| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-53000 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-53001 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-53002 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-53003 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-53004 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-53005 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-53006 | Substance3D - Modeler | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-53007 | Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execu... | | |
| CVE-2024-53008 | Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAP... | | |
| CVE-2024-53011 | Permissions, Privileges, and Access Controls in Video Analytics and Processing | | |
| CVE-2024-53012 | Improper Input Validation in Automotive OS Platform | | |
| CVE-2024-53014 | Improper Validation of Array Index in Audio | S | |
| CVE-2024-53022 | Improper Input Validation in Automotive OS Platform | | |
| CVE-2024-53023 | Use After Free in Automotive Android OS | S | |
| CVE-2024-53024 | NULL Pointer Dereference in Display | S | |
| CVE-2024-53025 | Integer Overflow or Wraparound in BT Controller | | |
| CVE-2024-53027 | Buffer Copy Without Checking Size of Input in WLAN Host | S | |
| CVE-2024-53028 | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive Vehicle Networks | | |
| CVE-2024-53029 | Improper Input Validation in Automotive OS Platform | | |
| CVE-2024-53030 | Improper Input Validation in Automotive OS Platform | | |
| CVE-2024-53031 | Improper Input Validation in Automotive OS Platform | | |
| CVE-2024-53032 | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform | | |
| CVE-2024-53033 | Untrusted Pointer Dereference in DSP_Services | | |
| CVE-2024-53034 | Untrusted Pointer Dereference in DSP_Services | | |
| CVE-2024-53041 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-53042 | ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() | S | |
| CVE-2024-53043 | mctp i2c: handle NULL header address | S | |
| CVE-2024-53044 | net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() | S | |
| CVE-2024-53045 | ASoC: dapm: fix bounds checker error in dapm_widget_list_create | S | |
| CVE-2024-53046 | arm64: dts: imx8ulp: correct the flexspi compatible string | S | |
| CVE-2024-53047 | mptcp: init: protect sched with rcu_read_lock | S | |
| CVE-2024-53048 | ice: fix crash on probe for DPLL enabled E810 LOM | S | |
| CVE-2024-53049 | slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof | S | |
| CVE-2024-53050 | drm/i915/hdcp: Add encoder check in hdcp2_get_capability | S | |
| CVE-2024-53051 | drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability | S | |
| CVE-2024-53052 | io_uring/rw: fix missing NOWAIT check for O_DIRECT start write | S | |
| CVE-2024-53053 | scsi: ufs: core: Fix another deadlock during RTC update | S | |
| CVE-2024-53054 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-53055 | wifi: iwlwifi: mvm: fix 6 GHz scan construction | S | |
| CVE-2024-53056 | drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() | S | |
| CVE-2024-53057 | net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT | S | |
| CVE-2024-53058 | net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data | S | |
| CVE-2024-53059 | wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() | S | |
| CVE-2024-53060 | drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported | S | |
| CVE-2024-53061 | media: s5p-jpeg: prevent buffer overflows | S | |
| CVE-2024-53062 | media: mgb4: protect driver against spectre | S | |
| CVE-2024-53063 | media: dvbdev: prevent the risk of out of memory access | S | |
| CVE-2024-53064 | idpf: fix idpf_vc_core_init error path | S | |
| CVE-2024-53065 | mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create | S | |
| CVE-2024-53066 | nfs: Fix KMSAN warning in decode_getfattr_attrs() | S | |
| CVE-2024-53067 | scsi: ufs: core: Start the RTC update work later | S | |
| CVE-2024-53068 | firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() | S | |
| CVE-2024-53069 | firmware: qcom: scm: fix a NULL-pointer dereference | S | |
| CVE-2024-53070 | usb: dwc3: fix fault at system suspend if device was already runtime suspended | S | |
| CVE-2024-53071 | drm/panthor: Be stricter about IO mapping flags | S | |
| CVE-2024-53072 | platform/x86/amd/pmc: Detect when STB is not available | S | |
| CVE-2024-53073 | NFSD: Never decrement pending_async_copies on error | S | |
| CVE-2024-53074 | wifi: iwlwifi: mvm: don't leak a link on AP removal | S | |
| CVE-2024-53075 | riscv: Prevent a bad reference count on CPU nodes | S | |
| CVE-2024-53076 | iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() | S | |
| CVE-2024-53077 | rpcrdma: Always release the rpcrdma_device's xa_array | S | |
| CVE-2024-53078 | drm/tegra: Fix NULL vs IS_ERR() check in probe() | S | |
| CVE-2024-53079 | mm/thp: fix deferred split unqueue naming and locking | S | |
| CVE-2024-53080 | drm/panthor: Lock XArray when getting entries for the VM | S | |
| CVE-2024-53081 | media: ar0521: don't overflow when checking PLL values | S | |
| CVE-2024-53082 | virtio_net: Add hash_key_length check | S | |
| CVE-2024-53083 | usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier | S | |
| CVE-2024-53084 | drm/imagination: Break an object reference loop | S | |
| CVE-2024-53085 | tpm: Lock TPM chip in tpm_pm_suspend() first | S | |
| CVE-2024-53086 | drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL | S | |
| CVE-2024-53087 | drm/xe: Fix possible exec queue leak in exec IOCTL | S | |
| CVE-2024-53088 | i40e: fix race condition by adding filter's intermediate sync state | S | |
| CVE-2024-53089 | LoongArch: KVM: Mark hrtimer to expire in hard interrupt context | S | |
| CVE-2024-53090 | afs: Fix lock recursion | S | |
| CVE-2024-53091 | bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx | S | |
| CVE-2024-53092 | virtio_pci: Fix admin vq cleanup by using correct info pointer | S | |
| CVE-2024-53093 | nvme-multipath: defer partition scanning | S | |
| CVE-2024-53094 | RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES | S | |
| CVE-2024-53095 | smb: client: Fix use-after-free of network namespace. | S | |
| CVE-2024-53096 | mm: resolve faulty mmap_region() error path behaviour | E S | |
| CVE-2024-53097 | mm: krealloc: Fix MTE false alarm in __do_krealloc | S | |
| CVE-2024-53098 | drm/xe/ufence: Prefetch ufence addr to catch bogus address | S | |
| CVE-2024-53099 | bpf: Check validity of link->type in bpf_link_show_fdinfo() | S | |
| CVE-2024-53100 | nvme: tcp: avoid race between queue_lock lock and destroy | S | |
| CVE-2024-53101 | fs: Fix uninitialized value issue in from_kuid and from_kgid | S | |
| CVE-2024-53102 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-53103 | hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer | S | |
| CVE-2024-53104 | media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format | KEV S | |
| CVE-2024-53105 | mm: page_alloc: move mlocked flag clearance into free_pages_prepare() | | |
| CVE-2024-53106 | ima: fix buffer overrun in ima_eventdigest_init_common | | |
| CVE-2024-53107 | fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() | S | |
| CVE-2024-53108 | drm/amd/display: Adjust VSDB parser for replay feature | S | |
| CVE-2024-53109 | nommu: pass NULL argument to vma_iter_prealloc() | S | |
| CVE-2024-53110 | vp_vdpa: fix id_table array not null terminated error | S | |
| CVE-2024-53111 | mm/mremap: fix address wraparound in move_page_tables() | S | |
| CVE-2024-53112 | ocfs2: uncache inode which has failed entering the group | S | |
| CVE-2024-53113 | mm: fix NULL pointer dereference in alloc_pages_bulk_noprof | S | |
| CVE-2024-53114 | x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client | S | |
| CVE-2024-53115 | drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle | S | |
| CVE-2024-53116 | drm/panthor: Fix handling of partial GPU mapping of BOs | S | |
| CVE-2024-53117 | virtio/vsock: Improve MSG_ZEROCOPY error handling | S | |
| CVE-2024-53118 | vsock: Fix sk_error_queue memory leak | S | |
| CVE-2024-53119 | virtio/vsock: Fix accept_queue memory leak | S | |
| CVE-2024-53120 | net/mlx5e: CT: Fix null-ptr-deref in add rule err flow | S | |
| CVE-2024-53121 | net/mlx5: fs, lock FTE when checking if active | S | |
| CVE-2024-53122 | mptcp: cope racing subflow creation in mptcp_rcv_space_adjust | S | |
| CVE-2024-53123 | mptcp: error out earlier on disconnect | S | |
| CVE-2024-53124 | net: fix data-races around sk->sk_forward_alloc | S | |
| CVE-2024-53125 | bpf: sync_linked_regs() must preserve subreg_def | | |
| CVE-2024-53126 | vdpa: solidrun: Fix UB bug with devres | S | |
| CVE-2024-53127 | Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" | S | |
| CVE-2024-53128 | sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers | S | |
| CVE-2024-53129 | drm/rockchip: vop: Fix a dereferenced before check warning | S | |
| CVE-2024-53130 | nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint | S | |
| CVE-2024-53131 | nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint | S | |
| CVE-2024-53132 | drm/xe/oa: Fix "Missing outer runtime PM protection" warning | S | |
| CVE-2024-53133 | drm/amd/display: Handle dml allocation failure to avoid crash | S | |
| CVE-2024-53134 | pmdomain: imx93-blk-ctrl: correct remove path | S | |
| CVE-2024-53135 | KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN | S | |
| CVE-2024-53136 | mm: revert "mm: shmem: fix data-race in shmem_getattr()" | S | |
| CVE-2024-53137 | ARM: fix cacheflush with PAN | S | |
| CVE-2024-53138 | net/mlx5e: kTLS, Fix incorrect page refcounting | S | |
| CVE-2024-53139 | sctp: fix possible UAF in sctp_v6_available() | S | |
| CVE-2024-53140 | netlink: terminate outstanding dump on socket close | S | |
| CVE-2024-53141 | netfilter: ipset: add missing range check in bitmap_ip_uadt | S | |
| CVE-2024-53142 | initramfs: avoid filename buffer overrun | S | |
| CVE-2024-53143 | fsnotify: Fix ordering of iput() and watched_objects decrement | S | |
| CVE-2024-53144 | Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE | | |
| CVE-2024-53145 | um: Fix potential integer overflow during physmem setup | S | |
| CVE-2024-53146 | NFSD: Prevent a potential integer overflow | S | |
| CVE-2024-53147 | exfat: fix out-of-bounds access of directory entries | | |
| CVE-2024-53148 | comedi: Flush partial mappings in error case | | |
| CVE-2024-53149 | usb: typec: ucsi: glink: fix off-by-one in connector_status | S | |
| CVE-2024-53150 | ALSA: usb-audio: Fix out of bounds reads when finding clock sources | KEV S | |
| CVE-2024-53151 | svcrdma: Address an integer overflow | S | |
| CVE-2024-53152 | PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() | | |
| CVE-2024-53153 | PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() | | |
| CVE-2024-53154 | clk: clk-apple-nco: Add NULL check in applnco_probe | S | |
| CVE-2024-53155 | ocfs2: fix uninitialized value in ocfs2_file_read_iter() | S | |
| CVE-2024-53156 | wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() | S | |
| CVE-2024-53157 | firmware: arm_scpi: Check the DVFS OPP count returned by the firmware | S | |
| CVE-2024-53158 | soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() | | |
| CVE-2024-53159 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-53160 | rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu | | |
| CVE-2024-53161 | EDAC/bluefield: Fix potential integer overflow | S | |
| CVE-2024-53162 | crypto: qat/qat_4xxx - fix off by one in uof_get_name() | S | |
| CVE-2024-53163 | crypto: qat/qat_420xx - fix off by one in uof_get_name() | S | |
| CVE-2024-53164 | net: sched: fix ordering of qlen adjustment | | |
| CVE-2024-53165 | sh: intc: Fix use-after-free bug in register_intc_controller() | S | |
| CVE-2024-53166 | block, bfq: fix bfqq uaf in bfq_limit_depth() | S | |
| CVE-2024-53167 | nfs/blocklayout: Don't attempt unregister for invalid block device | | |
| CVE-2024-53168 | sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket | S | |
| CVE-2024-53169 | nvme-fabrics: fix kernel crash while shutting down controller | | |
| CVE-2024-53170 | block: fix uaf for flush rq while iterating tags | S | |
| CVE-2024-53171 | ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit | S | |
| CVE-2024-53172 | ubi: fastmap: Fix duplicate slab cache names while attaching | | |
| CVE-2024-53173 | NFSv4.0: Fix a use-after-free problem in the asynchronous open() | S | |
| CVE-2024-53174 | SUNRPC: make sure cache entry active before cache_show | S | |
| CVE-2024-53175 | ipc: fix memleak if msg_init_ns failed in create_ipc_ns | S | |
| CVE-2024-53176 | smb: During unmount, ensure all cached dir instances drop their dentry | | |
| CVE-2024-53177 | smb: prevent use-after-free due to open_cached_dir error paths | S | |
| CVE-2024-53178 | smb: Don't leak cfid when reconnect races with open_cached_dir | | |
| CVE-2024-53179 | smb: client: fix use-after-free of signing key | S | |
| CVE-2024-53180 | ALSA: pcm: Add sanity NULL check for the default mmap fault handler | S | |
| CVE-2024-53181 | um: vector: Do not use drvdata in release | | |
| CVE-2024-53182 | Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" | S | |
| CVE-2024-53183 | um: net: Do not use drvdata in release | | |
| CVE-2024-53184 | um: ubd: Do not use drvdata in release | | |
| CVE-2024-53185 | smb: client: fix NULL ptr deref in crypto_aead_setkey() | S | |
| CVE-2024-53186 | ksmbd: fix use-after-free in SMB request handling | S | |
| CVE-2024-53187 | io_uring: check for overflows in io_pin_pages | S | |
| CVE-2024-53188 | wifi: ath12k: fix crash when unbinding | S | |
| CVE-2024-53189 | wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan | | |
| CVE-2024-53190 | wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures | | |
| CVE-2024-53191 | wifi: ath12k: fix warning when unbinding | S | |
| CVE-2024-53192 | clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access | S | |
| CVE-2024-53193 | clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider | | |
| CVE-2024-53194 | PCI: Fix use-after-free of slot->bus on hot remove | S | |
| CVE-2024-53195 | KVM: arm64: Get rid of userspace_irqchip_in_use | | |
| CVE-2024-53196 | KVM: arm64: Don't retire aborted MMIO instruction | | |
| CVE-2024-53197 | ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices | KEV S | |
| CVE-2024-53198 | xen: Fix the issue of resource not being properly released in xenbus_dev_probe() | | |
| CVE-2024-53199 | ASoC: imx-audmix: Add NULL check in imx_audmix_probe | S | |
| CVE-2024-53200 | drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp | S | |
| CVE-2024-53201 | drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe | S | |
| CVE-2024-53202 | firmware_loader: Fix possible resource leak in fw_log_firmware_info() | S | |
| CVE-2024-53203 | usb: typec: fix potential array underflow in ucsi_ccg_sync_control() | S | |
| CVE-2024-53204 | phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe | S | |
| CVE-2024-53205 | phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe | S | |
| CVE-2024-53206 | tcp: Fix use-after-free of nreq in reqsk_timer_handler(). | S | |
| CVE-2024-53207 | Bluetooth: MGMT: Fix possible deadlocks | S | |
| CVE-2024-53208 | Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync | S | |
| CVE-2024-53209 | bnxt_en: Fix receive ring space parameters when XDP is active | S | |
| CVE-2024-53210 | s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() | S | |
| CVE-2024-53211 | net/l2tp: fix warning in l2tp_exit_net found by syzbot | | |
| CVE-2024-53212 | netlink: fix false positive warning in extack during dumps | | |
| CVE-2024-53213 | net: usb: lan78xx: Fix double free issue with interrupt buffer allocation | S | |
| CVE-2024-53214 | vfio/pci: Properly hide first-in-list PCIe extended capability | | |
| CVE-2024-53215 | svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() | S | |
| CVE-2024-53216 | nfsd: release svc_expkey/svc_export with rcu_work | S | |
| CVE-2024-53217 | NFSD: Prevent NULL dereference in nfsd4_process_cb_update() | S | |
| CVE-2024-53218 | f2fs: fix race in concurrent f2fs_stop_gc_thread | S | |
| CVE-2024-53219 | virtiofs: use pages instead of pointer for kernel direct IO | | |
| CVE-2024-53220 | f2fs: fix to account dirty data in __get_secs_required() | | |
| CVE-2024-53221 | f2fs: fix null-ptr-deref in f2fs_submit_page_bio() | S | |
| CVE-2024-53222 | zram: fix NULL pointer in comp_algorithm_show() | S | |
| CVE-2024-53223 | clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs | | |
| CVE-2024-53224 | RDMA/mlx5: Move events notifier registration to be after device registration | S | |
| CVE-2024-53225 | iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift | | |
| CVE-2024-53226 | RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() | S | |
| CVE-2024-53227 | scsi: bfa: Fix use-after-free in bfad_im_module_exit() | S | |
| CVE-2024-53228 | riscv: kvm: Fix out-of-bounds array access | S | |
| CVE-2024-53229 | RDMA/rxe: Fix the qp flush warnings in req | | |
| CVE-2024-53230 | cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() | S | |
| CVE-2024-53231 | cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() | S | |
| CVE-2024-53232 | iommu/s390: Implement blocking domain | S | |
| CVE-2024-53233 | unicode: Fix utf8_load() error path | | |
| CVE-2024-53234 | erofs: handle NONHEAD !delta[1] lclusters gracefully | | |
| CVE-2024-53235 | erofs: fix file-backed mounts over FUSE | S | |
| CVE-2024-53236 | xsk: Free skb when TX metadata options are invalid | | |
| CVE-2024-53237 | Bluetooth: fix use-after-free in device_for_each_child() | S | |
| CVE-2024-53238 | Bluetooth: btmtk: adjust the position to init iso data anchor | S | |
| CVE-2024-53239 | ALSA: 6fire: Release resources at card release | S | |
| CVE-2024-53240 | xen/netfront: fix crash when removing device | | |
| CVE-2024-53241 | x86/xen: don't do PV iret hypercall through hypercall page | | |
| CVE-2024-53242 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-53243 | Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway | | |
| CVE-2024-53244 | Risky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameter | | |
| CVE-2024-53245 | Information Disclosure due to Username Collision with a Role that has the same Name as the User | | |
| CVE-2024-53246 | Sensitive Information Disclosure through SPL commands | | |
| CVE-2024-53247 | Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app | | |
| CVE-2024-53253 | Sentry's improper error handling leaks Application Integration Client Secret | | |
| CVE-2024-53254 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2024-53255 | Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS | E S | |
| CVE-2024-53256 | Rizin has a command injection via RzBinInfo bclass due legacy code | | |
| CVE-2024-53257 | Vitess allows HTML injection in /debug/querylogz & /debug/env | | |
| CVE-2024-53258 | download_all_submissions allows student to download another student's submissions in Autolab | S | |
| CVE-2024-53259 | quic-go affected by an ICMP Packet Too Large Injection Attack on Linux | | |
| CVE-2024-53260 | Course Roster vulnerable to CSV Injection in Autolab | S | |
| CVE-2024-53261 | Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit | | |
| CVE-2024-53262 | Unescaped error message included on error page in SvelteKit | | |
| CVE-2024-53263 | Git LFS permits exfiltration of credentials via crafted HTTP URLs | | |
| CVE-2024-53264 | Open Redirect Vulnerability in Loading Page in bunkerweb | | |
| CVE-2024-53266 | Cross-site Scripting (XSS) via topic titles when CSP disabled in Discourse | | |
| CVE-2024-53267 | Vulnerability with bundle verification in sigstore-java | | |
| CVE-2024-53268 | Lack of validation on openExternal allows 1 click remote code execution in joplin | E | |
| CVE-2024-53269 | Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy | E | |
| CVE-2024-53270 | HTTP/1: sending overload crashes when the request is reset beforehand in envoy | E | |
| CVE-2024-53271 | HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy | E | |
| CVE-2024-53272 | GHSL-2024-109: Reflected XSS in /login in habitica | | |
| CVE-2024-53273 | GHSL-2024-110: Reflected XSS in /register in habitica | | |
| CVE-2024-53274 | GHSL-2024-111: Reflected XSS in /home in habitica | | |
| CVE-2024-53275 | GHSL-2024-091: DNS rebinding attack in home-gallery | | |
| CVE-2024-53276 | GHSL-2024-092: Open CORS policy in home-gallery | | |
| CVE-2024-53277 | Cross-site Scripting in form messages in silverstripe framework | | |
| CVE-2024-53278 | Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If ... | | |
| CVE-2024-53279 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53280 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53281 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53282 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53283 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53284 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53285 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2024-53289 | Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability.... | | |
| CVE-2024-53290 | Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command (... | | |
| CVE-2024-53291 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadat... | | |
| CVE-2024-53292 | Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in th... | | |
| CVE-2024-53295 | Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access ... | | |
| CVE-2024-53296 | Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow... | | |
| CVE-2024-53299 | Apache Wicket: An attacker can intentionally trigger a memory leak | | |
| CVE-2024-53303 | A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 aft... | | |
| CVE-2024-53304 | An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect t... | | |
| CVE-2024-53305 | An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arb... | | |
| CVE-2024-53307 | A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.2... | E | |
| CVE-2024-53309 | A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Lin... | | |
| CVE-2024-53310 | A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Vide... | | |
| CVE-2024-53311 | A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows a... | | |
| CVE-2024-53319 | A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows ... | | |
| CVE-2024-53320 | Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the Ge... | | |
| CVE-2024-53333 | TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the ... | E | |
| CVE-2024-53334 | TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi.... | E | |
| CVE-2024-53335 | TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.... | E | |
| CVE-2024-53345 | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 al... | | |
| CVE-2024-53348 | LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain... | | |
| CVE-2024-53349 | Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's tok... | | |
| CVE-2024-53350 | Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's tok... | | |
| CVE-2024-53351 | Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, ... | | |
| CVE-2024-53354 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem... | E | |
| CVE-2024-53355 | Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows r... | E | |
| CVE-2024-53356 | Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote atta... | E | |
| CVE-2024-53357 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem... | E | |
| CVE-2024-53359 | An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET r... | | |
| CVE-2024-53364 | A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /us... | E | |
| CVE-2024-53365 | A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Manag... | E | |
| CVE-2024-53375 | An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series.... | | |
| CVE-2024-53376 | CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell me... | E | |
| CVE-2024-53379 | Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL v... | E | |
| CVE-2024-53382 | Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input tha... | E | |
| CVE-2024-53384 | A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a craft... | | |
| CVE-2024-53386 | Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains ... | E | |
| CVE-2024-53387 | A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via sup... | | |
| CVE-2024-53388 | A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplyi... | | |
| CVE-2024-53406 | Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. I... | E | |
| CVE-2024-53407 | In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib... | | |
| CVE-2024-53408 | AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerab... | E | |
| CVE-2024-53425 | A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v... | | |
| CVE-2024-53426 | A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS func... | | |
| CVE-2024-53427 | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted ... | | |
| CVE-2024-53429 | Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.... | | |
| CVE-2024-53432 | While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of... | | |
| CVE-2024-53438 | EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this ... | | |
| CVE-2024-53441 | An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execu... | | |
| CVE-2024-53442 | whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.... | | |
| CVE-2024-53450 | RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized acce... | | |
| CVE-2024-53457 | A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0... | E | |
| CVE-2024-53458 | Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing special... | E | |
| CVE-2024-53459 | Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter.... | | |
| CVE-2024-53470 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pa... | E | |
| CVE-2024-53471 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagam... | E | |
| CVE-2024-53472 | WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).... | E | |
| CVE-2024-53473 | WeGIA 3.2.0 before 3998672 does not verify permission to change a password.... | E S | |
| CVE-2024-53476 | A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f a... | | |
| CVE-2024-53477 | JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in... | | |
| CVE-2024-53480 | Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via... | E | |
| CVE-2024-53481 | A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Managemen... | E | |
| CVE-2024-53484 | Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded ... | | |
| CVE-2024-53490 | Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java.... | | |
| CVE-2024-53502 | Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page... | E | |
| CVE-2024-53504 | A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /se... | E | |
| CVE-2024-53505 | A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAsset... | E | |
| CVE-2024-53506 | A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /b... | E | |
| CVE-2024-53507 | A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.... | E | |
| CVE-2024-53522 | Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair ... | | |
| CVE-2024-53523 | JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the... | | |
| CVE-2024-53526 | composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and compos... | | |
| CVE-2024-53537 | An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Act... | | |
| CVE-2024-53542 | Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme Gmb... | | |
| CVE-2024-53543 | NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL inj... | | |
| CVE-2024-53544 | NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL inj... | | |
| CVE-2024-53552 | CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeove... | | |
| CVE-2024-53553 | An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication v... | | |
| CVE-2024-53554 | A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v... | | |
| CVE-2024-53555 | A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploadi... | | |
| CVE-2024-53556 | An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websi... | | |
| CVE-2024-53561 | A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows a... | | |
| CVE-2024-53563 | A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 al... | E | |
| CVE-2024-53564 | A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid... | | |
| CVE-2024-53566 | An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc... | | |
| CVE-2024-53568 | A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Ma... | | |
| CVE-2024-53569 | A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Person... | | |
| CVE-2024-53573 | Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and m... | E | |
| CVE-2024-53580 | iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters()... | E | |
| CVE-2024-53582 | An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allo... | E | |
| CVE-2024-53584 | OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone pa... | E | |
| CVE-2024-53586 | An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory... | | |
| CVE-2024-53588 | A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placi... | | |
| CVE-2024-53589 | GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's hand... | | |
| CVE-2024-53591 | An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brut... | | |
| CVE-2024-53597 | masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /... | | |
| CVE-2024-53599 | A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allo... | | |
| CVE-2024-53603 | A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 T... | E | |
| CVE-2024-53604 | A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 ... | E | |
| CVE-2024-53605 | Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/... | | |
| CVE-2024-53614 | A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data ... | | |
| CVE-2024-53615 | A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.ga... | | |
| CVE-2024-53617 | A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover... | | |
| CVE-2024-53619 | An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows a... | | |
| CVE-2024-53620 | A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated... | | |
| CVE-2024-53623 | Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to acce... | | |
| CVE-2024-53635 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.p... | E | |
| CVE-2024-53636 | An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information Sy... | E | |
| CVE-2024-53647 | Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker... | | |
| CVE-2024-53648 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6... | | |
| CVE-2024-53649 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6... | | |
| CVE-2024-53651 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP... | | |
| CVE-2024-53672 | Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface | | |
| CVE-2024-53673 | A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated atta... | | |
| CVE-2024-53674 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote ... | | |
| CVE-2024-53675 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote ... | | |
| CVE-2024-53676 | A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow r... | E | |
| CVE-2024-53677 | Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks | | |
| CVE-2024-53678 | Apache VCL: SQL injection vulnerability in New Block Allocation form | | |
| CVE-2024-53679 | Apache VCL: XSS vulnerability in User Lookup impacting user privileges | | |
| CVE-2024-53680 | ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() | | |
| CVE-2024-53681 | nvmet: Don't overflow subsysnqn | | |
| CVE-2024-53682 | regulator: axp20x: AXP717: set ramp_delay | | |
| CVE-2024-53683 | Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere | S | |
| CVE-2024-53685 | ceph: give up on paths longer than PATH_MAX | | |
| CVE-2024-53687 | riscv: Fix IPIs usage in kfence_protect_page() | | |
| CVE-2024-53688 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2024-53689 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-53690 | nilfs2: prevent use of deleted inode | | |
| CVE-2024-53691 | QTS, QuTS hero | S | |
| CVE-2024-53692 | QTS, QuTS hero | S | |
| CVE-2024-53693 | QTS, QuTS hero | S | |
| CVE-2024-53694 | QVPN Device Client, Qsync, Qfinder Pro | S | |
| CVE-2024-53695 | HBS 3 Hybrid Backup Sync | S | |
| CVE-2024-53696 | QuLog Center | S | |
| CVE-2024-53697 | QTS, QuTS hero | S | |
| CVE-2024-53698 | QTS, QuTS hero | S | |
| CVE-2024-53699 | QTS, QuTS hero | S | |
| CVE-2024-53700 | QHora | S | |
| CVE-2024-53701 | Multiple FCNT Android devices provide the original security features such as "privacy mode" where ar... | | |
| CVE-2024-53702 | Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall S... | | |
| CVE-2024-53703 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_http... | | |
| CVE-2024-53704 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote atta... | KEV | |
| CVE-2024-53705 | A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote ... | | |
| CVE-2024-53706 | A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-priv... | | |
| CVE-2024-53707 | WordPress Ahmeti Wp Güzel Sözler plugin <= 4.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-53708 | WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability | | |
| CVE-2024-53709 | WordPress Generic Elements plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53710 | WordPress ITERAS plugin <= 1.7.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53711 | WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53712 | WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53713 | WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53714 | WordPress Continue Shopping From Cart plugin <= 1.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53715 | WordPress Simple Travel Map plugin <= 0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53716 | WordPress wp auto top plugin <= 2.9.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53717 | WordPress yPHPlista plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53718 | WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53719 | WordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53720 | WordPress WP-ISPConfig 3 plugin <= 1.5.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53721 | WordPress Advanced Event Manager plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53722 | WordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53723 | WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53724 | WordPress IceStats plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53725 | WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53726 | WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53727 | WordPress LinkLaunder SEO plugin <= 0.92.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53728 | WordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53729 | WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53730 | WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53731 | WordPress Fintelligence Calculator plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53732 | WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53733 | WordPress Fence URL plugin <= 2.0.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53734 | WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53736 | WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53737 | WordPress WP Mailster plugin <= 1.8.16.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53738 | WordPress Asset CleanUp: Page Speed Booster plugin <=1.3.9.8 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-53739 | WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability | S | |
| CVE-2024-53740 | WordPress WooCommerce Ultimate Gift Card plugin < 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53741 | WordPress Simple Popup plugin <= 4.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53742 | WordPress Multilevel Referral Affiliate Plugin for WooCommerce plugin <= 2.27 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53743 | WordPress Countdown Timer for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53744 | WordPress Elementor Image Gallery plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53745 | WordPress Social Sharing Buttons By Cosmos Farm plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53746 | WordPress Elementor Button Plus plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53747 | WordPress Video Player for WPBakery plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53748 | WordPress WP Mermaid plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53749 | WordPress Post Carousel Slider for Elementor plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53750 | WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53751 | WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-53752 | WordPress Stripe Donation plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53753 | WordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53754 | WordPress Out Of Stock Badge plugin <= 1.3.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53755 | WordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53756 | WordPress Vertical Carousel plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53757 | WordPress WP Find Your Nearest plugin <= 0.3.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53758 | WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53759 | WordPress ArCa Payment Gateway plugin <= 1.3.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53760 | WordPress Capitalize My Title WordPress plugin <= 0.5.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53761 | WordPress WP Revisions Manager plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-53762 | WordPress FastBook plugin <= 1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53763 | WordPress Best Addons for Elementor plugin <=1.0.5 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53764 | WordPress Softtemplates For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53765 | WordPress Mins To Read plugin <= 1.2.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53766 | WordPress Devnex Addons For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53767 | WordPress Pixobe Cartography plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53768 | WordPress Content Audit Exporter plugin <= 1.1 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-53769 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53770 | WordPress RingCentral Communications plugin <= 1.6.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53771 | WordPress SimpleSchema plugin <= 1.7.6.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53772 | WordPress Mail Picker plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53773 | WordPress Znajdź Pracę z Praca.pl plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53774 | WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53775 | WordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-53776 | WordPress Donate Me plugin <= 1.2.5 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53777 | WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53778 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53779 | WordPress Yahoo! WebPlayer plugin <= 2.0.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53780 | WordPress Load More Posts plugin <= 1.4.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53781 | WordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-53782 | WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53783 | WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability | | |
| CVE-2024-53784 | WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.9 - Broken Access Control vulnerability | | |
| CVE-2024-53785 | WordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerability | | |
| CVE-2024-53786 | WordPress Cowidgets – Elementor Addons plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53787 | WordPress Random Banner plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53788 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53789 | WordPress Advanced What should we write next about plugin <=1.0.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53790 | WordPress Lenxel Core plugin <= 1.2.5 - Local File Inclusion vulnerability | | |
| CVE-2024-53791 | WordPress Lenxel Core plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-53792 | WordPress Watu Quiz plugin <= 3.4.2 - SQL Injection vulnerability | | |
| CVE-2024-53793 | WordPress eDoc Easy Tables plugin <= 1.29 - CSRF to SQL Injection vulnerability | | |
| CVE-2024-53794 | WordPress Arkhe Blocks plugin <= 2.27.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53795 | WordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerability | S | |
| CVE-2024-53796 | WordPress Themesflat Addons For Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53797 | WordPress Beaver Builder – WordPress Page Builder plugin <= 2.8.4.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53798 | WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability | S | |
| CVE-2024-53799 | WordPress FloristPress plugin <= 7.3.0 - Broken Access Control vulnerability | S | |
| CVE-2024-53800 | WordPress Rezgo Online Booking plugin <= 4.15 - Local File Inclusion vulnerability | | |
| CVE-2024-53801 | WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53802 | WordPress Futurio Extra plugin <= 2.0.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53803 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability | S | |
| CVE-2024-53804 | WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-53805 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability | S | |
| CVE-2024-53806 | WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability | S | |
| CVE-2024-53807 | WordPress WP Mailster plugin <= 1.8.16.0 - SQL Injection vulnerability | S | |
| CVE-2024-53808 | WordPress NEX-Forms plugin <= 8.7.8 - SQL Injection vulnerability | S | |
| CVE-2024-53809 | WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-53810 | WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability | S | |
| CVE-2024-53811 | WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-53812 | WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53813 | WordPress wp-travel plugin <= 9.6.0 - Broken Access Control vulnerability | S | |
| CVE-2024-53814 | WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability | S | |
| CVE-2024-53815 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability | S | |
| CVE-2024-53816 | WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability | S | |
| CVE-2024-53817 | WordPress Acowebs Product Labels For Woocommerce plugin <= 1.5.8 - SQL Injection vulnerability | S | |
| CVE-2024-53818 | WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53819 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.0 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2024-53820 | WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53821 | WordPress Pie Register Premium plugin < 3.8.3.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53822 | WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-53823 | WordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-53824 | WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability | S | |
| CVE-2024-53825 | WordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerability | S | |
| CVE-2024-53826 | WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2024-53827 | Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability | | |
| CVE-2024-53829 | Cross-Site Request Forgery in CodeChecker API | | |
| CVE-2024-53832 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.3... | | |
| CVE-2024-53833 | In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to im... | | |
| CVE-2024-53834 | In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due ... | | |
| CVE-2024-53835 | there is a possible biometric bypass due to an unusual root cause. This could lead to local escalati... | | |
| CVE-2024-53836 | In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buf... | | |
| CVE-2024-53837 | In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer... | | |
| CVE-2024-53838 | In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of b... | | |
| CVE-2024-53839 | In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a miss... | | |
| CVE-2024-53840 | there is a possible biometric bypass due to an unusual root cause. This could lead to local escalati... | | |
| CVE-2024-53841 | In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused depu... | | |
| CVE-2024-53842 | In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a ... | | |
| CVE-2024-53843 | Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server | | |
| CVE-2024-53844 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi | | |
| CVE-2024-53845 | AES/CBC Constant IV Vulnerability in ESPTouch v2 | | |
| CVE-2024-53846 | ssl fails to validate incorrect extened key usage | | |
| CVE-2024-53847 | Trix vulnerable to Cross-site Scripting on copy & paste | | |
| CVE-2024-53848 | check-jsonschema default caching for remote schemas allows for cache confusion | | |
| CVE-2024-53849 | Several stack buffer overflows and pointer overflows in editorconfig-core-c | | |
| CVE-2024-53850 | The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation | | |
| CVE-2024-53851 | Partial denial of service via inline oneboxes in Discourse | | |
| CVE-2024-53855 | User can view tickets from organizations they're not apart of in centurion_erp | | |
| CVE-2024-53856 | rPGP Panics on Malformed Untrusted Input | | |
| CVE-2024-53857 | rPGP Potential Resource Exhaustion when handling Untrusted Messages | | |
| CVE-2024-53858 | Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli | | |
| CVE-2024-53859 | go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace | | |
| CVE-2024-53860 | Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler | | |
| CVE-2024-53861 | Issuer field partial matches allowed in pyjwt | | |
| CVE-2024-53862 | Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode | | |
| CVE-2024-53863 | Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders | | |
| CVE-2024-53864 | Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui | | |
| CVE-2024-53865 | Python package "zhmcclient" has passwords in clear text in its HMC and API logs | | |
| CVE-2024-53866 | pnom vulnerable to no-script global cache poisoning via overrides / `ignore-scripts` evasion | | |
| CVE-2024-53867 | Synapse Matrix has a partial room state leak via Sliding Sync | | |
| CVE-2024-53868 | Apache Traffic Server: Malformed chunked message body allows request smuggling | | |
| CVE-2024-53869 | NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uniniti... | | |
| CVE-2024-53870 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user... | | |
| CVE-2024-53871 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user ... | | |
| CVE-2024-53872 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user... | | |
| CVE-2024-53873 | NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could... | | |
| CVE-2024-53874 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user... | | |
| CVE-2024-53875 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user... | | |
| CVE-2024-53876 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user ... | | |
| CVE-2024-53877 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user ... | | |
| CVE-2024-53878 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a ... | | |
| CVE-2024-53879 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a ... | | |
| CVE-2024-53880 | NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could... | | |
| CVE-2024-53881 | NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to caus... | | |
| CVE-2024-53899 | virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual envi... | E S | |
| CVE-2024-53900 | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.... | | |
| CVE-2024-53901 | The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of servi... | E S | |
| CVE-2024-53907 | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The st... | | |
| CVE-2024-53908 | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct... | | |
| CVE-2024-53909 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It all... | | |
| CVE-2024-53910 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It all... | | |
| CVE-2024-53911 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It all... | | |
| CVE-2024-53912 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It all... | | |
| CVE-2024-53913 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It all... | | |
| CVE-2024-53914 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It all... | | |
| CVE-2024-53915 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It all... | | |
| CVE-2024-53916 | In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during pol... | | |
| CVE-2024-53919 | An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core mod... | | |
| CVE-2024-53920 | In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (f... | | |
| CVE-2024-53921 | An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can creat... | | |
| CVE-2024-53923 | An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x befo... | | |
| CVE-2024-53924 | Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafte... | E | |
| CVE-2024-53930 | WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, whic... | | |
| CVE-2024-53931 | The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Andro... | | |
| CVE-2024-53932 | The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) appli... | | |
| CVE-2024-53933 | The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application th... | | |
| CVE-2024-53934 | The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) appli... | | |
| CVE-2024-53935 | The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 ... | | |
| CVE-2024-53936 | The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android e... | | |
| CVE-2024-53937 | An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0... | | |
| CVE-2024-53938 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0... | | |
| CVE-2024-53939 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0... | | |
| CVE-2024-53940 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0... | | |
| CVE-2024-53941 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0... | | |
| CVE-2024-53942 | An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/ra... | | |
| CVE-2024-53943 | An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/ra... | | |
| CVE-2024-53944 | An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802... | E | |
| CVE-2024-53947 | Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions | | |
| CVE-2024-53948 | Apache Superset: Error verbosity exposes metadata in analytics databases | | |
| CVE-2024-53949 | Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled | | |
| CVE-2024-53951 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-53952 | InDesign Desktop | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-53953 | Animate | Use After Free (CWE-416) | | |
| CVE-2024-53954 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-53955 | Bridge | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-53956 | Premiere Pro | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-53957 | Substance3D - Painter | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-53958 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-53959 | Adobe Framemaker | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2024-53960 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-53961 | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | | |
| CVE-2024-53962 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-53963 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-53964 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-53965 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-53966 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-53967 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-53968 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-53969 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-53970 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-53974 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-53975 | Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the... | | |
| CVE-2024-53976 | Under certain circumstances, navigating to a webpage would result in the address missing from the lo... | | |
| CVE-2024-53977 | A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V20... | | |
| CVE-2024-53979 | Ansible collection "ibm.ibm_zhmc" has passwords in clear text in log file and in output of some modules when specified as input | | |
| CVE-2024-53980 | Spoofed length byte traps CC2538 in endless loop | | |
| CVE-2024-53981 | python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary | | |
| CVE-2024-53982 | Arbitrary file download in Zoo-Project Echo Example | | |
| CVE-2024-53983 | Server-side request forgery in Backstage Scaffolder plugin | | |
| CVE-2024-53984 | Nanopb does not release memory on error return when using PB_DECODE_DELIMITED | | |
| CVE-2024-53985 | Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 | | |
| CVE-2024-53986 | Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 | | |
| CVE-2024-53987 | Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 | | |
| CVE-2024-53988 | Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 | | |
| CVE-2024-53989 | Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 | | |
| CVE-2024-53990 | AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s | | |
| CVE-2024-53991 | Potential Backup file leaked via Nginx in Discourse | | |
| CVE-2024-53992 | unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload | | |
| CVE-2024-53994 | Potential bypass of chat permissions in Discourse | | |
| CVE-2024-53995 | GHSL-2024-288: SickChill open redirect in login | | |
| CVE-2024-53996 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi... | R | |
| CVE-2024-53999 | Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality | |