| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-52000 | Reflected Cross-site Scripting exploit in Combodo iTop | | |
| CVE-2024-52001 | Portal user is able to access forbidden services information in Combodo iTop | | |
| CVE-2024-52002 | Cross-Site Request Forgery (CSRF) in several iTop pages | | |
| CVE-2024-52003 | X-Forwarded-Prefix Header still allows for Open Redirect in traefik | | |
| CVE-2024-52004 | Remote code execution vulnerabilities in MediaCMS | | |
| CVE-2024-52005 | The sideband payload is passed unfiltered to the terminal in git | | |
| CVE-2024-52006 | Newline confusion in credential helpers can lead to credential exfiltration in git | | |
| CVE-2024-52007 | XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` | | |
| CVE-2024-52008 | Password Policy Bypass Vulnerability in Fides Webserver | | |
| CVE-2024-52009 | Git credentials are exposed in atlantis logs | | |
| CVE-2024-52010 | Zoraxy has an authenticated command injection in the Web SSH feature | | |
| CVE-2024-52012 | Apache Solr: Configset upload on Windows allows arbitrary path write-access | | |
| CVE-2024-52013 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-52014 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-52015 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-52016 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-52017 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at b... | | |
| CVE-2024-52018 | Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_na... | | |
| CVE-2024-52019 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gate... | | |
| CVE-2024-52020 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gate... | | |
| CVE-2024-52021 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gate... | | |
| CVE-2024-52022 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered... | | |
| CVE-2024-52023 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack... | | |
| CVE-2024-52024 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack... | | |
| CVE-2024-52025 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack... | | |
| CVE-2024-52026 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack... | | |
| CVE-2024-52028 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask param... | | |
| CVE-2024-52029 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask param... | | |
| CVE-2024-52030 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask param... | | |
| CVE-2024-52032 | Private channel names leaking when Elasticsearch is enabled | S | |
| CVE-2024-52033 | Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten T... | | |
| CVE-2024-52034 | mySCADA myPRO OS Command Injection | S | |
| CVE-2024-52043 | User enumeration in HubHub | | |
| CVE-2024-52046 | Apache MINA: MINA applications using unbounded deserialization may allow RCE | | |
| CVE-2024-52047 | A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to... | | |
| CVE-2024-52048 | A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to esc... | | |
| CVE-2024-52049 | A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to esc... | | |
| CVE-2024-52050 | A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attack... | | |
| CVE-2024-52051 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (... | | |
| CVE-2024-52052 | Stream Target Remote Code Execution in Wowza Streaming Engine | | |
| CVE-2024-52053 | Stored Cross-Site Scripting in Wowza Streaming Engine | | |
| CVE-2024-52054 | Application Creation Path Traversal in Wowza Streaming Engine | | |
| CVE-2024-52055 | Application Copy Path Traversal in Wowza Streaming Engine | | |
| CVE-2024-52056 | Application Delete Path Traversal in Wowza Streaming Engine | | |
| CVE-2024-52057 | Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files | | |
| CVE-2024-52058 | Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests | | |
| CVE-2024-52059 | Potential heap buffer overflow in Security Plugins while creating a DomainParticipant that uses a malformed Identity Certificate | | |
| CVE-2024-52060 | Potential stack overflow when using XML configuration file referencing environment variables | | |
| CVE-2024-52061 | Potential stack buffer overflow when parsing an XML type | | |
| CVE-2024-52062 | Potential stack buffer write overflow in Connext applications while parsing malicious XML types document | | |
| CVE-2024-52063 | Potential stack buffer write overflow in Connext applications while parsing malicious XML types document | | |
| CVE-2024-52064 | Potential stack buffer write overflow in Connext applications while parsing malicious license file | | |
| CVE-2024-52065 | Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems | | |
| CVE-2024-52066 | Potential stack corruption in Routing Service when using a malicious XML configuration document | | |
| CVE-2024-52067 | Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log | | |
| CVE-2024-52268 | Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.... | | |
| CVE-2024-52269 | AI Assistant PDF Document Spoofing in DocuSign | E | |
| CVE-2024-52270 | PDF Document Spoofing in DropBox Sign(HelloSign) | E M | |
| CVE-2024-52271 | PDF Document Spoofing in Documenso | M | |
| CVE-2024-52272 | Denial of Service on Tenda AC6V2 Due To Stack Overflow | E | |
| CVE-2024-52273 | Denial of Service on Tenda AC6V2 Due To Stack Overflow | E | |
| CVE-2024-52274 | Denial of Service on Tenda AC6V2 Due To Stack Overflow | E | |
| CVE-2024-52275 | Denial of Service on Tenda AC6V2 Due To Stack Overflow | E | |
| CVE-2024-52276 | PDF Document Spoofing in DocuSign | E M | |
| CVE-2024-52277 | PDF Document Spoofing in DocuSeal | M | |
| CVE-2024-52278 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-52280 | Users can issue watch commands for arbitrary resources | | |
| CVE-2024-52281 | Stored Cross-site Scripting vulnerability in Rancher UI | | |
| CVE-2024-52282 | Rancher Helm Applications may have sensitive values leaked | | |
| CVE-2024-52283 | Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers fo... | | |
| CVE-2024-52285 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), Si... | | |
| CVE-2024-52286 | Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF | | |
| CVE-2024-52287 | authentik performs insufficient validation of OAuth scopes | | |
| CVE-2024-52288 | RMAC revert to the beginning of the session in libosdp | | |
| CVE-2024-52289 | authentik has an insecure default configuration for OAuth2 Redirect URIs | | |
| CVE-2024-52290 | Stored XSS in Configuration Key Functionality | E | |
| CVE-2024-52291 | Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution | E | |
| CVE-2024-52292 | Craft Allows Attackers to Read Arbitrary System Files | E | |
| CVE-2024-52293 | Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI | E S | |
| CVE-2024-52294 | khoj has an IDOR in subscription management that allows unauthorized subscription modifications | E | |
| CVE-2024-52295 | DataEase has a forged JWT token vulnerability | E S | |
| CVE-2024-52296 | libosdp has a null pointer deref in osdp_reply_name | | |
| CVE-2024-52297 | Tolgee's configuration all configuration properties leaked in public configuration DTO | | |
| CVE-2024-52298 | macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author | E M | |
| CVE-2024-52299 | The PDF viewer macro allows accessing any attachment without access right checks | | |
| CVE-2024-52300 | macro-pdfviewer has a XSS through the width parameter | | |
| CVE-2024-52301 | Laravel allows environment manipulation via query string | | |
| CVE-2024-52302 | common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE) | | |
| CVE-2024-52303 | aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method | | |
| CVE-2024-52304 | aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions | | |
| CVE-2024-52305 | UnoPim Stored XSS : Cookie hijacking through Create User function | E S | |
| CVE-2024-52306 | FileManager Deserialization of Untrusted Data | S | |
| CVE-2024-52307 | authentik allows a timing attack due to missing constant time comparison for metrics view | | |
| CVE-2024-52308 | Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer | | |
| CVE-2024-52309 | SFTPGo allows administrators to restrict command execution from the EventManager | | |
| CVE-2024-52311 | data.all does not invalidate authentication token upon user logout | S | |
| CVE-2024-52312 | data.all authenticated users can perform restricted operations against DataSets and Environments | S | |
| CVE-2024-52313 | data.all authenticated users can obtain incorrect object level authorizations | S | |
| CVE-2024-52314 | data.all admin user may access potentially sensitive data stored by producers via logs | S | |
| CVE-2024-52316 | Apache Tomcat: Authentication bypass when using Jakarta Authentication API | | |
| CVE-2024-52317 | Apache Tomcat: Request/response mix-up with HTTP/2 | | |
| CVE-2024-52318 | Apache Tomcat: Incorrect JSP tag recycling leads to XSS | | |
| CVE-2024-52319 | mm: use aligned address in clear_gigantic_page() | | |
| CVE-2024-52320 | Planet Technology Planet WGS-804HPT Command Injection | S | |
| CVE-2024-52321 | Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup ... | | |
| CVE-2024-52322 | WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions | | |
| CVE-2024-52323 | Sensitive Data Exposure | | |
| CVE-2024-52324 | Ruijie Reyee OS Use of Inherently Dangerous Function | S | |
| CVE-2024-52325 | ECOVACS robot lawnmowers and vacuums command injection | | |
| CVE-2024-52327 | ECOVACS lawnmower and vacuum cloud service live video PIN bypass | | |
| CVE-2024-52328 | ECOVACS lawnmowers and vacuums insecurely store audio warning files | | |
| CVE-2024-52329 | ECOVACS HOME mobile app plugins do not properly validate TLS certificates | | |
| CVE-2024-52330 | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates | | |
| CVE-2024-52331 | ECOVACS lawnmowers and vacuums deterministic firmware encryption key | | |
| CVE-2024-52332 | igb: Fix potential invalid memory access in igb_init_module() | | |
| CVE-2024-52333 | An improper array index validation vulnerability exists in the determineMinMax functionality of OFFI... | | |
| CVE-2024-52335 | A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected a... | | |
| CVE-2024-52336 | Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root | M | |
| CVE-2024-52337 | Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method | M | |
| CVE-2024-52338 | Apache Arrow R package: Arbitrary code execution when loading a malicious data file | S | |
| CVE-2024-52339 | WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52340 | WordPress Photographer Connections plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52341 | WordPress OS Our Team plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52342 | WordPress OS BXSlider plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52343 | WordPress OS Pricing Tables plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52344 | WordPress Provide Forex Signals plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52345 | WordPress ra_qrcode plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52346 | WordPress SimpleGMaps plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52347 | WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52348 | WordPress AA Audio Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52349 | WordPress Awesome Tool Tip plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52350 | WordPress CRM 2go plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52351 | WordPress BU Slideshow plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52352 | WordPress Postcasa Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52353 | WordPress Christian Science Bible Lesson Subjects plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52354 | WordPress Web Stories Widgets For Elementor plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52355 | WordPress OSM – OpenStreetMap plugin <= 6.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52356 | WordPress The Pack Elementor addons plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52357 | WordPress LIQUID BLOCKS plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52358 | WordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52359 | IBM Concert Software improper access controls | | |
| CVE-2024-52360 | IBM Concert Software SQL injection | | |
| CVE-2024-52361 | IBM Storage Defender - Resiliency Service information disclosure | | |
| CVE-2024-52362 | IBM App Connect Enterprise Certified Container denial of service | | |
| CVE-2024-52363 | IBM InfoSphere Information Server directory traversal | | |
| CVE-2024-52364 | IBM Cloud Pak for Business Automation cross-site scripting | | |
| CVE-2024-52365 | IBM Cloud Pak for Business Automation cross-site scripting | | |
| CVE-2024-52366 | IBM Concert Software information disclosure | | |
| CVE-2024-52367 | IBM Concert Software information disclosure | | |
| CVE-2024-52369 | WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52370 | WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-52371 | WordPress Global Gateway e4 plugin <= 2.0 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-52372 | WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52373 | WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52374 | WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52375 | WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52376 | WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52377 | WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.4 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52378 | WordPress DigiPass plugin <= 0.3.0 - Arbitrary File Download vulnerability | | |
| CVE-2024-52379 | WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-52380 | WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52381 | WordPress ZIJ KART plugin <= 1.1 - Local File Inclusion vulnerability | | |
| CVE-2024-52382 | WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2024-52383 | WordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerability | S | |
| CVE-2024-52384 | WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52385 | WordPress Team Member – Multi Language Supported Team plugin <= 7.3 - Limited Local File Inclusion vulnerability | | |
| CVE-2024-52386 | WordPress Classified Listing plugin <= 3.1.15.1 - Local File Inclusion vulnerability | | |
| CVE-2024-52388 | WordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-52389 | WordPress WP Job Portal plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52390 | WordPress CYAN Backup plugin <= 2.5.3 - Arbitrary File Download vulnerability | S | |
| CVE-2024-52391 | WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability | S | |
| CVE-2024-52392 | WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-52393 | WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-52394 | WordPress Print PDF Generator and Publisher plugin <= 1.1.6 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52395 | WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability | S | |
| CVE-2024-52396 | WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability | S | |
| CVE-2024-52397 | WordPress Convert Docx2post plugin <= 1.4 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52398 | WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-52399 | WordPress Writer Helper plugin <= 3.1.6 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52400 | WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52401 | WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability | | |
| CVE-2024-52402 | WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability | | |
| CVE-2024-52403 | WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52404 | WordPress CF7 Reply Manager plugin <= 1.2.3 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52405 | WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52406 | WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52407 | WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52408 | WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52409 | WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability | | |
| CVE-2024-52410 | WordPress Referrer Detector plugin <= 4.2.1.0 - PHP Object Injection vulnerability | | |
| CVE-2024-52411 | WordPress Advanced Personalization plugin <= 1.1.2 - PHP Object Injection vulnerability | | |
| CVE-2024-52412 | WordPress Xin theme <= 1.0.8.1 - PHP Object Injection vulnerability | | |
| CVE-2024-52413 | WordPress Airin Blog theme <= 1.6.1 - PHP Object Injection vulnerability | | |
| CVE-2024-52414 | WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability | | |
| CVE-2024-52415 | WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability | | |
| CVE-2024-52416 | WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability | | |
| CVE-2024-52417 | WordPress ReConstruction theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52418 | WordPress Gameplan theme <= 1.5.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52419 | WordPress Copy Anything to Clipboard plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52420 | WordPress Disable Admin Notices individually plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-52421 | WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-52422 | WordPress WP Githuber MD plugin <= 1.16.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52423 | WordPress Themify Builder plugin <= 7.6.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52424 | WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52425 | WordPress Drozd – Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52426 | WordPress Linear plugin <= 2.7.11 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52427 | WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-52428 | WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability | | |
| CVE-2024-52429 | WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability | | |
| CVE-2024-52430 | WordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerability | | |
| CVE-2024-52431 | WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability | | |
| CVE-2024-52432 | WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability | | |
| CVE-2024-52433 | WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability | | |
| CVE-2024-52434 | WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-52435 | WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - SQL Injection vulnerability | | |
| CVE-2024-52436 | WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability | | |
| CVE-2024-52437 | WordPress Banner System plugin <= 1.0.0 - Privilege Escalation vulnerability | | |
| CVE-2024-52438 | WordPress de:branding plugin <= 1.0.2 - Privilege Escalation vulnerability | | |
| CVE-2024-52439 | WordPress Team Rosters plugin <= 4.6 - PHP Object Injection vulnerability | | |
| CVE-2024-52440 | WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability | | |
| CVE-2024-52441 | WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability | | |
| CVE-2024-52442 | WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability | | |
| CVE-2024-52443 | WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability | | |
| CVE-2024-52444 | WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability | S | |
| CVE-2024-52445 | WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.3 - PHP Object Injection vulnerability | | |
| CVE-2024-52446 | WordPress Buying Buddy IDX CRM plugin <= 1.1.12 - CSRF to PHP Object Injection vulnerability | | |
| CVE-2024-52447 | WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-52448 | WordPress Ultimate Classified Listings plugin <= 1.4 - Local File Inclusion vulnerability | | |
| CVE-2024-52449 | WordPress WordPress Bootscraper plugin <= 2.1.0 - Local File Inclusion vulnerability | S | |
| CVE-2024-52450 | WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability | | |
| CVE-2024-52451 | WordPress Post Ideas plugin <= 2 - CSRF to SQL Injection vulnerability | | |
| CVE-2024-52452 | WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52453 | WordPress Library Bookshelves plugin <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52454 | WordPress GoQMieruca plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52455 | WordPress GoQSmile plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52456 | WordPress Awesome Studio plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52457 | WordPress Youneeq Recommendations plugin <= 3.0.7 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52458 | WordPress TM Islamic Helper plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52459 | WordPress Chameleoni Jobs plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52460 | WordPress AtaraPay WooCommerce Payment Gateway plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52461 | WordPress Infinite Slider plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52462 | WordPress WP e-Commerce Style Email plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52463 | WordPress Post By Email plugin <= 1.0.4b - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52464 | WordPress amr shortcodes plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52465 | WordPress LGPD Framework plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52466 | WordPress Explara Events plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52467 | WordPress AI Responsive Gallery Album plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52468 | WordPress LeadBoxer plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52469 | WordPress WooCommerce Price Alert plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52470 | WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52471 | WordPress Extensions for Elementor plugin <= 2.0.37 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52472 | WordPress Weather Atlas Widget plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52473 | WordPress HTML5 Lyrics Karaoke Player plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52474 | WordPress Express Payments plugin <= 1.1.8 - SQL Injection vulnerability | S | |
| CVE-2024-52475 | WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability | S | |
| CVE-2024-52476 | WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-52477 | WordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-52478 | WordPress Jobify theme <= 4.2.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52479 | WordPress Jobify plugin <= 4.2.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-52480 | WordPress Jobify plugin <= 4.2.3 - Broken Access Control vulnerability | | |
| CVE-2024-52481 | WordPress Jobify theme <= 4.2.3 - Unauthenticated Arbitrary File Read vulnerability | | |
| CVE-2024-52482 | WordPress Ortto plugin <= 1.0.19 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52483 | WordPress LeanPress plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52484 | WordPress Wc Recently viewed products plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52485 | WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability | | |
| CVE-2024-52486 | WordPress Elementor Portfolio Builder plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52487 | WordPress Ultimate Classified Listings plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52489 | WordPress Add Chat App Button plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-52490 | WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability | | |
| CVE-2024-52491 | WordPress Sticky Social Icons plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52492 | WordPress Image horizontal reel scroll slideshow plugin <= 13.4 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52493 | WordPress Meteor Slides plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52494 | WordPress Dynamic To Top plugin <= 3.5.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52495 | WordPress Distance Based Shipping Calculator plugin <= 2.0.21 - SQL Injection vulnerability | | |
| CVE-2024-52496 | WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability | | |
| CVE-2024-52497 | WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability | | |
| CVE-2024-52498 | WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability | | |
| CVE-2024-52499 | WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability | | |
| CVE-2024-52500 | WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability | | |
| CVE-2024-52501 | WordPress Office Locator plugin <= 1.3.0 - Local File Inclusion vulnerability | | |
| CVE-2024-52502 | WordPress ImbaChat plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52503 | WordPress Tailored Tools plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-52505 | matrix-appservice-irc allows IRC Command injection in provisioning API | | |
| CVE-2024-52506 | Graylog can leak other users' reports via concurrent PDF report rendering | | |
| CVE-2024-52507 | Share information of the Nextcloud Tables app is not limited to affected users | | |
| CVE-2024-52508 | Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers | | |
| CVE-2024-52509 | Nextcloud Mail app does not respect download permissions in shares | | |
| CVE-2024-52510 | Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty | | |
| CVE-2024-52511 | Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables | | |
| CVE-2024-52512 | Nextcloud User OIDC has an open redirection when logging in with User OIDC | | |
| CVE-2024-52513 | Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares | | |
| CVE-2024-52514 | Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control | | |
| CVE-2024-52515 | Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews | | |
| CVE-2024-52516 | Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them | S | |
| CVE-2024-52517 | Nextcloud Server's global credentials of external storages are sent back to the frontend | S | |
| CVE-2024-52518 | Nextcloud Server is missing password confirmation when changing external storage options | | |
| CVE-2024-52519 | Nextcloud Server's OAuth2 client secrets were stored in a recoverable way | S | |
| CVE-2024-52520 | Nextcloud Server's link reference provider can be tricked into downloading bigger files than intended | | |
| CVE-2024-52521 | Nextcloud Server has a potential hash collision for background jobs could skip queuing them | S | |
| CVE-2024-52522 | Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata | | |
| CVE-2024-52523 | Nextcloud Server Custom defined credentials of external storages are sent back to the frontend | | |
| CVE-2024-52524 | ReDoS in Giskard Scan text perturbation | | |
| CVE-2024-52525 | Nextcloud Server User password is available in memory of the PHP process | S | |
| CVE-2024-52526 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php | E S | |
| CVE-2024-52528 | Auth Token can be passed dummy or wrong the middleware response is 200 OK | | |
| CVE-2024-52529 | Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium | | |
| CVE-2024-52530 | GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' charact... | | |
| CVE-2024-52531 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8... | E | |
| CVE-2024-52532 | GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certa... | | |
| CVE-2024-52533 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflo... | | |
| CVE-2024-52534 | Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vul... | | |
| CVE-2024-52535 | Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs ver... | | |
| CVE-2024-52537 | Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A h... | | |
| CVE-2024-52538 | Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an S... | | |
| CVE-2024-52541 | Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker w... | | |
| CVE-2024-52542 | Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low priv... | | |
| CVE-2024-52543 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissio... | | |
| CVE-2024-52544 | Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow | E | |
| CVE-2024-52545 | Lorex 2K Indoor Wi-Fi Security Camera - Out of bounds heap read | E | |
| CVE-2024-52546 | Lorex 2K Indoor Wi-Fi Security Camera - Null pointer dereference | E | |
| CVE-2024-52547 | Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow | E | |
| CVE-2024-52548 | Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass | E | |
| CVE-2024-52549 | Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ a... | | |
| CVE-2024-52550 | Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does... | | |
| CVE-2024-52551 | Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether th... | | |
| CVE-2024-52552 | Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with J... | | |
| CVE-2024-52553 | Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate th... | | |
| CVE-2024-52554 | Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped l... | | |
| CVE-2024-52555 | In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type d... | | |
| CVE-2024-52557 | drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() | S | |
| CVE-2024-52558 | Planet Technology Planet WGS-804HPT Integer Underflow | S | |
| CVE-2024-52559 | drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() | S | |
| CVE-2024-52560 | fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() | | |
| CVE-2024-52564 | Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and ear... | | |
| CVE-2024-52565 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52566 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52567 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52568 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52569 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52570 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52571 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52572 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52573 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52574 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-52577 | Apache Ignite: Possible RCE when deserializing incoming messages by the server node | | |
| CVE-2024-52579 | Server-Side Request Forgery vulnerability in various APIs in Misskey | | |
| CVE-2024-52581 | Litestar allows unbounded resource consumption (DoS vulnerability) | E S | |
| CVE-2024-52582 | cachi2 allows traceback prints locals | | |
| CVE-2024-52583 | WesHacks code includes links to Leostop tracking spyware infested files | | |
| CVE-2024-52584 | Autolab has vulnerable submission endpoints | S | |
| CVE-2024-52585 | Autolab has HTML Injection Vulnerability | S | |
| CVE-2024-52586 | eLabFTW MFA bypass | | |
| CVE-2024-52587 | Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts` | | |
| CVE-2024-52589 | Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse | | |
| CVE-2024-52590 | Missing validation allows spoofed profiles in Misskey | | |
| CVE-2024-52591 | Missing validation allows spoofed profiles and notes in Misskey | | |
| CVE-2024-52592 | Missing validation allows spoofed poll updates in Misskey | | |
| CVE-2024-52593 | Missing validation allows spoofed "origin" links in Misskey | | |
| CVE-2024-52594 | Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib | | |
| CVE-2024-52595 | HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through | S | |
| CVE-2024-52596 | SimpleSAMLphp xml-common XXE vulnerability | | |
| CVE-2024-52597 | 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render | | |
| CVE-2024-52598 | 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview | | |
| CVE-2024-52599 | Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin | | |
| CVE-2024-52600 | Statamic CMS has Path Traversal in Asset Upload | | |
| CVE-2024-52601 | iTop portal Insecure Direct Object Reference vulnerability | | |
| CVE-2024-52602 | Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo | | |
| CVE-2024-52606 | SolarWinds Platform Server-Side Request Forgery Vulnerability | S | |
| CVE-2024-52611 | SolarWinds Platform Information Disclosure Vulnerability | S | |
| CVE-2024-52612 | SolarWinds Platform Reflected Cross-Site Scripting Vulnerability | S | |
| CVE-2024-52613 | A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to ca... | E | |
| CVE-2024-52614 | Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for ... | | |
| CVE-2024-52615 | Avahi: avahi wide-area dns uses constant source port | | |
| CVE-2024-52616 | Avahi: avahi wide-area dns predictable transaction ids | | |
| CVE-2024-52675 | SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movi... | E | |
| CVE-2024-52676 | Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via... | E | |
| CVE-2024-52677 | HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library... | | |
| CVE-2024-52701 | A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows... | E | |
| CVE-2024-52702 | A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38... | | |
| CVE-2024-52711 | DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip para... | | |
| CVE-2024-52714 | Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysT... | E | |
| CVE-2024-52723 | In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used with... | | |
| CVE-2024-52724 | ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.... | E | |
| CVE-2024-52725 | SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to exec... | E | |
| CVE-2024-52726 | CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attack... | | |
| CVE-2024-52732 | Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of... | | |
| CVE-2024-52739 | D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnera... | E | |
| CVE-2024-52754 | D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the t... | E | |
| CVE-2024-52755 | D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in ... | E | |
| CVE-2024-52757 | D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in t... | E | |
| CVE-2024-52759 | D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the i... | E | |
| CVE-2024-52762 | A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 ... | E | |
| CVE-2024-52763 | A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3... | E | |
| CVE-2024-52765 | H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parame... | E | |
| CVE-2024-52769 | An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 all... | | |
| CVE-2024-52770 | An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0... | | |
| CVE-2024-52771 | DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component ... | | |
| CVE-2024-52777 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vuln... | | |
| CVE-2024-52778 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulne... | | |
| CVE-2024-52779 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulne... | | |
| CVE-2024-52780 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulne... | | |
| CVE-2024-52781 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulne... | | |
| CVE-2024-52782 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulne... | | |
| CVE-2024-52783 | Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows... | | |
| CVE-2024-52787 | An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path trav... | | |
| CVE-2024-52788 | Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shad... | E | |
| CVE-2024-52789 | Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/s... | E | |
| CVE-2024-52791 | Denial of service through memory exhaustion in Matrix Media Repo | | |
| CVE-2024-52792 | Arbitrary config values override in lam | | |
| CVE-2024-52793 | XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems | | |
| CVE-2024-52794 | Magnific lightbox susceptible to Cross-site Scripting in Discourse | | |
| CVE-2024-52796 | Password Pusher's rate limiter can be bypassed by forging proxy headers | | |
| CVE-2024-52797 | Searching Opencast may cause a denial of service | | |
| CVE-2024-52798 | path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x | | |
| CVE-2024-52799 | Argo Workflows Chart: Excessive Privileges in Workflow Role | | |
| CVE-2024-52800 | Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI | | |
| CVE-2024-52801 | Brute force takeover of OpenID Connect session cookies in sftpgo | | |
| CVE-2024-52802 | RIOT-OS missing dhcpv6_opt_t minimum header length check | | |
| CVE-2024-52803 | LLama Factory Remote OS Command Injection Vulnerability | | |
| CVE-2024-52804 | Tornado has HTTP cookie parsing DoS vulnerability | | |
| CVE-2024-52805 | Synapse allows unsupported content types to lead to memory exhaustion | | |
| CVE-2024-52806 | SimpleSAMLphp SAML2 has an XXE in parsing SAML messages | | |
| CVE-2024-52807 | XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` | | |
| CVE-2024-52809 | Cross-site Scripting vulnerability with prototype pollution in vue-i18n | | |
| CVE-2024-52810 | Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4 | | |
| CVE-2024-52811 | Acks not validated before logged to qlog leads to buffer overflow in ngtcp2 | | |
| CVE-2024-52812 | LF Edge eKuiper has Stored XSS in Rules Functionality | | |
| CVE-2024-52813 | matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity | | |
| CVE-2024-52814 | Helm Lacks Granularity in Workflow Role | | |
| CVE-2024-52815 | Synapse allows a a malformed invite to break the invitee's `/sync` | | |
| CVE-2024-52816 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52817 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52818 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52822 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52823 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52824 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52825 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52826 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52827 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52828 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52829 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52830 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52831 | Adobe Experience Manager | Improper Input Validation (CWE-20) | | |
| CVE-2024-52832 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52833 | Substance3D - Modeler | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-52834 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52835 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52836 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52837 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52838 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52839 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52840 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52841 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52842 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52843 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52844 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52845 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52846 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52847 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52848 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52849 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52850 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52851 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52852 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52853 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52854 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52855 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52857 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52858 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52859 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52860 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-52861 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52862 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52864 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52865 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52867 | guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessi... | | |
| CVE-2024-52869 | Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, m... | | |
| CVE-2024-52870 | Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com acces... | | |
| CVE-2024-52871 | In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.... | | |
| CVE-2024-52872 | In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.... | | |
| CVE-2024-52874 | In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.... | | |
| CVE-2024-52875 | An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to t... | | |
| CVE-2024-52876 | Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application befo... | | |
| CVE-2024-52877 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before ve... | | |
| CVE-2024-52878 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before ve... | | |
| CVE-2024-52879 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before ve... | | |
| CVE-2024-52880 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before ve... | | |
| CVE-2024-52881 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the ... | | |
| CVE-2024-52882 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to impr... | | |
| CVE-2024-52883 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a pa... | E | |
| CVE-2024-52884 | An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. ... | | |
| CVE-2024-52887 | Self-XSS | | |
| CVE-2024-52888 | Stored-XSS | | |
| CVE-2024-52891 | IBM Concert Software log manipulation | | |
| CVE-2024-52892 | IBM Jazz for Service Management Cross-Site Scripting | | |
| CVE-2024-52893 | IBM Concert Software information disclosure | | |
| CVE-2024-52895 | IBM i denial of service | | |
| CVE-2024-52896 | IBM MQ information disclosure | | |
| CVE-2024-52897 | IBM MQ information disclosure | | |
| CVE-2024-52898 | IBM MQ information disclosure | | |
| CVE-2024-52899 | IBM Data Virtualization Manager code execution | | |
| CVE-2024-52901 | IBM InfoSphere Information Server denial of service | | |
| CVE-2024-52902 | IBM Cognos Controller information disclosure | | |
| CVE-2024-52903 | IBM Db2 denial of service | S | |
| CVE-2024-52905 | IBM Sterling B2B Integrator information disclosure | | |
| CVE-2024-52906 | IBM AIX denial of service | | |
| CVE-2024-52912 | Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calcul... | | |
| CVE-2024-52913 | In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed t... | | |
| CVE-2024-52914 | In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a cr... | | |
| CVE-2024-52915 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption)... | | |
| CVE-2024-52916 | Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of ... | | |
| CVE-2024-52917 | Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of r... | | |
| CVE-2024-52918 | Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memor... | | |
| CVE-2024-52919 | Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (a... | | |
| CVE-2024-52920 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via ... | | |
| CVE-2024-52921 | In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutate... | | |
| CVE-2024-52922 | In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because ... | | |
| CVE-2024-52923 | An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 98... | | |
| CVE-2024-52924 | An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 98... | | |
| CVE-2024-52925 | In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker ... | | |
| CVE-2024-52926 | Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.... | | |
| CVE-2024-52935 | GPU DDK - psContext->eDM gives OOB write | | |
| CVE-2024-52936 | GPU DDK - rgxfw_hwperf_config OOB read & write | | |
| CVE-2024-52937 | GPU DDK - rgxfw_kernel_CMD_DISABLE_ZSSTORE OOB write via ui32WriteOffsetOfDisableZSStore | | |
| CVE-2024-52938 | GPU DDK - rgxfw_pm_add_freelist_for_reconstruction OOB write | | |
| CVE-2024-52939 | GPU DDK - RGXFWIF_HWPERF_CTL_BLK.uiNumCounters OOB write | | |
| CVE-2024-52940 | AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a ... | | |
| CVE-2024-52941 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows ... | | |
| CVE-2024-52942 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows ... | | |
| CVE-2024-52943 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows ... | | |
| CVE-2024-52944 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows ... | | |
| CVE-2024-52945 | An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components ... | | |
| CVE-2024-52946 | An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh all... | | |
| CVE-2024-52947 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to... | | |
| CVE-2024-52949 | iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently... | E | |
| CVE-2024-52951 | Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update... | | |
| CVE-2024-52958 | iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature | | |
| CVE-2024-52959 | iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection') | | |
| CVE-2024-52960 | A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox v... | S | |
| CVE-2024-52961 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Forti... | S | |
| CVE-2024-52962 | An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 an... | S | |
| CVE-2024-52963 | A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10,... | S | |
| CVE-2024-52966 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 throug... | S | |
| CVE-2024-52967 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPo... | S | |
| CVE-2024-52968 | An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain i... | S | |
| CVE-2024-52969 | An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit... | S | |
| CVE-2024-52972 | Kibana allocation of resources without limits or throttling leads to crash | | |
| CVE-2024-52973 | Kibana allocation of resources without limits or throttling leads to crash | | |
| CVE-2024-52974 | An issue has been identified where a specially crafted request sent to an Observability API could ca... | | |
| CVE-2024-52975 | Fleet Server sensitive information exposure via logs | | |
| CVE-2024-52976 | Elastic Agent Inclusion of Functionality from Untrusted Control Sphere | | |
| CVE-2024-52979 | Elasticsearch Uncontrolled Resource Consumption vulnerability | | |
| CVE-2024-52980 | Elasticsearch Uncontrolled Resource Consumption vulnerability | | |
| CVE-2024-52981 | An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted... | | |
| CVE-2024-52982 | Animate | Improper Input Validation (CWE-20) | | |
| CVE-2024-52983 | Animate | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2024-52984 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-52985 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-52986 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-52987 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-52988 | Animate | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-52989 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-52990 | Animate | Buffer Underwrite ('Buffer Underflow') (CWE-124) | | |
| CVE-2024-52991 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52992 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52993 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-52994 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-52995 | Substance3D - Sampler | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-52996 | Substance3D - Sampler | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-52997 | Photoshop Desktop | Use After Free (CWE-416) | | |
| CVE-2024-52998 | Substance3D - Stager | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-52999 | Substance3D - Modeler | Heap-based Buffer Overflow (CWE-122) | |