | S | |
| CVE-2024-49888 | bpf: Fix a sdiv overflow issue | S | |
| CVE-2024-49889 | ext4: avoid use-after-free in ext4_ext_show_leaf() | S | |
| CVE-2024-49890 | drm/amd/pm: ensure the fw_info is not null before using it | S | |
| CVE-2024-49891 | scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths | S | |
| CVE-2024-49892 | drm/amd/display: Initialize get_bytes_per_element's default to 1 | S | |
| CVE-2024-49893 | drm/amd/display: Check stream_status before it is used | S | |
| CVE-2024-49894 | drm/amd/display: Fix index out of bounds in degamma hardware format translation | S | |
| CVE-2024-49895 | drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation | S | |
| CVE-2024-49896 | drm/amd/display: Check stream before comparing them | S | |
| CVE-2024-49897 | drm/amd/display: Check phantom_stream before it is used | S | |
| CVE-2024-49898 | drm/amd/display: Check null-initialized variables | S | |
| CVE-2024-49899 | drm/amd/display: Initialize denominators' default to 1 | S | |
| CVE-2024-49900 | jfs: Fix uninit-value access of new_ea in ea_buffer | S | |
| CVE-2024-49901 | drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs | S | |
| CVE-2024-49902 | jfs: check if leafidx greater than num leaves per dmap tree | S | |
| CVE-2024-49903 | jfs: Fix uaf in dbFreeBits | S | |
| CVE-2024-49904 | drm/amdgpu: add list empty check to avoid null pointer issue | S | |
| CVE-2024-49905 | drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) | S | |
| CVE-2024-49906 | drm/amd/display: Check null pointer before try to access it | S | |
| CVE-2024-49907 | drm/amd/display: Check null pointers before using dc->clk_mgr | S | |
| CVE-2024-49908 | drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2) | S | |
| CVE-2024-49909 | drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func | S | |
| CVE-2024-49910 | drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func | S | |
| CVE-2024-49911 | drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func | S | |
| CVE-2024-49912 | drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' | S | |
| CVE-2024-49913 | drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream | S | |
| CVE-2024-49914 | drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe | S | |
| CVE-2024-49915 | drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw | S | |
| CVE-2024-49916 | drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw | S | |
| CVE-2024-49917 | drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw | S | |
| CVE-2024-49918 | drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer | S | |
| CVE-2024-49919 | drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer | S | |
| CVE-2024-49920 | drm/amd/display: Check null pointers before multiple uses | S | |
| CVE-2024-49921 | drm/amd/display: Check null pointers before used | S | |
| CVE-2024-49922 | drm/amd/display: Check null pointers before using them | S | |
| CVE-2024-49923 | drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags | S | |
| CVE-2024-49924 | fbdev: pxafb: Fix possible use after free in pxafb_task() | S | |
| CVE-2024-49925 | fbdev: efifb: Register sysfs groups through driver core | S | |
| CVE-2024-49926 | rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() | S | |
| CVE-2024-49927 | x86/ioapic: Handle allocation failures gracefully | S | |
| CVE-2024-49928 | wifi: rtw89: avoid reading out of bounds when loading TX power FW elements | S | |
| CVE-2024-49929 | wifi: iwlwifi: mvm: avoid NULL pointer dereference | S | |
| CVE-2024-49930 | wifi: ath11k: fix array out-of-bound access in SoC stats | S | |
| CVE-2024-49931 | wifi: ath12k: fix array out-of-bound access in SoC stats | S | |
| CVE-2024-49932 | btrfs: don't readahead the relocation inode on RST | S | |
| CVE-2024-49933 | blk_iocost: fix more out of bound shifts | S | |
| CVE-2024-49934 | fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name | S | |
| CVE-2024-49935 | ACPI: PAD: fix crash in exit_round_robin() | S | |
| CVE-2024-49936 | net/xen-netback: prevent UAF in xenvif_flush_hash() | S | |
| CVE-2024-49937 | wifi: cfg80211: Set correct chandef when starting CAC | S | |
| CVE-2024-49938 | wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit | S | |
| CVE-2024-49939 | wifi: rtw89: avoid to add interface to list twice when SER | S | |
| CVE-2024-49940 | l2tp: prevent possible tunnel refcount underflow | S | |
| CVE-2024-49941 | gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() | S | |
| CVE-2024-49942 | drm/xe: Prevent null pointer access in xe_migrate_copy | S | |
| CVE-2024-49943 | drm/xe/guc_submit: add missing locking in wedged_fini | S | |
| CVE-2024-49944 | sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start | S | |
| CVE-2024-49945 | net/ncsi: Disable the ncsi work before freeing the associated structure | S | |
| CVE-2024-49946 | ppp: do not assume bh is held in ppp_channel_bridge_input() | S | |
| CVE-2024-49947 | net: test for not too small csum_start in virtio_net_hdr_to_skb() | S | |
| CVE-2024-49948 | net: add more sanity checks to qdisc_pkt_len_init() | S | |
| CVE-2024-49949 | net: avoid potential underflow in qdisc_pkt_len_init() with UFO | S | |
| CVE-2024-49950 | Bluetooth: L2CAP: Fix uaf in l2cap_connect | S | |
| CVE-2024-49951 | Bluetooth: MGMT: Fix possible crash on mgmt_index_removed | S | |
| CVE-2024-49952 | netfilter: nf_tables: prevent nf_skb_duplicated corruption | S | |
| CVE-2024-49953 | net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice | S | |
| CVE-2024-49954 | static_call: Replace pointless WARN_ON() in static_call_module_notify() | S | |
| CVE-2024-49955 | ACPI: battery: Fix possible crash when unregistering a battery hook | S | |
| CVE-2024-49956 | gfs2: fix double destroy_workqueue error | S | |
| CVE-2024-49957 | ocfs2: fix null-ptr-deref when journal load failed. | S | |
| CVE-2024-49958 | ocfs2: reserve space for inline xattr before attaching reflink tree | S | |
| CVE-2024-49959 | jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error | S | |
| CVE-2024-49960 | ext4: fix timer use-after-free on failed mount | S | |
| CVE-2024-49961 | media: i2c: ar0521: Use cansleep version of gpiod_set_value() | S | |
| CVE-2024-49962 | ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() | S | |
| CVE-2024-49963 | mailbox: bcm2835: Fix timeout during suspend mode | S | |
| CVE-2024-49964 | mm/hugetlb: fix memfd_pin_folios free_huge_pages leak | S | |
| CVE-2024-49965 | ocfs2: remove unreasonable unlock in ocfs2_read_blocks | S | |
| CVE-2024-49966 | ocfs2: cancel dqi_sync_work before freeing oinfo | S | |
| CVE-2024-49967 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-49968 | ext4: filesystems without casefold feature cannot be mounted with siphash | S | |
| CVE-2024-49969 | drm/amd/display: Fix index out of bounds in DCN30 color transformation | S | |
| CVE-2024-49970 | drm/amd/display: Implement bounds check for stream encoder creation in DCN401 | S | |
| CVE-2024-49971 | drm/amd/display: Increase array size of dummy_boolean | S | |
| CVE-2024-49972 | drm/amd/display: Deallocate DML memory if allocation fails | S | |
| CVE-2024-49973 | r8169: add tally counter fields added with RTL8125 | S | |
| CVE-2024-49974 | NFSD: Limit the number of concurrent async COPY operations | S | |
| CVE-2024-49975 | uprobes: fix kernel info leak via "[uprobes]" vma | S | |
| CVE-2024-49976 | tracing/timerlat: Drop interface_lock in stop_kthread() | S | |
| CVE-2024-49977 | net: stmmac: Fix zero-division error when disabling tc cbs | S | |
| CVE-2024-49978 | gso: fix udp gso fraglist segmentation after pull from frag_list | S | |
| CVE-2024-49979 | net: gso: fix tcp fraglist segmentation after pull from frag_list | S | |
| CVE-2024-49980 | vrf: revert "vrf: Remove unnecessary RCU-bh critical section" | S | |
| CVE-2024-49981 | media: venus: fix use after free bug in venus_remove due to race condition | S | |
| CVE-2024-49982 | aoe: fix the potential use-after-free problem in more places | S | |
| CVE-2024-49983 | ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free | S | |
| CVE-2024-49984 | drm/v3d: Prevent out of bounds access in performance query extensions | S | |
| CVE-2024-49985 | i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume | S | |
| CVE-2024-49986 | platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors | S | |
| CVE-2024-49987 | bpftool: Fix undefined behavior in qsort(NULL, 0, ...) | S | |
| CVE-2024-49988 | ksmbd: add refcnt to ksmbd_conn struct | S | |
| CVE-2024-49989 | drm/amd/display: fix double free issue during amdgpu module unload | S | |
| CVE-2024-49990 | drm/xe/hdcp: Check GSC structure validity | S | |
| CVE-2024-49991 | drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer | S | |
| CVE-2024-49992 | drm/stm: Avoid use-after-free issues with crtc and plane | S | |
| CVE-2024-49993 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-49994 | block: fix integer overflow in BLKSECDISCARD | S | |
| CVE-2024-49995 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-49996 | cifs: Fix buffer overflow when parsing NFS reparse points | S | |
| CVE-2024-49997 | net: ethernet: lantiq_etop: fix memory disclosure | S | |
| CVE-2024-49998 | net: dsa: improve shutdown sequence | S | |
| CVE-2024-49999 | afs: Fix the setting of the server responding flag | S |