| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-50000 | net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() | S | |
| CVE-2024-50001 | net/mlx5: Fix error path in multi-packet WQE transmit | S | |
| CVE-2024-50002 | static_call: Handle module init failure correctly in static_call_del_module() | S | |
| CVE-2024-50003 | drm/amd/display: Fix system hang while resume with TBT monitor | S | |
| CVE-2024-50004 | drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 | S | |
| CVE-2024-50005 | mac802154: Fix potential RCU dereference issue in mac802154_scan_worker | S | |
| CVE-2024-50006 | ext4: fix i_data_sem unlock order in ext4_ind_migrate() | S | |
| CVE-2024-50007 | ALSA: asihpi: Fix potential OOB array access | S | |
| CVE-2024-50008 | wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() | S | |
| CVE-2024-50009 | cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value | S | |
| CVE-2024-50010 | exec: don't WARN for racy path_noexec check | S | |
| CVE-2024-50011 | ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item | S | |
| CVE-2024-50012 | cpufreq: Avoid a bad reference count on CPU node | S | |
| CVE-2024-50013 | exfat: fix memory leak in exfat_load_bitmap() | S | |
| CVE-2024-50014 | ext4: fix access to uninitialised lock in fc replay path | S | |
| CVE-2024-50015 | ext4: dax: fix overflowing extents beyond inode size when partially writing | S | |
| CVE-2024-50016 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-50017 | x86/mm/ident_map: Use gbpages only where full GB page should be mapped. | S | |
| CVE-2024-50018 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-50019 | kthread: unpark only parked kthread | S | |
| CVE-2024-50020 | ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() | S | |
| CVE-2024-50021 | ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() | S | |
| CVE-2024-50022 | device-dax: correct pgoff align in dax_set_mapping() | S | |
| CVE-2024-50023 | net: phy: Remove LED entry from LEDs list on unregister | S | |
| CVE-2024-50024 | net: Fix an unsafe loop on the list | S | |
| CVE-2024-50025 | scsi: fnic: Move flush_work initialization out of if block | S | |
| CVE-2024-50026 | scsi: wd33c93: Don't use stale scsi_pointer value | S | |
| CVE-2024-50027 | thermal: core: Free tzp copy along with the thermal zone | S | |
| CVE-2024-50028 | thermal: core: Reference count the zone in thermal_zone_get_by_id() | S | |
| CVE-2024-50029 | Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync | S | |
| CVE-2024-50030 | drm/xe/ct: prevent UAF in send_recv() | S | |
| CVE-2024-50031 | drm/v3d: Stop the active perfmon before being destroyed | S | |
| CVE-2024-50032 | rcu/nocb: Fix rcuog wake-up from offline softirq | S | |
| CVE-2024-50033 | slip: make slhc_remember() more robust against malicious packets | S | |
| CVE-2024-50034 | net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC | S | |
| CVE-2024-50035 | ppp: fix ppp_async_encode() illegal access | S | |
| CVE-2024-50036 | net: do not delay dst_entries_add() in dst_release() | S | |
| CVE-2024-50037 | drm/fbdev-dma: Only cleanup deferred I/O if necessary | S | |
| CVE-2024-50038 | netfilter: xtables: avoid NFPROTO_UNSPEC where needed | S | |
| CVE-2024-50039 | net/sched: accept TCA_STAB only for root qdisc | S | |
| CVE-2024-50040 | igb: Do not bring the device up after non-fatal error | S | |
| CVE-2024-50041 | i40e: Fix macvlan leak by synchronizing access to mac_filter_hash | S | |
| CVE-2024-50042 | ice: Fix increasing MSI-X on VF | S | |
| CVE-2024-50043 | nfsd: fix possible badness in FREE_STATEID | S | |
| CVE-2024-50044 | Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change | S | |
| CVE-2024-50045 | netfilter: br_netfilter: fix panic with metadata_dst skb | S | |
| CVE-2024-50046 | NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() | S | |
| CVE-2024-50047 | smb: client: fix UAF in async decryption | S | |
| CVE-2024-50048 | fbcon: Fix a NULL pointer dereference issue in fbcon_putcs | S | |
| CVE-2024-50049 | drm/amd/display: Check null pointer before dereferencing se | S | |
| CVE-2024-50050 | Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serializatio... | | |
| CVE-2024-50051 | spi: mpc52xx: Add cancel_work_sync before module remove | S | |
| CVE-2024-50052 | Arbitrary post deletion via Playbooks /ignore-thread endpoint | S | |
| CVE-2024-50053 | Stored XSS | | |
| CVE-2024-50054 | mySCADA myPRO Path Traversal | S | |
| CVE-2024-50055 | driver core: bus: Fix double free in driver API bus_register() | S | |
| CVE-2024-50056 | usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c | S | |
| CVE-2024-50057 | usb: typec: tipd: Free IRQ only if it was requested before | S | |
| CVE-2024-50058 | serial: protect uart_port_dtr_rts() in uart_shutdown() too | S | |
| CVE-2024-50059 | ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition | S | |
| CVE-2024-50060 | io_uring: check if we need to reschedule during overflow flush | S | |
| CVE-2024-50061 | i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition | S | |
| CVE-2024-50062 | RDMA/rtrs-srv: Avoid null pointer deref during path establishment | S | |
| CVE-2024-50063 | bpf: Prevent tail call between progs attached to different hooks | S | |
| CVE-2024-50064 | zram: free secondary algorithms names | S | |
| CVE-2024-50065 | ntfs3: Change to non-blocking allocation in ntfs_d_hash | S | |
| CVE-2024-50066 | mm/mremap: fix move_normal_pmd/retract_page_tables race | S | |
| CVE-2024-50067 | uprobe: avoid out-of-bounds memory access of fetching args | S | |
| CVE-2024-50068 | mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() | S | |
| CVE-2024-50069 | pinctrl: apple: check devm_kasprintf() returned value | S | |
| CVE-2024-50070 | pinctrl: stm32: check devm_kasprintf() returned value | S | |
| CVE-2024-50071 | pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() | S | |
| CVE-2024-50072 | x86/bugs: Use code segment selector for VERW operand | S | |
| CVE-2024-50073 | tty: n_gsm: Fix use-after-free in gsm_cleanup_mux | S | |
| CVE-2024-50074 | parport: Proper fix for array out-of-bounds access | S | |
| CVE-2024-50075 | xhci: tegra: fix checked USB2 port number | S | |
| CVE-2024-50076 | vt: prevent kernel-infoleak in con_font_get() | S | |
| CVE-2024-50077 | Bluetooth: ISO: Fix multiple init when debugfs is disabled | S | |
| CVE-2024-50078 | Bluetooth: Call iso_exit() on module unload | S | |
| CVE-2024-50079 | io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work | S | |
| CVE-2024-50080 | ublk: don't allow user copy for unprivileged device | S | |
| CVE-2024-50081 | blk-mq: setup queue ->tag_set before initializing hctx | S | |
| CVE-2024-50082 | blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race | S | |
| CVE-2024-50083 | tcp: fix mptcp DSS corruption due to large pmtu xmit | S | |
| CVE-2024-50084 | net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() | S | |
| CVE-2024-50085 | mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow | S | |
| CVE-2024-50086 | ksmbd: fix user-after-free from session log off | S | |
| CVE-2024-50087 | btrfs: fix uninitialized pointer free on read_alloc_one_name() error | S | |
| CVE-2024-50088 | btrfs: fix uninitialized pointer free in add_inode_ref() | S | |
| CVE-2024-50089 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-50090 | drm/xe/oa: Fix overflow in oa batch buffer | S | |
| CVE-2024-50091 | dm vdo: don't refer to dedupe_context after releasing it | S | |
| CVE-2024-50092 | net: netconsole: fix wrong warning | S | |
| CVE-2024-50093 | thermal: intel: int340x: processor: Fix warning during module unload | S | |
| CVE-2024-50094 | sfc: Don't invoke xdp_do_flush() from netpoll. | S | |
| CVE-2024-50095 | RDMA/mad: Improve handling of timed out WRs of mad agent | S | |
| CVE-2024-50096 | nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error | S | |
| CVE-2024-50097 | net: fec: don't save PTP state if PTP is unsupported | S | |
| CVE-2024-50098 | scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down | S | |
| CVE-2024-50099 | arm64: probes: Remove broken LDR (literal) uprobe support | S | |
| CVE-2024-50100 | USB: gadget: dummy-hcd: Fix "task hung" problem | S | |
| CVE-2024-50101 | iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices | S | |
| CVE-2024-50102 | x86: fix user address masking non-canonical speculation issue | S | |
| CVE-2024-50103 | ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() | S | |
| CVE-2024-50104 | ASoC: qcom: sdm845: add missing soundwire runtime stream alloc | S | |
| CVE-2024-50105 | ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc | S | |
| CVE-2024-50106 | nfsd: fix race between laundromat and free_stateid | S | |
| CVE-2024-50107 | platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses | S | |
| CVE-2024-50108 | drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too | S | |
| CVE-2024-50109 | md/raid10: fix null ptr dereference in raid10_size() | S | |
| CVE-2024-50110 | xfrm: fix one more kernel-infoleak in algo dumping | S | |
| CVE-2024-50111 | LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context | S | |
| CVE-2024-50112 | x86/lam: Disable ADDRESS_MASKING in most cases | S | |
| CVE-2024-50113 | firewire: core: fix invalid port index for parent device | S | |
| CVE-2024-50114 | KVM: arm64: Unregister redistributor for failed vCPU creation | S | |
| CVE-2024-50115 | KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory | S | |
| CVE-2024-50116 | nilfs2: fix kernel bug due to missing clearing of buffer delay flag | S | |
| CVE-2024-50117 | drm/amd: Guard against bad data for ATIF ACPI method | S | |
| CVE-2024-50118 | btrfs: reject ro->rw reconfiguration if there are hard ro requirements | S | |
| CVE-2024-50119 | cifs: fix warning when destroy 'cifs_io_request_pool' | S | |
| CVE-2024-50120 | smb: client: Handle kstrdup failures for passwords | S | |
| CVE-2024-50121 | nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net | S | |
| CVE-2024-50122 | PCI: Hold rescan lock while adding devices during host probe | S | |
| CVE-2024-50123 | bpf: Add the missing BPF_LINK_TYPE invocation for sockmap | S | |
| CVE-2024-50124 | Bluetooth: ISO: Fix UAF on iso_sock_timeout | S | |
| CVE-2024-50125 | Bluetooth: SCO: Fix UAF on sco_sock_timeout | S | |
| CVE-2024-50126 | net: sched: use RCU read-side critical section in taprio_dump() | S | |
| CVE-2024-50127 | net: sched: fix use-after-free in taprio_change() | S | |
| CVE-2024-50128 | net: wwan: fix global oob in wwan_rtnl_policy | S | |
| CVE-2024-50129 | net: pse-pd: Fix out of bound for loop | S | |
| CVE-2024-50130 | netfilter: bpf: must hold reference on net namespace | S | |
| CVE-2024-50131 | tracing: Consider the NULL character when validating the event length | S | |
| CVE-2024-50132 | tracing/probes: Fix MAX_TRACE_ARGS limit handling | S | |
| CVE-2024-50133 | LoongArch: Don't crash in stack_top() for tasks without vDSO | S | |
| CVE-2024-50134 | drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA | S | |
| CVE-2024-50135 | nvme-pci: fix race condition between reset and nvme_dev_disable() | S | |
| CVE-2024-50136 | net/mlx5: Unregister notifier on eswitch init failure | S | |
| CVE-2024-50137 | reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC | S | |
| CVE-2024-50138 | bpf: Use raw_spinlock_t in ringbuf | S | |
| CVE-2024-50139 | KVM: arm64: Fix shift-out-of-bounds bug | S | |
| CVE-2024-50140 | sched/core: Disable page allocation in task_tick_mm_cid() | S | |
| CVE-2024-50141 | ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context | S | |
| CVE-2024-50142 | xfrm: validate new SA's prefixlen using SA family when sel.family is unset | S | |
| CVE-2024-50143 | udf: fix uninit-value use in udf_get_fileshortad | S | |
| CVE-2024-50144 | drm/xe: fix unbalanced rpm put() with fence_fini() | S | |
| CVE-2024-50145 | octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() | S | |
| CVE-2024-50146 | net/mlx5e: Don't call cleanup on profile rollback failure | S | |
| CVE-2024-50147 | net/mlx5: Fix command bitmask initialization | S | |
| CVE-2024-50148 | Bluetooth: bnep: fix wild-memory-access in proto_unregister | S | |
| CVE-2024-50149 | drm/xe: Don't free job in TDR | S | |
| CVE-2024-50150 | usb: typec: altmode should keep reference to parent | S | |
| CVE-2024-50151 | smb: client: fix OOBs when building SMB2_IOCTL request | S | |
| CVE-2024-50152 | smb: client: fix possible double free in smb2_set_ea() | S | |
| CVE-2024-50153 | scsi: target: core: Fix null-ptr-deref in target_alloc_device() | S | |
| CVE-2024-50154 | tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). | S | |
| CVE-2024-50155 | netdevsim: use cond_resched() in nsim_dev_trap_report_work() | S | |
| CVE-2024-50156 | drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() | S | |
| CVE-2024-50157 | RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop | S | |
| CVE-2024-50158 | RDMA/bnxt_re: Fix out of bound check | S | |
| CVE-2024-50159 | firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() | S | |
| CVE-2024-50160 | ALSA: hda/cs8409: Fix possible NULL dereference | S | |
| CVE-2024-50161 | bpf: Check the remaining info_cnt before repeating btf fields | S | |
| CVE-2024-50162 | bpf: devmap: provide rxq after redirect | S | |
| CVE-2024-50163 | bpf: Make sure internal and UAPI bpf_redirect flags don't overlap | S | |
| CVE-2024-50164 | bpf: Fix overloading of MEM_UNINIT's meaning | S | |
| CVE-2024-50165 | bpf: Preserve param->string when parsing mount options | S | |
| CVE-2024-50166 | fsl/fman: Fix refcount handling of fman-related devices | S | |
| CVE-2024-50167 | be2net: fix potential memory leak in be_xmit() | S | |
| CVE-2024-50168 | net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() | S | |
| CVE-2024-50169 | vsock: Update rx_bytes on read_skb() | S | |
| CVE-2024-50170 | net: bcmasp: fix potential memory leak in bcmasp_xmit() | S | |
| CVE-2024-50171 | net: systemport: fix potential memory leak in bcm_sysport_xmit() | S | |
| CVE-2024-50172 | RDMA/bnxt_re: Fix a possible memory leak | S | |
| CVE-2024-50173 | drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() | S | |
| CVE-2024-50174 | drm/panthor: Fix race when converting group handle to group object | S | |
| CVE-2024-50175 | media: qcom: camss: Remove use_count guard in stop_streaming | S | |
| CVE-2024-50176 | remoteproc: k3-r5: Fix error handling when power-up failed | S | |
| CVE-2024-50177 | drm/amd/display: fix a UBSAN warning in DML2.1 | S | |
| CVE-2024-50178 | cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() | S | |
| CVE-2024-50179 | ceph: remove the incorrect Fw reference check when dirtying pages | S | |
| CVE-2024-50180 | fbdev: sisfb: Fix strbuf array overflow | S | |
| CVE-2024-50181 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-50182 | secretmem: disable memfd_secret() if arch cannot set direct map | S | |
| CVE-2024-50183 | scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance | S | |
| CVE-2024-50184 | virtio_pmem: Check device status before requesting flush | S | |
| CVE-2024-50185 | mptcp: handle consistently DSS corruption | S | |
| CVE-2024-50186 | net: explicitly clear the sk pointer, when pf->create fails | S | |
| CVE-2024-50187 | drm/vc4: Stop the active perfmon before being destroyed | S | |
| CVE-2024-50188 | net: phy: dp83869: fix memory corruption when enabling fiber | S | |
| CVE-2024-50189 | HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() | S | |
| CVE-2024-50190 | ice: fix memleak in ice_init_tx_topology() | S | |
| CVE-2024-50191 | ext4: don't set SB_RDONLY after filesystem errors | S | |
| CVE-2024-50192 | irqchip/gic-v4: Don't allow a VMOVP on a dying VPE | S | |
| CVE-2024-50193 | x86/entry_32: Clear CPU buffers after register restore in NMI return | S | |
| CVE-2024-50194 | arm64: probes: Fix uprobes for big-endian kernels | S | |
| CVE-2024-50195 | posix-clock: Fix missing timespec64 check in pc_clock_settime() | S | |
| CVE-2024-50196 | pinctrl: ocelot: fix system hang on level based interrupts | S | |
| CVE-2024-50197 | pinctrl: intel: platform: fix error path in device_for_each_child_node() | S | |
| CVE-2024-50198 | iio: light: veml6030: fix IIO device retrieval from embedded device | S | |
| CVE-2024-50199 | mm/swapfile: skip HugeTLB pages for unuse_vma | | |
| CVE-2024-50200 | maple_tree: correct tree corruption on spanning store | | |
| CVE-2024-50201 | drm/radeon: Fix encoder->possible_clones | S | |
| CVE-2024-50202 | nilfs2: propagate directory read errors from nilfs_find_entry() | S | |
| CVE-2024-50203 | bpf, arm64: Fix address emission with tag-based KASAN enabled | S | |
| CVE-2024-50204 | fs: don't try and remove empty rbtree node | S | |
| CVE-2024-50205 | ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() | S | |
| CVE-2024-50206 | net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init | S | |
| CVE-2024-50207 | ring-buffer: Fix reader locking when changing the sub buffer order | S | |
| CVE-2024-50208 | RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages | S | |
| CVE-2024-50209 | RDMA/bnxt_re: Add a check for memory allocation | S | |
| CVE-2024-50210 | posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() | S | |
| CVE-2024-50211 | udf: refactor inode_bmap() to handle error | S | |
| CVE-2024-50212 | lib: alloc_tag_module_unload must wait for pending kfree_rcu calls | | |
| CVE-2024-50213 | drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() | S | |
| CVE-2024-50214 | drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() | S | |
| CVE-2024-50215 | nvmet-auth: assign dh_key to NULL after kfree_sensitive | S | |
| CVE-2024-50216 | xfs: fix finding a last resort AG in xfs_filestream_pick_ag | | |
| CVE-2024-50217 | btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() | S | |
| CVE-2024-50218 | ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow | | |
| CVE-2024-50219 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-50220 | fork: do not invoke uffd on fork if error occurs | | |
| CVE-2024-50221 | drm/amd/pm: Vangogh: Fix kernel memory out of bounds write | S | |
| CVE-2024-50222 | iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP | S | |
| CVE-2024-50223 | sched/numa: Fix the potential null pointer dereference in task_numa_work() | S | |
| CVE-2024-50224 | spi: spi-fsl-dspi: Fix crash when not using GPIO chip select | S | |
| CVE-2024-50225 | btrfs: fix error propagation of split bios | S | |
| CVE-2024-50226 | cxl/port: Fix use-after-free, permit out-of-order decoder shutdown | S | |
| CVE-2024-50227 | thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() | S | |
| CVE-2024-50228 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-50229 | nilfs2: fix potential deadlock with newly created symlinks | S | |
| CVE-2024-50230 | nilfs2: fix kernel bug due to missing clearing of checked flag | S | |
| CVE-2024-50231 | iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() | S | |
| CVE-2024-50232 | iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() | S | |
| CVE-2024-50233 | staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() | S | |
| CVE-2024-50234 | wifi: iwlegacy: Clear stale interrupts before resuming device | S | |
| CVE-2024-50235 | wifi: cfg80211: clear wdev->cqm_config pointer on free | S | |
| CVE-2024-50236 | wifi: ath10k: Fix memory leak in management tx | S | |
| CVE-2024-50237 | wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower | S | |
| CVE-2024-50238 | phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend | S | |
| CVE-2024-50239 | phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend | S | |
| CVE-2024-50240 | phy: qcom: qmp-usb: fix NULL-deref on runtime suspend | S | |
| CVE-2024-50241 | NFSD: Initialize struct nfsd4_copy earlier | S | |
| CVE-2024-50242 | fs/ntfs3: Additional check in ntfs_file_release | S | |
| CVE-2024-50243 | fs/ntfs3: Fix general protection fault in run_is_mapped_full | S | |
| CVE-2024-50244 | fs/ntfs3: Additional check in ni_clear() | S | |
| CVE-2024-50245 | fs/ntfs3: Fix possible deadlock in mi_read | S | |
| CVE-2024-50246 | fs/ntfs3: Add rough attr alloc_size check | S | |
| CVE-2024-50247 | fs/ntfs3: Check if more than chunk-size bytes are written | S | |
| CVE-2024-50248 | ntfs3: Add bounds checking to mi_enum_attr() | S | |
| CVE-2024-50249 | ACPI: CPPC: Make rmw_lock a raw_spin_lock | S | |
| CVE-2024-50250 | fsdax: dax_unshare_iter needs to copy entire blocks | S | |
| CVE-2024-50251 | netfilter: nft_payload: sanitize offset and length before calling skb_checksum() | S | |
| CVE-2024-50252 | mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address | S | |
| CVE-2024-50253 | bpf: Check the validity of nr_words in bpf_iter_bits_new() | S | |
| CVE-2024-50254 | bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() | S | |
| CVE-2024-50255 | Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs | S | |
| CVE-2024-50256 | netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() | S | |
| CVE-2024-50257 | netfilter: Fix use-after-free in get_info() | S | |
| CVE-2024-50258 | net: fix crash when config small gso_max_size/gso_ipv4_max_size | S | |
| CVE-2024-50259 | netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() | S | |
| CVE-2024-50260 | sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() | S | |
| CVE-2024-50261 | macsec: Fix use-after-free while sending the offloading packet | S | |
| CVE-2024-50262 | bpf: Fix out-of-bounds write in trie_get_next_key() | S | |
| CVE-2024-50263 | fork: only invoke khugepaged, ksm hooks if no error | S | |
| CVE-2024-50264 | vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans | S | |
| CVE-2024-50265 | ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() | S | |
| CVE-2024-50266 | clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs | S | |
| CVE-2024-50267 | USB: serial: io_edgeport: fix use after free in debug printk | S | |
| CVE-2024-50268 | usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() | S | |
| CVE-2024-50269 | usb: musb: sunxi: Fix accessing an released usb phy | S | |
| CVE-2024-50270 | mm/damon/core: avoid overflow in damon_feed_loop_next_input() | S | |
| CVE-2024-50271 | signal: restore the override_rlimit logic | S | |
| CVE-2024-50272 | filemap: Fix bounds checking in filemap_read() | S | |
| CVE-2024-50273 | btrfs: reinitialize delayed ref list after deleting it from the list | S | |
| CVE-2024-50274 | idpf: avoid vport access in idpf_get_link_ksettings | S | |
| CVE-2024-50275 | arm64/sve: Discard stale CPU state when handling SVE traps | S | |
| CVE-2024-50276 | net: vertexcom: mse102x: Fix possible double free of TX skb | S | |
| CVE-2024-50277 | dm: fix a crash if blk_alloc_disk fails | S | |
| CVE-2024-50278 | dm cache: fix potential out-of-bounds access on the first resume | S | |
| CVE-2024-50279 | dm cache: fix out-of-bounds access to the dirty bitset when resizing | S | |
| CVE-2024-50280 | dm cache: fix flushing uninitialized delayed_work on cache_ctr error | S | |
| CVE-2024-50281 | KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation | S | |
| CVE-2024-50282 | drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() | S | |
| CVE-2024-50283 | ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp | S | |
| CVE-2024-50284 | ksmbd: Fix the missing xa_store error check | S | |
| CVE-2024-50285 | ksmbd: check outstanding simultaneous SMB operations | S | |
| CVE-2024-50286 | ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create | S | |
| CVE-2024-50287 | media: v4l2-tpg: prevent the risk of a division by zero | S | |
| CVE-2024-50288 | media: vivid: fix buffer overwrite when using > 32 buffers | S | |
| CVE-2024-50289 | media: av7110: fix a spectre vulnerability | | |
| CVE-2024-50290 | media: cx24116: prevent overflows on SNR calculus | | |
| CVE-2024-50291 | media: dvb-core: add missing buffer index check | S | |
| CVE-2024-50292 | ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove | S | |
| CVE-2024-50293 | net/smc: do not leave a dangling sk pointer in __smc_create() | S | |
| CVE-2024-50294 | rxrpc: Fix missing locking causing hanging calls | | |
| CVE-2024-50295 | net: arc: fix the device for dma_map_single/dma_unmap_single | | |
| CVE-2024-50296 | net: hns3: fix kernel crash when uninstalling driver | S | |
| CVE-2024-50297 | net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts | S | |
| CVE-2024-50298 | net: enetc: allocate vf_state during PF probes | S | |
| CVE-2024-50299 | sctp: properly validate chunk size in sctp_sf_ootb() | S | |
| CVE-2024-50300 | regulator: rtq2208: Fix uninitialized use of regulator_config | S | |
| CVE-2024-50301 | security/keys: fix slab-out-of-bounds in key_task_permission | S | |
| CVE-2024-50302 | HID: core: zero-initialize the report buffer | KEV S | |
| CVE-2024-50303 | resource,kexec: walk_system_ram_res_rev must retain resource flags | S | |
| CVE-2024-50304 | ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() | S | |
| CVE-2024-50305 | Apache Traffic Server: Valid Host field value can cause crashes | | |
| CVE-2024-50306 | Apache Traffic Server: Server process can fail to drop privilege | | |
| CVE-2024-50307 | Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) version... | | |
| CVE-2024-50310 | A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= ... | S | |
| CVE-2024-50311 | Graphql: denial of service (dos) vulnerability via graphql batching | | |
| CVE-2024-50312 | Graphql: information disclosure via graphql introspection in openshift | S | |
| CVE-2024-50313 | A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic... | | |
| CVE-2024-50315 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2024-50317 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker... | | |
| CVE-2024-50318 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker... | | |
| CVE-2024-50319 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause ... | | |
| CVE-2024-50320 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause ... | | |
| CVE-2024-50321 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause ... | | |
| CVE-2024-50322 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November ... | | |
| CVE-2024-50323 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-50324 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November ... | | |
| CVE-2024-50326 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-50327 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-50328 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-50329 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November ... | | |
| CVE-2024-50330 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S... | | |
| CVE-2024-50331 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated... | | |
| CVE-2024-50332 | Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM | | |
| CVE-2024-50333 | RCE in ModuleBuilder in SuiteCRM | | |
| CVE-2024-50334 | Semicolon Path Injection on API /api;/config | | |
| CVE-2024-50335 | Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM | | |
| CVE-2024-50336 | matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal | | |
| CVE-2024-50338 | Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager | | |
| CVE-2024-50339 | GLPI vulnerable to unauthenticated session hijacking | | |
| CVE-2024-50340 | Ability to change environment from query in symfony/runtime | | |
| CVE-2024-50341 | Security::login does not take into account custom user_checker in symfony/security-bundle | | |
| CVE-2024-50342 | Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client | | |
| CVE-2024-50343 | Incorrect response from Validator when input ends with `\n` in symfony/validator | | |
| CVE-2024-50344 | I, Librarian has a Stored XSS vulnerability in Supplemental Files | | |
| CVE-2024-50345 | Open redirect via browser-sanitized URLs in symfony/http-foundation | | |
| CVE-2024-50346 | WebFeed HTML injection vulnerabilities | | |
| CVE-2024-50347 | Laravel Reverb has Missing API Signature Verification | | |
| CVE-2024-50348 | InstantCMS has a Cross Site Scripting Vulnerability | E S | |
| CVE-2024-50349 | Git does not sanitize URLs when asking for credentials interactively | | |
| CVE-2024-50350 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php | E S | |
| CVE-2024-50351 | LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php | E S | |
| CVE-2024-50352 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php | E S | |
| CVE-2024-50353 | ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected | S | |
| CVE-2024-50354 | Out-of-memory during deserialization with crafted inputs | | |
| CVE-2024-50355 | LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints | E S | |
| CVE-2024-50356 | Press has a potential 2FA bypass | | |
| CVE-2024-50357 | FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configu... | | |
| CVE-2024-50358 | A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the followin... | S | |
| CVE-2024-50359 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50360 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50361 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50362 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50363 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50364 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50365 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50366 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50367 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50368 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50369 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50370 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50371 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50372 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50373 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50374 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | S | |
| CVE-2024-50375 | A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devi... | S | |
| CVE-2024-50376 | A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was ... | S | |
| CVE-2024-50377 | A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufacture... | S | |
| CVE-2024-50378 | Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli | S | |
| CVE-2024-50379 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation | | |
| CVE-2024-50380 | Authentication Bypass by Spoofing in Snap One OVRC cloud | S | |
| CVE-2024-50381 | Missing Authentication for Critical Function in Snap One OVRC cloud | S | |
| CVE-2024-50382 | Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent contr... | | |
| CVE-2024-50383 | Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent oper... | | |
| CVE-2024-50384 | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroe... | | |
| CVE-2024-50385 | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroe... | | |
| CVE-2024-50386 | Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure | S | |
| CVE-2024-50387 | SMB Service | S | |
| CVE-2024-50388 | HBS 3 Hybrid Backup Sync | S | |
| CVE-2024-50389 | QuRouter | S | |
| CVE-2024-50390 | QHora | S | |
| CVE-2024-50393 | QTS, QuTS hero | S | |
| CVE-2024-50394 | Helpdesk | S | |
| CVE-2024-50395 | Media Streaming add-on | S | |
| CVE-2024-50396 | QTS, QuTS hero | S | |
| CVE-2024-50397 | QTS, QuTS hero | S | |
| CVE-2024-50398 | QTS, QuTS hero | S | |
| CVE-2024-50399 | QTS, QuTS hero | S | |
| CVE-2024-50400 | QTS, QuTS hero | S | |
| CVE-2024-50401 | QTS, QuTS hero | S | |
| CVE-2024-50402 | QTS, QuTS hero | S | |
| CVE-2024-50403 | QTS, QuTS hero | S | |
| CVE-2024-50404 | Qsync Central | S | |
| CVE-2024-50405 | QTS, QuTS hero | S | |
| CVE-2024-50407 | WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50408 | WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability | S | |
| CVE-2024-50409 | WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50410 | WordPress Namaste! LMS plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50411 | WordPress WP Abstracts plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50412 | WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50413 | WordPress Import and export users and customers plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50414 | WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50415 | WordPress Ads.txt & App-ads.txt Manager for WordPress plugin <= 1.1.7.1 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50416 | WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability | S | |
| CVE-2024-50417 | WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability | S | |
| CVE-2024-50418 | WordPress Time Slot plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50419 | WordPress Greenshift plugin <= 9.7 - Broken Access Control vulnerability | S | |
| CVE-2024-50420 | WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-50421 | WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 3.8.6 - Broken Access Control vulnerability | S | |
| CVE-2024-50422 | WordPress Breeze plugin <= 2.1.14 - Broken Access Control vulnerability | S | |
| CVE-2024-50423 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability | S | |
| CVE-2024-50424 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability | S | |
| CVE-2024-50425 | WordPress WP Booking System – Booking Calendar plugin <= 2.0.19.10 - Broken Access Control vulnerability | S | |
| CVE-2024-50426 | WordPress Survey Maker plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50427 | WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-50428 | WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability | S | |
| CVE-2024-50429 | WordPress Magazine Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50430 | WordPress Beaver Builder plugin <= 2.8.3.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50431 | WordPress Breeze plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50432 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50433 | WordPress Sky Addons for Elementor plugin <= 2.5.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50434 | WordPress NewsCard theme <= 1.3 - Local File Inclusion vulnerability | S | |
| CVE-2024-50435 | WordPress Meta News theme <= 1.1.7 - Local File Inclusion vulnerability | S | |
| CVE-2024-50436 | WordPress Clean Retina theme <= 3.0.6 - Local File Inclusion vulnerability | S | |
| CVE-2024-50437 | WordPress GeoDirectory plugin <= 2.3.80 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50438 | WordPress Church Admin plugin < 5.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50439 | WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50440 | WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50441 | WordPress Cozy Blocks plugin <= 2.0.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50442 | WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability | S | |
| CVE-2024-50443 | WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50445 | WordPress Selection Lite plugin <= 1.13 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50446 | WordPress Futurio Extra plugin <= 2.0.11 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50447 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50448 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50449 | WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50450 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability | S | |
| CVE-2024-50451 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50453 | WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability | S | |
| CVE-2024-50454 | WordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2024-50455 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability | S | |
| CVE-2024-50456 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability | S | |
| CVE-2024-50457 | WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability | S | |
| CVE-2024-50458 | WordPress Advanced Sermons plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50459 | WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability | S | |
| CVE-2024-50460 | WordPress Firelight Lightbox plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50461 | WordPress EmbedPress plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50462 | WordPress Interactive World Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50463 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability | S | |
| CVE-2024-50464 | WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50465 | WordPress Premium SEO Pack plugin <= 1.6.001 - SQL Injection vulnerability | | |
| CVE-2024-50466 | WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-50467 | WordPress Scrollbar by webxapp plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50468 | WordPress Raptor Editor plugin <= 1.0.20 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50469 | WordPress Textboxes plugin <= 0.1.3.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50470 | WordPress Themes4WP YouTube External Subtitles plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50471 | WordPress Trip Plan plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50472 | WordPress Amilia Store plugin <= 2.9.8 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50473 | WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50475 | WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2024-50476 | WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2024-50477 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability | | |
| CVE-2024-50478 | WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability | | |
| CVE-2024-50479 | WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability | | |
| CVE-2024-50480 | WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50481 | WordPress Bstone Demo Importer plugin <= 1.0.1 - Privilege Escalation vulnerability | | |
| CVE-2024-50482 | WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50483 | WordPress Meetup plugin <= 0.1 - Broken Authentication vulnerability | | |
| CVE-2024-50484 | WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50485 | WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability | | |
| CVE-2024-50486 | WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability | | |
| CVE-2024-50487 | WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability | | |
| CVE-2024-50488 | WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability | | |
| CVE-2024-50489 | WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability | | |
| CVE-2024-50490 | WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2024-50491 | WordPress RSVP ME plugin <= 1.9.9 - SQL Injection vulnerability | | |
| CVE-2024-50492 | WordPress ScottCart plugin <= 1.1 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-50493 | WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50494 | WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50495 | WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50496 | WordPress AR For WordPress plugin <= 6.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50497 | WordPress Advanced Online Ordering and Delivery Platform plugin <= 2.0.0 - Local File Inclusion vulnerability | | |
| CVE-2024-50498 | WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-50500 | WordPress Phlox Core Elements plugin <= 2.17.2 - Broken Access Control vulnerability | | |
| CVE-2024-50501 | WordPress Kata Plus plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50502 | WordPress Cozy Blocks plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50503 | WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability | S | |
| CVE-2024-50504 | WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability | | |
| CVE-2024-50506 | WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability | | |
| CVE-2024-50507 | WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability | | |
| CVE-2024-50508 | WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Download vulnerability | | |
| CVE-2024-50509 | WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-50510 | WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50511 | WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50512 | WordPress Posti Shipping plugin <= 3.10.2 - Full Path Disclosure (FPD) vulnerability | S | |
| CVE-2024-50513 | WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50514 | WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50515 | WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50516 | WordPress Countdown & Clock plugin <= 2.8.0.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50517 | WordPress ID-SK Toolkit plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50518 | WordPress Pricer Ninja plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50519 | WordPress Jigoshop – Store Exporter plugin <= 1.5.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50520 | WordPress Ancient World Linked Data plugin <= 0.2.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50521 | WordPress Alley Elementor Widget plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50522 | WordPress WeChat Subscribers Lite plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50523 | WordPress All Post Contact Form plugin <= 1.7.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50524 | WordPress Administrator Z plugin <= 2024.11.04 - SQL Injection vulnerability | | |
| CVE-2024-50525 | WordPress Helloprint plugin <= 2.0.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50526 | WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50527 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50528 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-50529 | WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50530 | WordPress Stars SMTP Mailer plugin <= 1.7 - Arbitrary File Upload vulnerability | | |
| CVE-2024-50531 | WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-50532 | WordPress Events Manager Pro – extended plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50533 | WordPress Domain Sharding plugin <= 1.2.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50534 | WordPress World Prayer Time plugin <= 2.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50535 | WordPress Step by Step plugin <= 0.4.5 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50536 | WordPress GDReseller plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50537 | WordPress Smart Mockups plugin <= 1.2.0 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50538 | WordPress Show Visitor IP Address plugin <= 0.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50539 | WordPress Lodgix.com Vacation Rental Website Builder plugin <= 3.9.73 - SQL Injection vulnerability | | |
| CVE-2024-50540 | WordPress (dp) AddThis plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50541 | WordPress Advanced Control Manager plugin <= 2.16.0 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50542 | WordPress RLM Elementor Widgets Pack plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-50543 | WordPress amazing neo icon font for elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50544 | WordPress RSVP ME plugin <= 1.9.9 - SQL Injection vulnerability | | |
| CVE-2024-50545 | WordPress DataMentor plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50546 | WordPress MyOrderDesk plugin <= 3.2.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50547 | WordPress Themedy Toolbox plugin <= 1.0.16 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50548 | WordPress Awesome Progress Bar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50549 | WordPress Bonway Static Block Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50550 | WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability | S | |
| CVE-2024-50551 | WordPress EndomondoWP plugin <= 0.1.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50552 | WordPress Hover Video Preview plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50553 | WordPress Classy Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50554 | WordPress Sided plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50556 | WordPress WM Zoom plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-50557 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | S | |
| CVE-2024-50558 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | S | |
| CVE-2024-50559 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | S | |
| CVE-2024-50560 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | S | |
| CVE-2024-50561 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | S | |
| CVE-2024-50563 | A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.... | S | |
| CVE-2024-50564 | A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versio... | S | |
| CVE-2024-50565 | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in For... | S | |
| CVE-2024-50566 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2024-50567 | An improper neutralization of special elements used in an os command ('os command injection') in For... | S | |
| CVE-2024-50569 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2024-50570 | A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 thr... | S | |
| CVE-2024-50572 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | S | |
| CVE-2024-50573 | In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tok... | | |
| CVE-2024-50574 | In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header pars... | | |
| CVE-2024-50575 | In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API... | | |
| CVE-2024-50576 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest... | | |
| CVE-2024-50577 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in ... | | |
| CVE-2024-50578 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards p... | | |
| CVE-2024-50579 | In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possib... | | |
| CVE-2024-50580 | In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsin... | | |
| CVE-2024-50581 | In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via co... | | |
| CVE-2024-50582 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization ... | | |
| CVE-2024-50583 | Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user env... | | |
| CVE-2024-50584 | SQL Injection | S | |
| CVE-2024-50585 | Reflected Cross-Site Scripting | S | |
| CVE-2024-50588 | Unprotected Exposed Firebird Database with default credentials | S | |
| CVE-2024-50589 | Unprotected FHIR API | S | |
| CVE-2024-50590 | Local Privilege Escalation via Weak Service Binary Permissions | S | |
| CVE-2024-50591 | Local Privilege Escalation via Command Injection | S | |
| CVE-2024-50592 | Local Privilege Escalation via Race Condition | S | |
| CVE-2024-50593 | Hardcoded Service Password | S | |
| CVE-2024-50594 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroele... | | |
| CVE-2024-50595 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroele... | | |
| CVE-2024-50596 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroele... | | |
| CVE-2024-50597 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroele... | | |
| CVE-2024-50599 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Sui... | | |
| CVE-2024-50600 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 12... | | |
| CVE-2024-50601 | Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen ... | | |
| CVE-2024-50602 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser funct... | | |
| CVE-2024-50603 | An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the... | KEV E | |
| CVE-2024-50608 | An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is runnin... | E | |
| CVE-2024-50609 | An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and list... | E | |
| CVE-2024-50610 | GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in ... | | |
| CVE-2024-50611 | CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained... | | |
| CVE-2024-50612 | libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.... | E | |
| CVE-2024-50613 | libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_en... | E | |
| CVE-2024-50614 | TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit... | | |
| CVE-2024-50615 | TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application e... | | |
| CVE-2024-50616 | Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their pri... | | |
| CVE-2024-50623 | In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an ... | KEV | |
| CVE-2024-50624 | ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an a... | | |
| CVE-2024-50625 | An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload ha... | | |
| CVE-2024-50626 | An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability e... | | |
| CVE-2024-50627 | An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability ... | | |
| CVE-2024-50628 | An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an atta... | | |
| CVE-2024-50629 | Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation... | | |
| CVE-2024-50630 | Missing authentication for critical function vulnerability in the webapi component in Synology Drive... | | |
| CVE-2024-50631 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2024-50633 | A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to... | | |
| CVE-2024-50634 | A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privil... | E | |
| CVE-2024-50636 | PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arb... | | |
| CVE-2024-50637 | UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This... | | |
| CVE-2024-50647 | The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of ... | | |
| CVE-2024-50648 | yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over th... | | |
| CVE-2024-50649 | The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.... | | |
| CVE-2024-50650 | python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensiti... | | |
| CVE-2024-50651 | java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive ... | E | |
| CVE-2024-50652 | A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying... | E | |
| CVE-2024-50653 | CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction ... | E | |
| CVE-2024-50654 | lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coup... | E | |
| CVE-2024-50655 | emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write mali... | E | |
| CVE-2024-50656 | itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Ful... | E | |
| CVE-2024-50657 | An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileg... | | |
| CVE-2024-50658 | Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execu... | | |
| CVE-2024-50659 | Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker... | | |
| CVE-2024-50660 | File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code v... | | |
| CVE-2024-50664 | gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_descrip... | E | |
| CVE-2024-50665 | gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in M... | E | |
| CVE-2024-50667 | The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6A... | E | |
| CVE-2024-50671 | Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Auth... | | |
| CVE-2024-50672 | A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthentica... | | |
| CVE-2024-50677 | A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbit... | | |
| CVE-2024-50684 | SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client... | | |
| CVE-2024-50685 | SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object... | | |
| CVE-2024-50686 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object ... | | |
| CVE-2024-50687 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object ... | | |
| CVE-2024-50688 | SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. Th... | | |
| CVE-2024-50689 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object ... | | |
| CVE-2024-50690 | SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used ... | | |
| CVE-2024-50691 | SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Valid... | | |
| CVE-2024-50692 | SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow ... | E | |
| CVE-2024-50693 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object ... | | |
| CVE-2024-50694 | In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQT... | | |
| CVE-2024-50695 | SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow wh... | | |
| CVE-2024-50696 | SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgra... | | |
| CVE-2024-50697 | In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code tha... | | |
| CVE-2024-50698 | SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due... | | |
| CVE-2024-50699 | TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered... | E | |
| CVE-2024-50701 | TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not prop... | | |
| CVE-2024-50702 | TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on ... | | |
| CVE-2024-50703 | TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a differ... | | |
| CVE-2024-50704 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remo... | | |
| CVE-2024-50705 | Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.... | | |
| CVE-2024-50706 | Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attac... | | |
| CVE-2024-50707 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remo... | | |
| CVE-2024-50713 | SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /t... | E | |
| CVE-2024-50714 | A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker ... | | |
| CVE-2024-50715 | An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive informat... | E | |
| CVE-2024-50716 | SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2024-50717 | SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2024-50724 | KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /ca... | | |
| CVE-2024-50766 | SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via th... | E | |
| CVE-2024-50800 | Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker ... | | |
| CVE-2024-50801 | A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_... | | |
| CVE-2024-50802 | A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_... | | |
| CVE-2024-50803 | The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Script... | | |
| CVE-2024-50804 | Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a loca... | | |
| CVE-2024-50807 | Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload usi... | | |
| CVE-2024-50808 | SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notific... | E | |
| CVE-2024-50809 | The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution ... | | |
| CVE-2024-50810 | hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article commen... | | |
| CVE-2024-50811 | hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active... | | |
| CVE-2024-50823 | A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management Syste... | E | |
| CVE-2024-50824 | A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management Syste... | E | |
| CVE-2024-50825 | A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management... | E | |
| CVE-2024-50826 | A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management... | E | |
| CVE-2024-50827 | A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management... | E | |
| CVE-2024-50828 | A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Manage... | E | |
| CVE-2024-50829 | A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Managemen... | E | |
| CVE-2024-50830 | A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Man... | E | |
| CVE-2024-50831 | A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project... | E | |
| CVE-2024-50832 | A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management ... | E | |
| CVE-2024-50833 | A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Proj... | E | |
| CVE-2024-50834 | A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1... | E | |
| CVE-2024-50835 | A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Managemen... | E | |
| CVE-2024-50836 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-le... | E | |
| CVE-2024-50837 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-... | E | |
| CVE-2024-50838 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-... | E | |
| CVE-2024-50839 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E... | E | |
| CVE-2024-50840 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learn... | E | |
| CVE-2024-50841 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASH... | E | |
| CVE-2024-50842 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E... | E | |
| CVE-2024-50843 | A Directory listing issue was found in PHPGurukul User Registration & Login and User Management Syst... | E | |
| CVE-2024-50848 | An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functi... | | |
| CVE-2024-50849 | A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.... | | |
| CVE-2024-50852 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSe... | E | |
| CVE-2024-50853 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSe... | E | |
| CVE-2024-50854 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping func... | E | |
| CVE-2024-50857 | The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data... | E | |
| CVE-2024-50858 | Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attack... | | |
| CVE-2024-50859 | The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads... | E | |
| CVE-2024-50861 | The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can ... | E | |
| CVE-2024-50919 | Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-... | E | |
| CVE-2024-50920 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to c... | | |
| CVE-2024-50921 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to c... | | |
| CVE-2024-50924 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to c... | | |
| CVE-2024-50928 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to c... | | |
| CVE-2024-50929 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to a... | | |
| CVE-2024-50930 | An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.... | | |
| CVE-2024-50931 | Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.... | | |
| CVE-2024-50942 | qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/... | | |
| CVE-2024-50944 | Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47... | | |
| CVE-2024-50945 | An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a... | | |
| CVE-2024-50947 | An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.... | | |
| CVE-2024-50948 | An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted reque... | | |
| CVE-2024-50953 | An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted... | | |
| CVE-2024-50954 | The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerabilit... | | |
| CVE-2024-50955 | An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers t... | | |
| CVE-2024-50956 | A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPL... | | |
| CVE-2024-50960 | A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP... | E | |
| CVE-2024-50965 | Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.... | | |
| CVE-2024-50966 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2024-50967 | The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Co... | | |
| CVE-2024-50968 | A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Onlin... | E | |
| CVE-2024-50969 | A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.... | | |
| CVE-2024-50970 | A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.... | | |
| CVE-2024-50971 | A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows... | | |
| CVE-2024-50972 | A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 al... | | |
| CVE-2024-50983 | FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remot... | | |
| CVE-2024-50986 | An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL f... | | |
| CVE-2024-50989 | A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration S... | E | |
| CVE-2024-50990 | A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul... | E | |
| CVE-2024-50991 | A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGur... | E | |
| CVE-2024-50993 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPa... | | |
| CVE-2024-50994 | Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the co... | | |
| CVE-2024-50995 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at ... | | |
| CVE-2024-50996 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-50997 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-50998 | Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the co... | | |
| CVE-2024-50999 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPa... | |