CVE-2024-5xxx

There are 950 CVE in this subgroup.

Last updated:

← Back to 2024

ID	Summary	Flags
CVE-2024-5000	CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
CVE-2024-5001	Image Hover Effects for Elementor with Lightbox and Flipbox <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters	S
CVE-2024-5002	User Submitted Posts < 20240516 - Admin+ Stored XSS	E
CVE-2024-5003	WP Stacker <= 1.8.5 - Stored XSS via CSRF	E
CVE-2024-5004	CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS	E
CVE-2024-5005	Incorrect Provision of Specified Functionality in GitLab	E S
CVE-2024-5006	Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter	S
CVE-2024-5008	WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2024-5009	WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
CVE-2024-5010	WhatsUp Gold TestController multiple information disclosure vulnerabilities
CVE-2024-5011	WhatsUp Gold TestController Chart denial of service vulnerability
CVE-2024-5012	WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability
CVE-2024-5013	WhatsUp Gold InstallController Denial-of-Service Vulnerability
CVE-2024-5014	WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure
CVE-2024-5015	WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2024-5016	WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2024-5017	WhatsUp Gold AppProfileImport path traversal vulnerability	E
CVE-2024-5018	WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability
CVE-2024-5019	WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability
CVE-2024-5020	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
CVE-2024-5021	WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery
CVE-2024-5022	The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in t...
CVE-2024-5023	Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
CVE-2024-5024	MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters
CVE-2024-5025	MemberPress <= 1.11.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Parameter
CVE-2024-5026	CM Tooltip Glossary < 4.3.4 - Admin+ Stored XSS	E
CVE-2024-5028	CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF	E
CVE-2024-5029	CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF	E
CVE-2024-5030	CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF	E
CVE-2024-5031	MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode
CVE-2024-5032	SULly < 4.3.1 - Reflected XSS	E
CVE-2024-5033	SULly < 4.3.1 - Admin+ Stored XSS via CSRF	E
CVE-2024-5034	SULly < 4.3.1 - Plugin Reset via CSRF	E
CVE-2024-5035	TP-Link Archer C5400X - RFTest Unauthenticated Command Injection	S
CVE-2024-5036	Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	S
CVE-2024-5037	Openshift/telemeter: iss check during jwt authentication can be bypassed	S
CVE-2024-5038	Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	S
CVE-2024-5039	HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	S
CVE-2024-5040	LCDS LAquis SCADA Path Traversal	S
CVE-2024-5041	Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion	S
CVE-2024-5042	Submariner-operator: rbac permissions can allow for the spread of node compromises
CVE-2024-5043	Emlog Pro setting.php unrestricted upload	E
CVE-2024-5044	Emlog Pro Cookie improper authentication	E
CVE-2024-5045	SourceCodester Online Birth Certificate Management System admin file access	E
CVE-2024-5046	SourceCodester Online Examination System registeracc.php sql injection	E
CVE-2024-5047	SourceCodester Student Management System controller.php unrestricted upload	E
CVE-2024-5048	code-projects Budget Management index.php sql injection	E
CVE-2024-5049	Codezips E-Commerce Site editproduct.php unrestricted upload	E
CVE-2024-5050	Wangshen SecGate 3600 ?g=log_import_save unrestricted upload
CVE-2024-5051	SourceCodester Gas Agency Management System edituser.php sql injection	E
CVE-2024-5052	Resource consumption vulnerability in Cerberus FTP Enterprise	S
CVE-2024-5053	Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification
CVE-2024-5055	Vulnerability of uncontrolled resource consumption in XAMPP
CVE-2024-5056	CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent ...
CVE-2024-5057	WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability	S
CVE-2024-5058	WordPress Typing Text plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability	S
CVE-2024-5059	WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
CVE-2024-5060	LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5061	Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters
CVE-2024-5062	Reflected XSS through survey redirect parameter in zenml-io/zenml	E S
CVE-2024-5063	PHPGurukul Online Course Registration System index.php sql injection	E
CVE-2024-5064	PHPGurukul Online Course Registration System news-details.php sql injection	E
CVE-2024-5065	PHPGurukul Online Course Registration System sql injection	E
CVE-2024-5066	PHPGurukul Online Course Registration System pincode-verification.php sql injection	E
CVE-2024-5067	Exposure of Sensitive Information to an Unauthorized Actor in GitLab	E S
CVE-2024-5069	SourceCodester Simple Online Mens Salon Management System view_service.php sql injection	E
CVE-2024-5071	Bookster <= 1.1.0 - Unauthenticated Appointment Status Update	E
CVE-2024-5072	Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier...
CVE-2024-5073	Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed	S
CVE-2024-5074	WP eMember < 10.6.6 - Reflected XSS	E
CVE-2024-5075	WP eMember < 10.6.6 - Reflected XSS	E
CVE-2024-5076	WP eMember < 10.6.6 - Bulk Delete via CSRF	E
CVE-2024-5077	WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF	E
CVE-2024-5079	WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration	E
CVE-2024-5080	WP eMember < 10.6.6 - Admin+ Arbitrary File Upload	E
CVE-2024-5081	WP eMember <= v10.7.0 - Stored XSS via CSRF	E
CVE-2024-5082	Nexus Repository 2 - Remote Code Execution
CVE-2024-5083	Nexus Repository 2 - Stored XSS
CVE-2024-5084	Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution	S
CVE-2024-5085	Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection	S
CVE-2024-5086	Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget
CVE-2024-5087	Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change	S
CVE-2024-5088	Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5089	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5090	SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget	S
CVE-2024-5091	SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets
CVE-2024-5092	Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets
CVE-2024-5093	SourceCodester Best House Rental Management System login.php sql injection	E
CVE-2024-5094	SourceCodester Best House Rental Management System view_payment.php sql injection	E
CVE-2024-5095	Victor Zsviot Camera MQTT Packet denial of service	E
CVE-2024-5096	Hipcam Device MAC Address wifi.mac information disclosure	E
CVE-2024-5097	SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery	E
CVE-2024-5098	SourceCodester Simple Inventory System login.php sql injection	E
CVE-2024-5099	SourceCodester Simple Inventory System updateprice.php sql injection	E
CVE-2024-5100	SourceCodester Simple Inventory System tableedit.php sql injection	E
CVE-2024-5101	SourceCodester Simple Inventory System updateproduct.php sql injection	E
CVE-2024-5102	Elevation of Privelage via symlinked file in Avast Antivirus
CVE-2024-5103	Campcodes Complete Web-Based School Management System student_first_payment.php sql injection	E
CVE-2024-5104	Campcodes Complete Web-Based School Management System student_grade_wise.php sql injection	E
CVE-2024-5105	Campcodes Complete Web-Based School Management System student_payment_details.php sql injection	E
CVE-2024-5106	Campcodes Complete Web-Based School Management System student_payment_details3.php sql injection	E
CVE-2024-5107	Campcodes Complete Web-Based School Management System student_payment_details2.php sql injection	E
CVE-2024-5108	Campcodes Complete Web-Based School Management System student_payment_details4.php sql injection	E
CVE-2024-5109	Campcodes Complete Web-Based School Management System student_payment_history.php sql injection	E
CVE-2024-5110	Campcodes Complete Web-Based School Management System student_payment_invoice.php sql injection	E
CVE-2024-5111	Campcodes Complete Web-Based School Management System student_payment_invoice1.php sql injection	E
CVE-2024-5112	Campcodes Complete Web-Based School Management System student_profile.php sql injection	E
CVE-2024-5113	Campcodes Complete Web-Based School Management System student_profile1.php sql injection	E
CVE-2024-5114	Campcodes Complete Web-Based School Management System teacher_attendance_history1.php sql injection	E
CVE-2024-5115	Campcodes Complete Web-Based School Management System teacher_profile.php sql injection	E
CVE-2024-5116	SourceCodester Online Examination System save.php sql injection	E
CVE-2024-5117	SourceCodester Event Registration System portal.php sql injection	E
CVE-2024-5118	SourceCodester Event Registration System login.php sql injection	E
CVE-2024-5119	SourceCodester Event Registration System sql injection	E
CVE-2024-5120	SourceCodester Event Registration System sql injection	E
CVE-2024-5121	SourceCodester Event Registration System cross site scripting	E
CVE-2024-5122	SourceCodester Event Registration System sql injection	E
CVE-2024-5123	SourceCodester Event Registration System cross site scripting	E
CVE-2024-5124	Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt	E
CVE-2024-5125	XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui
CVE-2024-5126	Improper Access Control in lunary-ai/lunary	E S
CVE-2024-5127	Improper Access Control in lunary-ai/lunary	E S
CVE-2024-5128	IDOR Vulnerability in lunary-ai/lunary	E S
CVE-2024-5129	Privilege Escalation Vulnerability in lunary-ai/lunary	E S
CVE-2024-5130	Incorrect Authorization in lunary-ai/lunary	E S
CVE-2024-5131	Improper Access Control in lunary-ai/lunary	E S
CVE-2024-5132	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5133	Account Takeover via Exposed Recovery Token in lunary-ai/lunary	E
CVE-2024-5134	SourceCodester Electricity Consumption Monitoring Tool delete-bill.php sql injection	E
CVE-2024-5135	PHPGurukul Directory Management System index.php sql injection	E
CVE-2024-5136	PHPGurukul Directory Management System search-directory.php. cross site scripting	E
CVE-2024-5137	PHPGurukul Directory Management System Searchbar admin-profile.php cross site scripting	E
CVE-2024-5138	The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take ...	S
CVE-2024-5141	Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	S
CVE-2024-5142	XSS in Hubshare's social module	S
CVE-2024-5143	A user with device administrative privileges can change existing SMTP server settings on the device,...
CVE-2024-5144	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4342. Reason: T...	R
CVE-2024-5145	SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload	E
CVE-2024-5146	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5147	WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion	S
CVE-2024-5148	Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate	M
CVE-2024-5149	BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
CVE-2024-5150	Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check
CVE-2024-5151	SULly < 4.3.1 - Admin+ Stored XSS	E
CVE-2024-5152	ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5153	Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion	S
CVE-2024-5154	Cri-o: malicious container can create symlink on host	M
CVE-2024-5155	Inquiry Cart <= 3.4.2 - Stored XSS via CSRF	E
CVE-2024-5156	Flatsome <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5157	Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to ex...	E
CVE-2024-5158	Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentiall...	E
CVE-2024-5159	Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to p...	E
CVE-2024-5160	Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to pe...	E
CVE-2024-5161	Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5162	WordPress prettyPhoto <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter	S
CVE-2024-5163	Improper permission settings in com.transsion.carlcare
CVE-2024-5164	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5165	Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input	E
CVE-2024-5166	Insecure Direct Object Reference In Looker
CVE-2024-5167	CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whitelist	E
CVE-2024-5168	Improper access control vulnerability in Prodys Quantum Audio codec	S
CVE-2024-5169	Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget	E
CVE-2024-5170	Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget	E
CVE-2024-5171	heap buffer overflow in libaom	E
CVE-2024-5172	Expert Invoice <= 1.0.2 -Admin+ Stored XSS	E
CVE-2024-5173	HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings
CVE-2024-5174	Broken Authentication in Gliffy
CVE-2024-5175	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5176	Vulnerability in Welch Allyn Configuration Tool Software	S
CVE-2024-5177	Hash Elements <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter in Multiple Widgets
CVE-2024-5178	Incomplete Input Validation in SecurelyAccess API
CVE-2024-5179	Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion	S
CVE-2024-5181	Command Injection in mudler/localai
CVE-2024-5182	Path Traversal in mudler/localai	E S
CVE-2024-5183	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5184	Prompt Injection in EmailGPT
CVE-2024-5185	Data Poisoning in EmbedAI
CVE-2024-5186	Server Side Request Forgery (SSRF) in imartinez/privategpt	E
CVE-2024-5187	Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx	E
CVE-2024-5188	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5189	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5190	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...	R
CVE-2024-5191	Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload	S
CVE-2024-5192	Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload	S
CVE-2024-5193	Ritlabs TinyWeb Server Request crlf injection	E
CVE-2024-5194	Arris VAP2500 assoc_table.php command injection	E
CVE-2024-5195	Arris VAP2500 diag_s.php command injection	E
CVE-2024-5196	Arris VAP2500 tools_command.php command injection	E
CVE-2024-5197	Integer overflow in libvpx
CVE-2024-5198	OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control...
CVE-2024-5199	Spotify Play Button <= 1.0 - Contributor+ Stored XSS	E
CVE-2024-5201	Dimensions RM - Privilege Escalation	S
CVE-2024-5202	Dimensions RM - Arbitrary File Read	S
CVE-2024-5203	Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not...	R
CVE-2024-5204	Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass
CVE-2024-5205	Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode
CVE-2024-5206	Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn	S
CVE-2024-5207	POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection
CVE-2024-5208	Uncontrolled Resource Consumption in mintplex-labs/anything-llm
CVE-2024-5209	A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthent...	S
CVE-2024-5210	A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthent...	S
CVE-2024-5211	Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm
CVE-2024-5212	tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]
CVE-2024-5213	Exposure of Sensitive Information in mintplex-labs/anything-llm	E S
CVE-2024-5214	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5215	HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	S
CVE-2024-5216	Denial of Service in mintplex-labs/anything-llm
CVE-2024-5217	Incomplete Input Validation in GlideExpression Script	KEV
CVE-2024-5218	Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2024-5219	Easy Google Maps <= 1.11.15 - Authenticated (Author+) Stored Cross-Site Scripting	S
CVE-2024-5220	ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting	S
CVE-2024-5221	Qi Blocks <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting	S
CVE-2024-5222	Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting	S
CVE-2024-5223	Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2024-5224	Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	S
CVE-2024-5225	SQL Injection in berriai/litellm	E
CVE-2024-5226	Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload	S
CVE-2024-5227	TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
CVE-2024-5228	TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5229	Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget	S
CVE-2024-5230	EnvaySoft FleetCart information disclosure
CVE-2024-5231	Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection	E
CVE-2024-5232	Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection	E
CVE-2024-5233	Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection	E
CVE-2024-5234	Campcodes Complete Web-Based School Management System teacher_salary_history1.php sql injection	E
CVE-2024-5235	Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection	E
CVE-2024-5236	Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection	E
CVE-2024-5237	Campcodes Complete Web-Based School Management System timetable_grade_wise.php sql injection	E
CVE-2024-5238	Campcodes Complete Web-Based School Management System timetable_insert_form.php sql injection	E
CVE-2024-5239	Campcodes Complete Web-Based School Management System timetable_update_form.php sql injection	E
CVE-2024-5240	Campcodes Complete Web-Based School Management System unread_msg.php sql injection	E
CVE-2024-5241	Huashi Private Cloud CDN Live Streaming Acceleration Server ipconfig_new.php os command injection	E
CVE-2024-5242	TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5243	TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5244	TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
CVE-2024-5245	NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability
CVE-2024-5246	NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
CVE-2024-5247	NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2024-5248	Improper Access Control in lunary-ai/lunary	E
CVE-2024-5249	SAML Replay in Akana
CVE-2024-5250	Overly Verbose Errors in SAML Integration
CVE-2024-5251	Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5252	Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5253	Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5254	Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5255	Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5256	Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability
CVE-2024-5257	Improper Access Control in GitLab	E S
CVE-2024-5258	Authorization Bypass Through User-Controlled Key in GitLab	E S
CVE-2024-5259	MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter	S
CVE-2024-5260	Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter
CVE-2024-5261	TLS certificate are not properly verified when utilizing LibreOfficeKit
CVE-2024-5262	ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties	S
CVE-2024-5263	ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets
CVE-2024-5264	Network Key Transfer with AES KHT vulnerability in Luna EFT	M
CVE-2024-5265	WPBakery Page Builder <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute
CVE-2024-5266	Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes	S
CVE-2024-5267	Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5268	Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-5269	Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability
CVE-2024-5270	SAML to email switch possible when email signin is disabled	S
CVE-2024-5271	Fuji Electric Monitouch V-SFT Out-of-Bounds Write	S
CVE-2024-5272	Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated"	S
CVE-2024-5273	Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directo...
CVE-2024-5274	Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute a...	KEV E
CVE-2024-5275	Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)	S
CVE-2024-5276	SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)	E M
CVE-2024-5277	Weak Password Recovery Mechanism in lunary-ai/lunary	E
CVE-2024-5278	Unrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgpt	E
CVE-2024-5279	Qiwen Netdisk File Rename cross site scripting	E
CVE-2024-5280	WP Affiliate Platform < 6.5.1 - POST Reflected XSS	E
CVE-2024-5281	WP Affiliate Platform < 6.5.1 - Reflected XSS via Affiliate Editing	E
CVE-2024-5282	WP Affiliate Platform < 6.5.1 - Reflected XSS via Registration Form	E
CVE-2024-5283	WP Affiliate Platform < 6.5.1 - Reflected XSS via Lead Editing	E
CVE-2024-5284	WP Affiliate Platform < 6.5.1 - Stored XSS via CSRF	E
CVE-2024-5285	WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF	E
CVE-2024-5286	WP Affiliate Platform < 6.5.1 - Reflected XSS via Banner Editing	E
CVE-2024-5287	WP Affiliate Platform < 6.5.1 - Profile Update via CSRF	E
CVE-2024-5288	Safe-error attack on TLS 1.3 Protocol
CVE-2024-5289	Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget
CVE-2024-5290	An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared object...	E
CVE-2024-5291	D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
CVE-2024-5292	D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2024-5293	D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5294	D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability
CVE-2024-5295	D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
CVE-2024-5296	D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
CVE-2024-5297	D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability
CVE-2024-5298	D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2024-5299	D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2024-5301	Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5302	Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5303	Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5304	Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5305	Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5306	Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-5307	Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-5308	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5309	Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions	S
CVE-2024-5310	JFinalCMS content cross site scripting	E
CVE-2024-5311	DigiWin EasyFlow .NET - SQL Injection	S
CVE-2024-5312	Cross-Site Scripting vulnerability in PHP Server Monitor	S
CVE-2024-5313	CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface ove...
CVE-2024-5314	Multiple vulnerabilities in DOLIBARR's ERP CMS	S
CVE-2024-5315	Multiple vulnerabilities in DOLIBARR's ERP CMS	S
CVE-2024-5317	Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1	S
CVE-2024-5318	Missing Authorization in GitLab	E S
CVE-2024-5321	Incorrect permissions on Windows containers logs
CVE-2024-5322	N-central Authentication Bypass via Session Rebinding	S
CVE-2024-5324	Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update	S
CVE-2024-5325	Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data
CVE-2024-5326	Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update
CVE-2024-5327	PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	S
CVE-2024-5328	SSRF Vulnerability in lunary-ai/lunary	E
CVE-2024-5329	Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter	S
CVE-2024-5330	Breakdance <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5331	Breakdance <= 1.7.2 - Missing Authorization
CVE-2024-5332	Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget	S
CVE-2024-5333	The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure	E
CVE-2024-5334	Local File Read in stitionai/devika
CVE-2024-5335	Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection
CVE-2024-5336	Ruijie RG-UAC vlan_add_commit.php addVlan os command injection	E S
CVE-2024-5337	Ruijie RG-UAC user_commit.php os command injection	E S
CVE-2024-5338	Ruijie RG-UAC online.php os command injection	E
CVE-2024-5339	Ruijie RG-UAC online_check.php os command injection	E
CVE-2024-5340	Ruijie RG-UAC sub_commit.php os command injection	E S
CVE-2024-5341	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget
CVE-2024-5342	Simple Image Popup Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-5343	Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Cross-Site Request Forgery to Post Creation and Limited Data Loss
CVE-2024-5344	The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget
CVE-2024-5345	Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion
CVE-2024-5346	Flatsome \| Multi-Purpose Responsive WooCommerce Theme <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
CVE-2024-5347	Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget	S
CVE-2024-5348	Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes
CVE-2024-5349	LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion	S
CVE-2024-5350	anji-plus AJ-Report pageList sql injection	E
CVE-2024-5351	anji-plus AJ-Report Javascript getValueFromJs deserialization	E
CVE-2024-5352	anji-plus AJ-Report validationRules deserialization	E
CVE-2024-5353	anji-plus AJ-Report ZIP File decompress path traversal	E
CVE-2024-5354	anji-plus AJ-Report detailByCode information disclosure	E
CVE-2024-5355	anji-plus AJ-Report IGroovyHandler command injection	E
CVE-2024-5356	anji-plus AJ-Report testTransform;swagger-ui sql injection	E
CVE-2024-5357	PHPGurukul Zoo Management System forgot-password.php sql injection	E
CVE-2024-5358	PHPGurukul Zoo Management System normal-search.php sql injection	E
CVE-2024-5359	PHPGurukul Zoo Management System foreigner-search.php sql injection	E
CVE-2024-5360	PHPGurukul Zoo Management System foreigner-bwdates-reports-details.php sql injection	E
CVE-2024-5361	PHPGurukul Zoo Management System normal-bwdates-reports-details.php sql injection	E
CVE-2024-5362	SourceCodester Online Hospital Management System departmentDoctor.php sql injection	E
CVE-2024-5363	SourceCodester Best House Rental Management System manage_user.php sql injection	E
CVE-2024-5364	SourceCodester Best House Rental Management System manage_tenant.php sql injection	E
CVE-2024-5365	SourceCodester Best House Rental Management System manage_payment.php sql injection	E
CVE-2024-5366	SourceCodester Best House Rental Management System edit-cate.php sql injection	E
CVE-2024-5367	Kashipara College Management System each_extracurricula_activities.php cross site scripting	E
CVE-2024-5368	Kashipara College Management System delete_faculty.php cross site scripting	E
CVE-2024-5369	Kashipara College Management System submit_admin.php cross site scripting	E
CVE-2024-5370	Kashipara College Management System submit_enroll_staff.php cross site scripting	E
CVE-2024-5371	Kashipara College Management System submit_enroll_student.php cross site scripting	E
CVE-2024-5372	Kashipara College Management System submit_extracurricular_activity.php cross site scripting	E
CVE-2024-5373	Kashipara College Management System submit_login.php cross site scripting	E
CVE-2024-5374	Kashipara College Management System submit_new_faculty.php cross site scripting	E
CVE-2024-5375	Kashipara College Management System submit_student.php cross site scripting	E
CVE-2024-5376	Kashipara College Management System view_each_faculty.php cross site scripting	E
CVE-2024-5377	SourceCodester Vehicle Management System newvehicle.php unrestricted upload	E
CVE-2024-5378	SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection	E
CVE-2024-5379	JFinalCMS template cross site scripting	E
CVE-2024-5380	jsy-1 short-url admin.php cross site scripting	S
CVE-2024-5381	itsourcecode Student Information Management System view.php sql injection	E
CVE-2024-5382	Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification	S
CVE-2024-5383	lakernote EasyAdmin upload cross site scripting	E S
CVE-2024-5384	SourceCodester Facebook News Feed Like index.php sql injection	E
CVE-2024-5385	oretnom23 Online Car Wash Booking System cross site scripting
CVE-2024-5387	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5388	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5389	Insufficient Access Control in lunary-ai/lunary	E
CVE-2024-5390	itsourcecode Online Student Enrollment System listofstudent.php sql injection	E
CVE-2024-5391	itsourcecode Online Student Enrollment System listofsubject.php sql injection	E
CVE-2024-5392	itsourcecode Online Student Enrollment System editSubject.php sql injection	E
CVE-2024-5393	itsourcecode Online Student Enrollment System listofcourse.php sql injection	E
CVE-2024-5394	itsourcecode Online Student Enrollment System newDept.php sql injection	E
CVE-2024-5395	itsourcecode Online Student Enrollment System listofinstructor.php sql injection	E
CVE-2024-5396	itsourcecode Online Student Enrollment System newfaculty.php sql injection	E
CVE-2024-5397	itsourcecode Online Student Enrollment System instructorSubjects.php sql injection	E
CVE-2024-5398	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5399	Openfind Mail2000 - OS Command Injection	S
CVE-2024-5400	Openfind Mail2000 - OS Command Injection	S
CVE-2024-5402	Mint Workbench I Unquoted Service Path Enumeration
CVE-2024-5403	ASKEY 5G NR Small Cell - Command Injection	S
CVE-2024-5404	ifm: moneo prone to weak password recovery mechanism
CVE-2024-5405	Multiple vulnerabilities in WinNMP from Wtriple	S
CVE-2024-5406	Multiple vulnerabilities in WinNMP from Wtriple	S
CVE-2024-5407	Code Injection vulnerability in RhinOS from SaltOS	S
CVE-2024-5408	Cross-site Scripting vulnerability in RhinOS from SaltOS	S
CVE-2024-5409	Cross-site Scripting vulnerability in RhinOS from SaltOS	S
CVE-2024-5410	Stored Cross-Site Scripting
CVE-2024-5411	Command Injection
CVE-2024-5412	A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware versio...
CVE-2024-5413	Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
CVE-2024-5414	Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
CVE-2024-5415	Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
CVE-2024-5416	Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets	S
CVE-2024-5417	Gutentor < 3.3.6 - Contributor+ Stored XSS	E
CVE-2024-5418	DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute	S
CVE-2024-5419	Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute	S
CVE-2024-5420	Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro
CVE-2024-5421	Authenticated Command Injection
CVE-2024-5422	Denial of Service
CVE-2024-5423	Uncontrolled Resource Consumption in GitLab	E S
CVE-2024-5424	Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters
CVE-2024-5425	WP jQuery Lightbox <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute	S
CVE-2024-5426	Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG	S
CVE-2024-5427	WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode	S
CVE-2024-5428	SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery	E
CVE-2024-5429	Logo Slider < 4.1.0 - Contributor+ Stored XSS	E
CVE-2024-5430	Improper Access Control in GitLab	E S
CVE-2024-5431	WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode
CVE-2024-5432	Lifeline Donation <= 1.2.6 - Authentication Bypass
CVE-2024-5433	Path Traversal in Campbell Scientific CSI Web Server and RTMC	S
CVE-2024-5434	Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC	S
CVE-2024-5435	Generation of Error Message Containing Sensitive Information in GitLab	E S
CVE-2024-5436	Type Confusion in Snapchat Lenscore
CVE-2024-5437	SourceCodester Simple Online Bidding System save_category cross site scripting	E
CVE-2024-5438	Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion	S
CVE-2024-5439	Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5440	If-So Dynamic Content Personalization < 1.8.0.3 - Contributor+ Shortcode Stored XSS	E
CVE-2024-5441	Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-5442	NextGEN Gallery < 3.59.3 - Admin+ Stored XSS	E
CVE-2024-5443	Remote Code Execution via Path Traversal in parisneo/lollms
CVE-2024-5444	Bible Text <= 0.2 - Contributor+ Stored XSS	E
CVE-2024-5445	Ecosystem Agent Insufficient Transport Layer Security	S
CVE-2024-5447	PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS	E
CVE-2024-5448	PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS	E
CVE-2024-5449	WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization	S
CVE-2024-5450	Bug Library < 2.1.1 - Unauthenticated RCE	E
CVE-2024-5451	The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute
CVE-2024-5452	RCE via Property/Class Pollution in lightning-ai/pytorch-lightning	E
CVE-2024-5453	ProfileGrid <= 5.8.6 - Missing Authorization	S
CVE-2024-5455	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion
CVE-2024-5456	Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion
CVE-2024-5457	Panda Video <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5458	Filter bypass in filter_var (FILTER_VALIDATE_URL)	E
CVE-2024-5459	Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation	S
CVE-2024-5460	Brocade Fabric OS versions prior to v9.0 have default community strings
CVE-2024-5461	Command or parameter injection via unique embedded switch SNMP commands.
CVE-2024-5462	Brocade Fabric OS may capture SNMP Passwords in clear text
CVE-2024-5463	A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow')...
CVE-2024-5464	Vulnerability of insufficient permission verification in the NearLink module Impact: Successful expl...
CVE-2024-5465	Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerabilit...
CVE-2024-5466	Remote Code Execution
CVE-2024-5467	SQL Injection
CVE-2024-5468	WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion
CVE-2024-5469	Uncontrolled Resource Consumption in GitLab	S
CVE-2024-5470	Improper Access Control in GitLab	E S
CVE-2024-5471	Agent takeover
CVE-2024-5472	WP QuickLaTeX < 3.8.7 - Admin+ Stored XSS in Background Color field	E
CVE-2024-5473	Simple Photoswipe <= 0.1 - Admin+ Stored XSS	E
CVE-2024-5474	A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision ...	S
CVE-2024-5475	Responsive video embed < 0.5.1 - Contributor+ Stored XSS	E
CVE-2024-5478	Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary	E
CVE-2024-5479	Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-5480	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5481	Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function	S
CVE-2024-5482	SSRF in add_webpage endpoint in parisneo/lollms-webui	E
CVE-2024-5483	LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API
CVE-2024-5484	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5485	SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! <= 1.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trigger Link Shortcode
CVE-2024-5486	Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
CVE-2024-5487	SQL Injection
CVE-2024-5488	SEOPress < 7.9 - Unauthenticated Object Injection	E
CVE-2024-5489	Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion	S
CVE-2024-5490	SQL Injection
CVE-2024-5491	Denial of Service
CVE-2024-5492	Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites
CVE-2024-5493	Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to...	E
CVE-2024-5494	Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potenti...	E
CVE-2024-5495	Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potenti...	E
CVE-2024-5496	Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker t...	E
CVE-2024-5497	Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote ...	E
CVE-2024-5498	Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacke...	E
CVE-2024-5499	Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacke...	E
CVE-2024-5500	Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attack...	E
CVE-2024-5501	Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.51 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5502	Piotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets	S
CVE-2024-5503	WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion
CVE-2024-5504	Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget	S
CVE-2024-5505	NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability
CVE-2024-5506	Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5507	Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5508	Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5509	Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability
CVE-2024-5510	Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-5511	Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-5512	Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-5513	Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5514	MinMax CMS - Hidden Functionality	S
CVE-2024-5515	SourceCodester Stock Management System createBrand.php sql injection	E
CVE-2024-5516	itsourcecode Online Blood Bank Management System massage.php sql injection	E
CVE-2024-5517	itsourcecode Online Blood Bank Management System changepwd.php sql injection	E
CVE-2024-5518	itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload	E
CVE-2024-5519	ItsourceCode Learning Management System Project In PHP login.php sql injection	E
CVE-2024-5520	Cross-Site Scripting stored in Alkacon OpenCMS	S
CVE-2024-5521	Cross-Site Scripting stored in Alkacon OpenCMS	S
CVE-2024-5522	HTML5 Video Player < 2.5.27 - Unauthenticated SQLi	E
CVE-2024-5523	SQL injection vulnerability in Astrotalks	S
CVE-2024-5524	Information exposure vulnerability in Astrotalks	S
CVE-2024-5525	Improper privilege management vulnerability in Astrotalks	S
CVE-2024-5526	Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call manag...
CVE-2024-5527	SQL Injection
CVE-2024-5528	Incomplete Comparison with Missing Factors in GitLab	E S
CVE-2024-5529	WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS	E
CVE-2024-5530	ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget
CVE-2024-5531	Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget
CVE-2024-5532	A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).	S
CVE-2024-5533	Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5535	SSL_select_next_proto buffer overread	S
CVE-2024-5536	GamiPress – Link <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5537	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5538	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5541	Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update
CVE-2024-5542	Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget	S
CVE-2024-5543	Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection
CVE-2024-5544	Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting	S
CVE-2024-5545	Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization	S
CVE-2024-5546	SQL Injection
CVE-2024-5547	Directory Traversal in stitionai/devika
CVE-2024-5548	Directory Traversal in stitionai/devika
CVE-2024-5549	Data leak through CORS misconfiguration in stitionai/devika
CVE-2024-5550	Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3	E
CVE-2024-5551	WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion	S
CVE-2024-5552	ReDoS in kubeflow/kubeflow	E
CVE-2024-5553	Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	S
CVE-2024-5554	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5555	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	S
CVE-2024-5556	SQL Injection
CVE-2024-5557	CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause expo...	S
CVE-2024-5558	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause esc...	S
CVE-2024-5559	CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause deni...
CVE-2024-5560	CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s ...	S
CVE-2024-5561	Popup Maker < 1.19.1 - Admin+ Stored XSS	E
CVE-2024-5564	Libndp: buffer overflow in route information length field	M
CVE-2024-5565	Prompt Injection in "ask" API with visualization leads to RCE
CVE-2024-5566	Improper Privilege Management allows for access to unauthorized repository content during migration
CVE-2024-5567	Betheme \| Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File
CVE-2024-5569	Denial of Service via crafted zip file in jaraco/zipp
CVE-2024-5570	Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update	E
CVE-2024-5571	EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget	S
CVE-2024-5573	Easy Table of Contents < 2.0.66 - Admin+ Stored XSS	E
CVE-2024-5574	WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion
CVE-2024-5575	Ditty < 3.1.43 - Author+ Stored XSS	E
CVE-2024-5576	Tutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget	S
CVE-2024-5577	Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion
CVE-2024-5578	Table of Contents Plus <= 2408 - Editor+ Stored XSS	E
CVE-2024-5579	Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2024-5580	Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2024-5581	Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
CVE-2024-5582	Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute
CVE-2024-5583	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings
CVE-2024-5584	WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter
CVE-2024-5585	Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)	E M
CVE-2024-5586	SQL Injection
CVE-2024-5587	Casdoor Configuration File app.conf file access	E
CVE-2024-5588	itsourcecode Learning Management System processscore.php sql injection	E
CVE-2024-5589	Netentsec NS-ASG Application Security Gateway sql injection	E
CVE-2024-5590	Netentsec NS-ASG Application Security Gateway JSON Content uploadiscuser.php sql injection	E
CVE-2024-5591	IBM Jazz Foundation information disclosure
CVE-2024-5594	OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling th...
CVE-2024-5595	Essential Blocks < 4.7.0 - Contributor+ Stored XSS	E
CVE-2024-5596	ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions
CVE-2024-5597	Fuji Electric Monitouch V-SFT Type Confusion	S
CVE-2024-5598	Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing	S
CVE-2024-5599	FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing	S
CVE-2024-5600	Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-5601	Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode	S
CVE-2024-5602	Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool
CVE-2024-5604	Bug Library < 2.1.2 - Admin+ Stored XSS	E
CVE-2024-5605	Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter
CVE-2024-5606	Quiz And Survey Master < 9.0.2 - Contributor+ SQLi	E
CVE-2024-5607	GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting	S
CVE-2024-5608	SQL Injection
CVE-2024-5609	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6966. Reason: T...	R
CVE-2024-5610	Rejected reason: loading template......	R
CVE-2024-5611	Stratum – Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
CVE-2024-5612	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget
CVE-2024-5613	Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action	S
CVE-2024-5614	Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure
CVE-2024-5615	Open Graph <= 1.11.2 - Unauthenticated Sensitive Information Exposure	S
CVE-2024-5616	CSRF Vulnerability in mudler/LocalAI
CVE-2024-5618	Broken Access Control in PruvaSoft Informatics' Apinizer Management Console
CVE-2024-5619	IDOR in PruvaSoft Informatics' Apinizer Management Console
CVE-2024-5620	Authentication Bypass in PruvaSoft Informatics' Apinizer Management Console
CVE-2024-5622	Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
CVE-2024-5623	Untrusted search path vulnerability in B&R APROL
CVE-2024-5624	Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
CVE-2024-5625	XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console
CVE-2024-5626	Inline Related Posts < 3.7.0 - Reflected XSS	E
CVE-2024-5627	WordPress Plugin Tournamatch < 4.6.1 - Subscriber+ Stored XSS	E
CVE-2024-5628	Avada \| Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode
CVE-2024-5629	Out-of-bounds read in bson module of PyMongo	S
CVE-2024-5630	Insert or Embed Articulate Content into WordPress < 4.3000000024 - Author+ Arbitrary File Upload	E
CVE-2024-5631	Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, ar...
CVE-2024-5632	Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, cr...
CVE-2024-5633	Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted ...
CVE-2024-5634	Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passw...
CVE-2024-5635	itsourcecode Bakery Online Ordering System index.php sql injection	E
CVE-2024-5636	itsourcecode Bakery Online Ordering System index.php sql injection	E
CVE-2024-5637	Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion	S
CVE-2024-5638	Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins	S
CVE-2024-5639	User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update	S
CVE-2024-5640	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget	S
CVE-2024-5641	One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting	S
CVE-2024-5642	Buffer overread when using an empty list with SSLContext.set_npn_protocols()	S
CVE-2024-5644	WordPress Plugin Tournamatch < 4.6.1 - Admin+ Stored XSS via Ladders	E
CVE-2024-5645	Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget	S
CVE-2024-5646	Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget	S
CVE-2024-5648	LearnDash LMS - Reports Free <= 1.8.2 - Missing Authorization to Plugin Settings Update
CVE-2024-5649	Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-5650	DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric C...
CVE-2024-5651	Fence-agents-remediation: fence agent command line options leads to remote code execution	M
CVE-2024-5652	In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode
CVE-2024-5653	Chanjet Smooth T+system keyEdit.aspx sql injection	E
CVE-2024-5654	CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update	S
CVE-2024-5655	Improper Access Control in GitLab	E S
CVE-2024-5656	Rejected reason: REJECT Accidental duplicate assignment of CVE-2024-4755. Please use CVE-2024-...	R
CVE-2024-5657	CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure	E S
CVE-2024-5658	CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use	E S
CVE-2024-5659	Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers	S
CVE-2024-5660	Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-...
CVE-2024-5661	Potential Denial of Service affecting XenServer and Citrix Hypervisor
CVE-2024-5662	Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget
CVE-2024-5663	Cards for Beaver Builder <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget	S
CVE-2024-5664	MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode	S
CVE-2024-5665	Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure	S
CVE-2024-5666	Extensions for Elementor <= 2.0.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter	S
CVE-2024-5667	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library
CVE-2024-5668	Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes	S
CVE-2024-5669	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-5670	Softnext Mail SQR Expert and Mail Archiving Expert - OS Command Injection	S
CVE-2024-5671	Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attacker...
CVE-2024-5672	Red Lion Europe: mbNET.mini vulnerable to OS command injection
CVE-2024-5673	Cross-Site Scripting in PHP File Manager by Dulldusk	S
CVE-2024-5674	Newsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribers Management
CVE-2024-5675	Unreliable data deserialization vulnerability in Mentor	S
CVE-2024-5676	Paradox IP150 Internet Module Cross-Site Request Forgery
CVE-2024-5677	Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload
CVE-2024-5678	SQL Injection
CVE-2024-5679	CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kerne...
CVE-2024-5680	CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-se...
CVE-2024-5681	CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, pri...
CVE-2024-5682	User Enumeration in Yordam Information Technology's Yordam Library Automation System
CVE-2024-5683	Remote Code Execution in Next4Biz's BPM
CVE-2024-5684	ID Charger Connect & Pro - JWT-Null-Algorithm
CVE-2024-5685	Broken Function Level Authorization (BFLA) in snipe/snipe-it	S
CVE-2024-5686	WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget
CVE-2024-5687	If a specific sequence of actions is performed when opening a new tab, the triggering principal asso...	E
CVE-2024-5688	If a garbage collection was triggered at the right time, a use-after-free could have occurred during...	E
CVE-2024-5689	In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay th...
CVE-2024-5690	By monitoring the time certain operations take, an attacker could have guessed which external protoc...
CVE-2024-5691	By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a b...
CVE-2024-5692	On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser in...	E
CVE-2024-5693	Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image d...
CVE-2024-5694	An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaSc...
CVE-2024-5695	If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap...
CVE-2024-5696	By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory lea...
CVE-2024-5697	A website was able to detect when a user took a screenshot of a page using the built-in Screenshot f...
CVE-2024-5698	By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a ...
CVE-2024-5699	In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correct...	E
CVE-2024-5700	Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these...
CVE-2024-5701	Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption a...
CVE-2024-5702	Memory corruption in the networking stack could have led to a potentially exploitable crash. This vu...
CVE-2024-5703	Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization	S
CVE-2024-5704	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-5705	Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
CVE-2024-5706	Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
CVE-2024-5708	WPBakery <= 7.7 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2024-5709	WPBakery <= 7.7 - Authenticated (Author+) Local File Inclusion
CVE-2024-5710	Improper Access Control in Team Management in berriai/litellm	E
CVE-2024-5711	Stored XSS in stitionai/devika	E S
CVE-2024-5712	CSRF Vulnerability in stitionai/devika
CVE-2024-5713	if-so < 1.8.0.4 - Reflected XSS	E
CVE-2024-5714	Improper Access Control in lunary-ai/lunary	E
CVE-2024-5715	WP eMember < 10.6.7 - Reflected XSS via Member Edit	E
CVE-2024-5716	Logsign Unified SecOps Platform Authentication Bypass Vulnerability
CVE-2024-5717	Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
CVE-2024-5718	Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
CVE-2024-5719	Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
CVE-2024-5720	Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
CVE-2024-5721	Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
CVE-2024-5722	Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability
CVE-2024-5723	Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability
CVE-2024-5724	Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-5725	Centreon initCurveList SQL Injection Remote Code Execution Vulnerability	S
CVE-2024-5726	Timeline Event History <= 3.1 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-5727	Widget4Call <= 1.0.7 - Reflected XSS	E
CVE-2024-5728	Animated AL List <= 1.0.6 - Reflected XSS	E
CVE-2024-5729	Simple AL Slider <= 1.2.10 - Reflected XSS	E
CVE-2024-5730	Pagerank Tools <= 1.1.5 - Reflected XSS	E
CVE-2024-5731	A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows...
CVE-2024-5732	Clash Proxy Port improper authentication	E
CVE-2024-5733	itsourcecode Online Discussion Forum register_me.php sql injection	E
CVE-2024-5734	itsourcecode Online Discussion Forum poster.php unrestricted upload	E
CVE-2024-5735	Full Path Disclosure in AdmirorFrames Joomla! Extension	E
CVE-2024-5736	SSRF in AdmirorFrames Joomla! Extension	E
CVE-2024-5737	HTML Injection in AdmirorFrames Joomla! Extension	E
CVE-2024-5738	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5739	The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vuln...
CVE-2024-5741	XSS in inventory view
CVE-2024-5742	Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
CVE-2024-5743	Command Injection Vulnerability	S
CVE-2024-5744	WP eMember < 10.6.7 - Reflected XSS	E
CVE-2024-5745	itsourcecode Bakery Online Ordering System unrestricted upload	E
CVE-2024-5746	A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed ...
CVE-2024-5747	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5749	Certain HP DesignJet products – Credential reflection
CVE-2024-5750	Rejected reason: REJECT Not a valid security issue....	R
CVE-2024-5751	Remote Code Execution in BerriAI/litellm
CVE-2024-5752	Path Traversal in stitionai/devika
CVE-2024-5753	Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna
CVE-2024-5754	BT: Encryption procedure host vulnerability	E S
CVE-2024-5755	Email Validation Bypass in lunary-ai/lunary	E
CVE-2024-5756	Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin
CVE-2024-5757	Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget	S
CVE-2024-5758	Rejected reason: REJECT Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead....	R
CVE-2024-5759	Improper privilege management	S
CVE-2024-5760	The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege ...
CVE-2024-5761	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: [CVE-2024-5260]. Reason:...	R
CVE-2024-5762	Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability
CVE-2024-5763	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget	S
CVE-2024-5764	Nexus Repository 3 - Static hard-coded encryption passphrase used by default
CVE-2024-5765	WpStickyBar <= 2.1.0 - Unauthenticated SQLi	E
CVE-2024-5766	Likeshop Merchandise admin cross site scripting
CVE-2024-5767	Sitetweet <= 0.2 - Stored XSS via CSRF	E
CVE-2024-5768	MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5769	MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update
CVE-2024-5770	WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update	S
CVE-2024-5771	LabVantage LIMS POST Request sql injection	E
CVE-2024-5772	Netentsec NS-ASG Application Security Gateway deleteiscuser.php sql injection	E
CVE-2024-5773	Netentsec NS-ASG Application Security Gateway deletemacbind.php sql injection	E
CVE-2024-5774	SourceCodester Stock Management System Login index.php sql injection	E
CVE-2024-5775	SourceCodester Vehicle Management System updatebill.php sql injection	E
CVE-2024-5776	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5777	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5778	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5779	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5780	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5781	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5782	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5783	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5784	Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference
CVE-2024-5785	Command injection vulnerability in Comtrend router
CVE-2024-5786	Cross-Site Request Forgery vulnerability in Comtrend router
CVE-2024-5787	PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget	S
CVE-2024-5788	Silesia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5789	Triton Lite <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5790	Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget	S
CVE-2024-5791	Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
CVE-2024-5792	Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection
CVE-2024-5793	Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection
CVE-2024-5795	Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed resource exhaustion
CVE-2024-5796	Infinite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via project_url Parameter
CVE-2024-5798	Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5799	CM Pop-Up Banners for WordPress < 1.7.3 - Contributor+ Stored XSS	E
CVE-2024-5800	Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime
CVE-2024-5801	IP Forwarding enabled in B&R Automation Runtime
CVE-2024-5802	URL Shortener by MyThemeShop <= 1.0.17 - Admin+ Stored XSS	E
CVE-2024-5803	Local privelage escalation via COM hijacking
CVE-2024-5804	Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset
CVE-2024-5805	MOVEit Gateway Authentication Bypass Vulnerability
CVE-2024-5806	MOVEit Transfer Authentication Bypass Vulnerability
CVE-2024-5807	Business Card <= 1.0.0 - Admin+ File Upload	E
CVE-2024-5808	WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF	E
CVE-2024-5809	WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting	E
CVE-2024-5810	WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials
CVE-2024-5811	Simple Video Directory < 1.4.4 - Contributor+ Stored XSS	E
CVE-2024-5812	Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
CVE-2024-5813	SSH Private Key Leak in BeyondInsight PasswordSafe
CVE-2024-5814	Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade	S
CVE-2024-5815	Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository
CVE-2024-5816	Improper authorization allows persistent access in GitHub Enterprise Server
CVE-2024-5817	Improper authorization allows read access to issue content in GitHub Enterprise Server
CVE-2024-5818	Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget	S
CVE-2024-5819	Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes	S
CVE-2024-5820	Unprotected WebSocket in stitionai/devika
CVE-2024-5821	Local File Inclusion (LFI) in stitionai/devika
CVE-2024-5822	Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT
CVE-2024-5823	File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt	E S
CVE-2024-5824	Path Traversal in parisneo/lollms
CVE-2024-5825	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5826	Remote Code Execution via Prompt Injection in vanna-ai/vanna
CVE-2024-5827	Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna
CVE-2024-5828	EL Injection Vulnerability in Hitachi Tuning Manager
CVE-2024-5829	smallweigit Avue avueUeditor cross site scripting	E
CVE-2024-5830	Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an...
CVE-2024-5831	Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentia...
CVE-2024-5832	Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentia...
CVE-2024-5833	Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentiall...
CVE-2024-5834	Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attack...
CVE-2024-5835	Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker...
CVE-2024-5836	Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker...
CVE-2024-5837	Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentiall...
CVE-2024-5838	Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform ou...
CVE-2024-5839	Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a r...
CVE-2024-5840	Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass di...
CVE-2024-5841	Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentiall...
CVE-2024-5842	Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who c...
CVE-2024-5843	Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote a...
CVE-2024-5844	Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker ...
CVE-2024-5845	Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potenti...
CVE-2024-5846	Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potent...
CVE-2024-5847	Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potent...
CVE-2024-5848	Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation	S
CVE-2024-5849	Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows reflected XSS
CVE-2024-5850	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5851	playSMS SMS Schedule cross site scripting	S
CVE-2024-5852	WordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory Traversal	S
CVE-2024-5853	Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-5855	Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
CVE-2024-5856	Comment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion
CVE-2024-5857	Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion	S
CVE-2024-5858	Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update
CVE-2024-5859	Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting
CVE-2024-5860	Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion
CVE-2024-5861	WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection	S
CVE-2024-5862	User Enumeration in Mia Technology's Mia-Med Health Aplication
CVE-2024-5863	Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance
CVE-2024-5864	Easy Affiliate Links <= 3.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
CVE-2024-5865	Arbitrary File Reading in Centrify PAS
CVE-2024-5866	Arbitrary Directory Listing in Centrify PAS
CVE-2024-5867	Delicate <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5868	WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness
CVE-2024-5869	Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5870	Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5871	WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection
CVE-2024-5872	On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.	S
CVE-2024-5873	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5874	IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5875	IrfanView SHP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5876	IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5877	IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-5878	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library
CVE-2024-5879	HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget	S
CVE-2024-5880	Hide My Site <= 2.2 - Unauthenticated Information Exposure
CVE-2024-5881	Webico Slider Flatsome Addons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode
CVE-2024-5882	Ultimate Classified Listings < 1.3 - Unauthenticated LFI	E
CVE-2024-5883	Ultimate Classified Listings < 1.3 - Reflected XSS	E
CVE-2024-5884	Beauty <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via tpl_featured_cat_id Parameter
CVE-2024-5885	Server-Side Request Forgery (SSRF) in stangirard/quivr	E
CVE-2024-5886	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5887	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5888	Stored XSS in Rest Services API for a Toolbox published as GP Service
CVE-2024-5889	Events Manager <= 6.4.8 - Reflected Cross-Site Scripting	S
CVE-2024-5890	HTML Injection in the Assessment plugin
CVE-2024-5891	Quay: unauthorized user may authenticate via oauth application token
CVE-2024-5892	Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
CVE-2024-5893	SourceCodester Cab Management System sql injection	E
CVE-2024-5894	SourceCodester Online Eyewear Shop manage_product.php sql injection	E
CVE-2024-5895	SourceCodester Employee and Visitor Gate Pass Logging System delete_users sql injection	E
CVE-2024-5896	SourceCodester Employee and Visitor Gate Pass Logging System save_users sql injection	E
CVE-2024-5897	SourceCodester Employee and Visitor Gate Pass Logging System cross site scripting	E
CVE-2024-5898	itsourcecode Payroll Management System print_payroll.php sql injection	E
CVE-2024-5899	Improper trust check in Bazel Build intellij plugin
CVE-2024-5901	SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget
CVE-2024-5902	UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
CVE-2024-5905	Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent	S
CVE-2024-5906	Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface	S
CVE-2024-5907	Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability	S
CVE-2024-5908	GlobalProtect App: Encrypted Credential Exposure via Log Files	S
CVE-2024-5909	Cortex XDR Agent: Local Windows User Can Disable the Agent	S
CVE-2024-5910	Expedition: Missing Authentication Leads to Admin Account Takeover	KEV E S
CVE-2024-5911	PAN-OS: File Upload Vulnerability in the Panorama Web Interface	S
CVE-2024-5912	Cortex XDR Agent: Improper File Signature Verification Checks	S
CVE-2024-5913	PAN-OS: Improper Input Validation Vulnerability in PAN-OS	S
CVE-2024-5914	Cortex XSOAR: Command Injection in CommonScripts Pack	S
CVE-2024-5915	GlobalProtect App: Local Privilege Escalation (PE) Vulnerability	S
CVE-2024-5916	PAN-OS: Cleartext Exposure of External System Secrets	S
CVE-2024-5917	PAN-OS: Server-Side Request Forgery in WildFire	S
CVE-2024-5918	PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User	S
CVE-2024-5919	PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability	S
CVE-2024-5920	PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator	S
CVE-2024-5921	GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation	E S
CVE-2024-5922	Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5924	Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
CVE-2024-5925	Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5926	Path Traversal in stitionai/devika
CVE-2024-5927	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5928	VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability
CVE-2024-5929	VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2024-5930	VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-5931	BT: Unchecked user input in bap_broadcast_assistant	E
CVE-2024-5932	GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution	S
CVE-2024-5933	Cross-site Scripting (XSS) in parisneo/lollms-webui	E
CVE-2024-5934	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...	R
CVE-2024-5935	CSRF Vulnerability in imartinez/privategpt	E
CVE-2024-5936	Open Redirect in imartinez/privategpt
CVE-2024-5937	Simple Alert Boxes <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode
CVE-2024-5938	Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5939	GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure	S
CVE-2024-5940	GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update	S
CVE-2024-5941	GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion	S
CVE-2024-5942	Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure	S
CVE-2024-5943	Nested Pages <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion	S
CVE-2024-5945	WP SVG Images <= 4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	S
CVE-2024-5946	Squelch Tabs and Accordions Shortcodes <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode
CVE-2024-5947	Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability
CVE-2024-5948	Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5949	Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
CVE-2024-5950	Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5951	Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability
CVE-2024-5952	Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability
CVE-2024-5953	389-ds-base: malformed userpassword hash may cause denial of service	M
CVE-2024-5955	Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 ...
CVE-2024-5956	This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial...
CVE-2024-5957	This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs ac...
CVE-2024-5958	SQLi in Eliz Software's Panel
CVE-2024-5959	Stored XSS in Eliz Software's Panel
CVE-2024-5960	Plaintext Storage of a Password in Eliz Software's Panel
CVE-2024-5961	Reflected XSS in 2ClickPortal
CVE-2024-5962	Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding	S
CVE-2024-5963	An unquoted executable path exists in Hitachi Device Manager
CVE-2024-5964	Zenon Lite <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5965	Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
CVE-2024-5966	Grey Opaque <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode
CVE-2024-5967	Keycloak: leak of configured ldap bind credentials through the keycloak admin console	M
CVE-2024-5968	Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS	E
CVE-2024-5969	AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending
CVE-2024-5970	MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode
CVE-2024-5971	Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket	M
CVE-2024-5972	Rejected reason: CVE ID issued in error. This is not a valid vulnerability....	R
CVE-2024-5973	MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor	E
CVE-2024-5974	Firebox Authenticated Buffer Overflow Vulnerability
CVE-2024-5975	CZ Loan Management <= 1.1 - Unauthenticated SQLi	E
CVE-2024-5976	SourceCodester Employee and Visitor Gate Pass Logging System log_employee sql injection	E
CVE-2024-5977	GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions	S
CVE-2024-5979	Denial of Service via Invalid Argument in h2oai/h2o-3
CVE-2024-5980	Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning
CVE-2024-5981	itsourcecode Online House Rental System manage_user.php sql injection	E
CVE-2024-5982	Path Traversal in gaizhenbiao/chuanhuchatgpt	E S
CVE-2024-5983	itsourcecode Online Bookstore bookPerPub.php sql injection	E M
CVE-2024-5984	itsourcecode Online Bookstore book.php sql injection	E
CVE-2024-5985	SourceCodester Best Online News Portal index.php sql injection	E
CVE-2024-5987	WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update	S
CVE-2024-5988	Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability	S
CVE-2024-5989	Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability	S
CVE-2024-5990	ThinManager® ThinServer™ Improper Input Validation Vulnerability	S
CVE-2024-5991	Buffer overread in domain name matching	S
CVE-2024-5992	Cliengo - Chatbot <= 3.0.1 - Missing Authorization to Unauthenticated Chatbot Settings Update
CVE-2024-5993	Cliengo - Chatbot <= 3.0.1 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update
CVE-2024-5994	WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-5995	Soar Cloud HR Portal - Insufficient Session Expiration	S
CVE-2024-5996	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....	R
CVE-2024-5997	Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation
CVE-2024-5998	Deserialization of Untrusted Data in langchain-ai/langchain