| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-54000 | Mobile Security Framework (MobSF) bypass of SSRF fix | | |
| CVE-2024-54001 | Kanboard allows a persistent HTML injection site scripting in settings page date format | E | |
| CVE-2024-54002 | Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint | | |
| CVE-2024-54003 | Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored c... | | |
| CVE-2024-54004 | Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the ... | | |
| CVE-2024-54005 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All ... | | |
| CVE-2024-54006 | Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge | | |
| CVE-2024-54007 | Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge | | |
| CVE-2024-54008 | Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform | | |
| CVE-2024-54009 | Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to ver... | | |
| CVE-2024-54010 | Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches | | |
| CVE-2024-54014 | Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 an... | | |
| CVE-2024-54015 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6... | | |
| CVE-2024-54016 | compression bomb attack in Apache Seata Server | | |
| CVE-2024-54018 | Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] ... | S | |
| CVE-2024-54020 | A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 th... | S | |
| CVE-2024-54021 | An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet... | S | |
| CVE-2024-54024 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | S | |
| CVE-2024-54025 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | S | |
| CVE-2024-54026 | An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet ... | S | |
| CVE-2024-54027 | A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and belo... | S | |
| CVE-2024-54030 | Communication_dsoftbus has an UAF vulnerability | | |
| CVE-2024-54031 | netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext | | |
| CVE-2024-54032 | Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-54034 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54036 | Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-54037 | Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-54038 | Adobe Connect | Improper Access Control (CWE-284) | | |
| CVE-2024-54039 | Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-54040 | Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-54041 | Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-54042 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54043 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54044 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54045 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54046 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54047 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54048 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54049 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-54050 | Adobe Connect | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601) | | |
| CVE-2024-54051 | Adobe Connect | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601) | | |
| CVE-2024-54082 | home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configura... | | |
| CVE-2024-54083 | DoS via lack of type validation in Calls | S | |
| CVE-2024-54084 | SMM Arbitrary Write via TOCTOU Vulnerability | | |
| CVE-2024-54085 | Redfish Authentication Bypass | | |
| CVE-2024-54089 | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series ... | | |
| CVE-2024-54090 | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series ... | | |
| CVE-2024-54091 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Ed... | | |
| CVE-2024-54092 | A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Indu... | | |
| CVE-2024-54093 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affec... | | |
| CVE-2024-54094 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affec... | | |
| CVE-2024-54095 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affe... | | |
| CVE-2024-54096 | Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this v... | | |
| CVE-2024-54097 | Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability ma... | | |
| CVE-2024-54098 | Service logic error vulnerability in the system service module Impact: Successful exploitation of th... | | |
| CVE-2024-54099 | File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability... | | |
| CVE-2024-54100 | Vulnerability of improper access control in the secure input module Impact: Successful exploitation ... | | |
| CVE-2024-54101 | Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of ... | | |
| CVE-2024-54102 | Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability... | | |
| CVE-2024-54103 | Vulnerability of improper access control in the album module Impact: Successful exploitation of this... | | |
| CVE-2024-54104 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-54105 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-54106 | Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation ... | | |
| CVE-2024-54107 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-54108 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-54109 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-54110 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-54111 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-54112 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-54113 | Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploit... | | |
| CVE-2024-54114 | Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of... | | |
| CVE-2024-54115 | Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerab... | | |
| CVE-2024-54116 | Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerab... | | |
| CVE-2024-54117 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-54118 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-54119 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-54120 | Race condition vulnerability in the distributed notification module Impact: Successful exploitation ... | | |
| CVE-2024-54121 | Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerab... | | |
| CVE-2024-54122 | Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of th... | | |
| CVE-2024-54123 | Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag i... | | |
| CVE-2024-54124 | In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the ... | | |
| CVE-2024-54125 | Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android vers... | | |
| CVE-2024-54126 | Insufficient Integrity Verification Vulnerability in TP-Link Archer C50 | S | |
| CVE-2024-54127 | Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50 | S | |
| CVE-2024-54128 | Directus has an HTML Injection in Comment | | |
| CVE-2024-54129 | Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7 | | |
| CVE-2024-54130 | Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public) | | |
| CVE-2024-54131 | Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) | | |
| CVE-2024-54132 | GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability | | |
| CVE-2024-54133 | Possible Content Security Policy bypass in Action Dispatch | | |
| CVE-2024-54134 | @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material | | |
| CVE-2024-54135 | Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199 | | |
| CVE-2024-54136 | Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below | | |
| CVE-2024-54137 | liboqs has a correctness error in HQC decapsulation | | |
| CVE-2024-54138 | XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing | | |
| CVE-2024-54139 | Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter | | |
| CVE-2024-54140 | sigstore-java has a vulnerability with bundle verification | | |
| CVE-2024-54141 | phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available | | |
| CVE-2024-54142 | Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse | | |
| CVE-2024-54143 | openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection | | |
| CVE-2024-54145 | Cacti has a SQL Injection vulnerability when request automation devices | E S | |
| CVE-2024-54146 | Cacti has a SQL Injection vulnerability when view host template | E S | |
| CVE-2024-54147 | Altair GraphQL Client's desktop app does not validate HTTPS certificates | | |
| CVE-2024-54148 | Gogs has a Path Traversal in file editing UI | E S | |
| CVE-2024-54149 | Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion | | |
| CVE-2024-54150 | Algorithm Confusion Vulnerability in cjwt | | |
| CVE-2024-54151 | Directus allows unauthenticated access to WebSocket events and operations | E | |
| CVE-2024-54152 | Angular Expressions - Remote Code Execution when using locals | | |
| CVE-2024-54153 | In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via ... | | |
| CVE-2024-54154 | In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plu... | | |
| CVE-2024-54155 | In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names d... | | |
| CVE-2024-54156 | In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype poll... | | |
| CVE-2024-54157 | In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in R... | | |
| CVE-2024-54158 | In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycod... | | |
| CVE-2024-54159 | stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rt... | | |
| CVE-2024-54160 | dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19,... | | |
| CVE-2024-54169 | IBM EntireX path traversal | | |
| CVE-2024-54170 | IBM EntireX denial of service | | |
| CVE-2024-54171 | IBM EntireX XML external entity injection | | |
| CVE-2024-54173 | IBM MQ information disclosure | | |
| CVE-2024-54175 | IBM MQ denial of service | | |
| CVE-2024-54176 | IBM UrbanCode Deploy missing authentication | | |
| CVE-2024-54179 | IBM Business Automation Workflow cross-site scripting | | |
| CVE-2024-54181 | IBM WebSphere Automation command injection | | |
| CVE-2024-54188 | Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitra... | | |
| CVE-2024-54191 | Bluetooth: iso: Fix circular lock in iso_conn_big_sync | S | |
| CVE-2024-54193 | accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal() | | |
| CVE-2024-54197 | Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) | | |
| CVE-2024-54198 | Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP | | |
| CVE-2024-54205 | WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54206 | WordPress Z-Downloads plugin <= 1.11.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54207 | WordPress WordPress Auction Plugin plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54208 | WordPress Block Controller plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54209 | WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54210 | WordPress Advanced Element Bucket Addons for Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54211 | WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54212 | WordPress Magical Addons For Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54213 | WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.12 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54214 | WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability | | |
| CVE-2024-54215 | WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-54216 | WordPress ARForms plugin <= 6.4.1 - Arbitrary File Read vulnerability | | |
| CVE-2024-54217 | WordPress ARForms plugin <= 6.4.1 - Plugin Settings Change vulnerability | | |
| CVE-2024-54218 | WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability | | |
| CVE-2024-54219 | WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Site-Wide Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54220 | WordPress FAT Services Booking plugin <= 5.6 - Subscriber+ Site-Wide Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54221 | WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-54223 | WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability | S | |
| CVE-2024-54224 | WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54225 | WordPress Designer plugin <= 1.3.3 - Local File Inclusion vulnerability | | |
| CVE-2024-54226 | WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54227 | WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability | | |
| CVE-2024-54228 | WordPress Wot Elementor Widgets plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54229 | WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability | | |
| CVE-2024-54230 | WordPress Unlock Addons for Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54231 | WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54232 | WordPress RRAddons for Elementor plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54233 | WordPress Advanced Control Manager plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54234 | WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability | | |
| CVE-2024-54235 | WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54236 | WordPress Ni WooCommerce Bulk Product Editor plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54237 | WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54238 | WordPress Board Document Manager from CHUHPL plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54239 | WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability | S | |
| CVE-2024-54240 | WordPress Blaze Online eParcel for WooCommerce plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54241 | WordPress Elite Notification plugin 1.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54242 | WordPress Simple Notification plugin <= 1.3 - Broken Access Control vulnerability | | |
| CVE-2024-54243 | WordPress Echoza plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54244 | WordPress Easy Replace plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54245 | WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54246 | WordPress FAQs plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54247 | WordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54248 | WordPress Eewee Admin Custom plugin <= 1.8.2.4 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2024-54249 | WordPress Advanced Options Editor plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54250 | WordPress Prodigy Commerce plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54251 | WordPress Prodigy Commerce plugin <= 3.0.9 - Broken Access Control vulnerability | | |
| CVE-2024-54252 | WordPress Pinpoint Booking System Plugin <= 2.9.9.5.2 - Broken Access Control vulnerability | | |
| CVE-2024-54253 | WordPress Xpro Addons For Elementor plugin <= 1.4.6.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54254 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability | S | |
| CVE-2024-54255 | WordPress Login Widget With Shortcode plugin <= 6.1.2 - Open Redirection vulnerability | | |
| CVE-2024-54256 | WordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerability | | |
| CVE-2024-54257 | WordPress tydskrif theme <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54258 | WordPress Ni CRM Lead plugin <= 1.3.0 - SQL Injection vulnerability | | |
| CVE-2024-54259 | WordPress DELUCKS SEO plugin <= 2.5.5 - Arbitrary File Download vulnerability | | |
| CVE-2024-54260 | WordPress News Kit Elementor Addons plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54261 | WordPress TAX SERVICE Electronic HDM plugin <= 1.1.2 - SQL Injection vulnerability | | |
| CVE-2024-54262 | WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability | | |
| CVE-2024-54264 | WordPress Shortcodes Blocks Creator Ultimate plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54265 | WordPress Barcode Scanner and Inventory manager plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54266 | WordPress ImageRecycle pdf & image compression plugin <= 3.1.16 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54267 | WordPress CM Answers plugin <= 3.2.6 - Broken Access Control vulnerability | S | |
| CVE-2024-54268 | WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability | S | |
| CVE-2024-54269 | WordPress Notibar plugin <= 2.1.4 - Broken Access Control vulnerability | S | |
| CVE-2024-54270 | WordPress Axeptio plugin <= 2.5.3 - Local File Inclusion vulnerability | | |
| CVE-2024-54271 | WordPress WPCargo Track & Trace plugin <= 7.0.6 - Settings Change vulnerability | | |
| CVE-2024-54272 | WordPress Radius Blocks plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54273 | WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability | S | |
| CVE-2024-54274 | WordPress Octrace Support plugin <= 1.2.7 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54275 | WordPress CSV to html plugin <= 3.04 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54276 | WordPress Poll Builder plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54277 | WordPress Nias course plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54278 | WordPress News Ticker for Elementor plugin <= 2.1.3 - Broken Access Control vulnerability | | |
| CVE-2024-54279 | WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-54280 | WordPress WPBookit plugin <= 1.6.0 - SQL Injection vulnerability | | |
| CVE-2024-54282 | WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability | | |
| CVE-2024-54283 | WordPress SeedProd Pro plugin <= 6.18.10 - SQL Injection vulnerability | | |
| CVE-2024-54284 | WordPress SeedProd Pro plugin <= 6.18.10 - SQL Injection vulnerability | | |
| CVE-2024-54285 | WordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-54286 | WordPress Smaily for WP plugin <= 3.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54287 | WordPress Advanced Blog Post Block plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54288 | WordPress LDD Directory Lite plugin <= 3.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54289 | WordPress Awesome Support plugin <= 6.3.0 - Broken Access Control vulnerability | | |
| CVE-2024-54290 | WordPress Role Includer plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54291 | WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability | | |
| CVE-2024-54292 | WordPress Appsplate plugin <= 2.1.3 - SQL Injection vulnerability | | |
| CVE-2024-54293 | WordPress CE21 Suite plugin <= 2.2.0 - Privilege Escalation vulnerability | | |
| CVE-2024-54294 | WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability | | |
| CVE-2024-54295 | WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability | | |
| CVE-2024-54296 | WordPress CoSchool LMS plugin <= 1.2 - Account Takeover vulnerability | | |
| CVE-2024-54297 | WordPress vBSSO-lite plugin <= 1.4.3 - Account Takeover vulnerability | | |
| CVE-2024-54298 | WordPress Car Dealer plugin <= 4.46 - Broken Access Control vulnerability | S | |
| CVE-2024-54299 | WordPress Revi.io plugin <= 5.7.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54300 | WordPress AutoWP plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54301 | WordPress FormFacade plugin <= 1.3.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54302 | WordPress VForm plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54303 | WordPress Simple Payment plugin <= 2.3.7 - Refleceted Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54304 | WordPress Hive Support plugin <= 1.1.2 - SQL Injection vulnerability | S | |
| CVE-2024-54305 | WordPress J&T Express Malaysia plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54306 | WordPress AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot plugin <= 1.6.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54307 | WordPress AIcomments plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54308 | WordPress Cryptocurrency Price Widget plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54309 | WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-54310 | WordPress Gou Manage My Account Menu plugin <= 1.0.1.8 - Broken Access Control vulnerability | S | |
| CVE-2024-54311 | WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability | S | |
| CVE-2024-54312 | WordPress افزونه پیامک ووکامرس Persian WooCommerce SMS plugin <= 7.0.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54313 | WordPress FULL – Cliente plugin <= 3.1.25 - Local File Inclusion vulnerability | S | |
| CVE-2024-54314 | WordPress Primary Addon for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54315 | WordPress Events Addon for Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54316 | WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54317 | WordPress Web Stories plugin <= 1.37.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54318 | WordPress NiceJob plugin <= 3.6.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54319 | WordPress Kundgenerator plugin <= 1.0.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54320 | WordPress ICDSoft Reseller Store plugin<= 2.4.5 -Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54321 | WordPress Hive Support plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54322 | WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54323 | WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability | S | |
| CVE-2024-54324 | WordPress SMSify plugin <= 6.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54325 | WordPress CarDealerPress plugin <= 6.6.2410.02 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54326 | WordPress GEO my WP plugin <= 4.5.0.4 - Broken Access Control vulnerability | S | |
| CVE-2024-54327 | WordPress UNIVERSAM plugin < 8.59 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54328 | WordPress Invoice Payment for WooCommerce plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54329 | WordPress CleverNode Related Content plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54330 | WordPress Hurrakify plugin <= 2.4 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-54331 | WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability | S | |
| CVE-2024-54332 | WordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-54333 | WordPress Check Pincode For Woocommerce plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54334 | WordPress Quran Phrases About Most People Shortcodes plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54335 | WordPress ImmoToolBox Connect plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54336 | WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability | S | |
| CVE-2024-54337 | WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability | S | |
| CVE-2024-54338 | WordPress Hello Event Widgets For Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54339 | WordPress geoFlickr plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54340 | WordPress Simple Presenter plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54341 | WordPress LabelGrid Tools plugin <= 1.3.58 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54342 | WordPress Staggs plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54343 | WordPress Connect Contact Form 7 to Constant Contact plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54344 | WordPress WP Quick Shop plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54345 | WordPress Bicycleshop theme <= 1.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54346 | WordPress Barter theme <= 1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54347 | WordPress FloristPress plugin <= 7.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54348 | WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54349 | WordPress Plain Post plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54350 | WordPress hmd theme <= 2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54351 | WordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-54352 | WordPress Sogrid plugin <= 1.5.2 - CSRF to Privilege Escalation vulnerability | S | |
| CVE-2024-54353 | WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54354 | WordPress Termin-Kalender plugin <= 0.99.47 - Broken Access Control vulnerability | S | |
| CVE-2024-54355 | WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54356 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54357 | WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-54358 | WordPress 3D Avatar User Profile plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54359 | WordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerability | | |
| CVE-2024-54360 | WordPress Gutensee plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54361 | WordPress Instant Appointment plugin <= 1.2 - SQL Injection vulnerability | | |
| CVE-2024-54362 | WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability | | |
| CVE-2024-54363 | WordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerability | | |
| CVE-2024-54364 | WordPress Feedpress Generator plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54365 | WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability | | |
| CVE-2024-54366 | WordPress Vimeography plugin <= 2.4.4 - Full Path Disclosure (FPD) vulnerability | S | |
| CVE-2024-54367 | WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability | S | |
| CVE-2024-54368 | WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability | | |
| CVE-2024-54369 | WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability | | |
| CVE-2024-54370 | WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-54372 | WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability | | |
| CVE-2024-54373 | WordPress EduAdmin Booking plugin <= 5.2.0 - Local File Inclusion vulnerability | S | |
| CVE-2024-54374 | WordPress Sogrid plugin <= 1.5.6 - Local File Inclusion vulnerability | S | |
| CVE-2024-54375 | WordPress Woolook plugin <= 1.7.0 - Local File Inclusion vulnerability | | |
| CVE-2024-54376 | WordPress EazyDocs plugin <= 2.5.5 - Local File Inclusion vulnerability | | |
| CVE-2024-54378 | WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2024-54379 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2024-54380 | WordPress WP Cookies Enabler plugin <= 1.0.1 - Local File Inclusion vulnerability | | |
| CVE-2024-54381 | WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability | | |
| CVE-2024-54382 | WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability | S | |
| CVE-2024-54383 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability | S | |
| CVE-2024-54384 | WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability | S | |
| CVE-2024-54385 | WordPress Radio Player plugin <= 2.0.82 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-54386 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54387 | WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54388 | WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54389 | WordPress addWeather plugin <= 2.5.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54390 | WordPress TagGator plugin <= 1.54 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54391 | WordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54392 | WordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54393 | WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54394 | WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54395 | WordPress Increase Sociability plugin <= 1.3.0 - Reflected Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-54396 | WordPress Bet sport Free plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-54397 | WordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54398 | WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54399 | WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54400 | WordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54401 | WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54402 | WordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerability | | |
| CVE-2024-54403 | WordPress Visual Recent Posts plugin <= 1.2.3 - Reflected Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-54404 | WordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54405 | WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54406 | WordPress Comments On Feed plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54407 | WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54408 | WordPress Youtube Video Grid plugin <= 1.9 - CSRF to Settings Change vulnerability | | |
| CVE-2024-54409 | WordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54410 | WordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54411 | WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54412 | WordPress ECT Product Carousel plugin <= 1.9 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54413 | WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54414 | WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54415 | WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54416 | WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54417 | WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability | | |
| CVE-2024-54418 | WordPress DTC Documents plugin <= 1.1.05 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-54419 | WordPress Ui Slider Filter By Price plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-54420 | WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54421 | WordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54422 | WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54423 | WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54424 | WordPress Like in Vk.com plugin <= 0.5.2 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54425 | WordPress LionScripts: Site Maintenance plugin <= 2.1 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54426 | WordPress LeaderBoard Plugin plugin <= 1.2.4 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-54427 | WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54428 | WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54429 | WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54430 | WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-54431 | WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54432 | WordPress WP Flipkart Importer plugin <= 1.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54433 | WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54434 | WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54435 | WordPress Onlywire Multi Autosubmitter plugin <= 1.2.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54436 | WordPress Jet Footer Code plugin <= 1.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54437 | WordPress jCarousel for WordPress plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54438 | WordPress Gaxx Keywords plugin <= 0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54439 | WordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54440 | WordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-54441 | WordPress Utech World Time Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54442 | WordPress Better WP Login Page plugin <= 1.1.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54443 | WordPress Advanced Data Table For Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-54444 | WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-54445 | Blind SQLi in Login | M | |
| CVE-2024-54446 | Blind SQLi in Document History | | |
| CVE-2024-54447 | Blind SQLi in Saved Search | M | |
| CVE-2024-54448 | Remote Code Execution (RCE) via Automation Scripting | M | |
| CVE-2024-54449 | Remote Code Execution (RCE) via Arbitrary File Write In Document API | M | |
| CVE-2024-54450 | An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is receiv... | | |
| CVE-2024-54451 | A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning... | | |
| CVE-2024-54452 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A ... | | |
| CVE-2024-54453 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7... | | |
| CVE-2024-54454 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7... | | |
| CVE-2024-54455 | accel/ivpu: Fix general protection fault in ivpu_bo_list() | | |
| CVE-2024-54456 | NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() | | |
| CVE-2024-54457 | Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 a... | | |
| CVE-2024-54458 | scsi: ufs: bsg: Set bsg_queue to NULL after removal | S | |
| CVE-2024-54460 | Bluetooth: iso: Fix circular lock in iso_listen_bis | S | |
| CVE-2024-54461 | Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites | | |
| CVE-2024-54462 | Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites | | |
| CVE-2024-54463 | This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app... | | |
| CVE-2024-54465 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2024-54466 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Se... | | |
| CVE-2024-54467 | A cookie management issue was addressed with improved state management. This issue is fixed in watch... | | |
| CVE-2024-54468 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.2, tvOS 18.2... | | |
| CVE-2024-54469 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequo... | | |
| CVE-2024-54470 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, i... | | |
| CVE-2024-54471 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.... | | |
| CVE-2024-54473 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-54474 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventu... | | |
| CVE-2024-54475 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-54476 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventu... | | |
| CVE-2024-54477 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventu... | | |
| CVE-2024-54478 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iP... | | |
| CVE-2024-54479 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, vi... | | |
| CVE-2024-54484 | The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may ... | | |
| CVE-2024-54485 | The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 a... | | |
| CVE-2024-54486 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, vi... | | |
| CVE-2024-54488 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2... | | |
| CVE-2024-54489 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1... | | |
| CVE-2024-54490 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A ... | | |
| CVE-2024-54491 | The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious ... | | |
| CVE-2024-54492 | This issue was addressed by using HTTPS when sending information over the network. This issue is fix... | | |
| CVE-2024-54493 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2024-54494 | A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, wat... | | |
| CVE-2024-54495 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, ... | | |
| CVE-2024-54497 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13... | | |
| CVE-2024-54498 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1... | | |
| CVE-2024-54499 | A use-after-free issue was addressed with improved memory management. This issue is fixed in visionO... | | |
| CVE-2024-54500 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, vi... | | |
| CVE-2024-54501 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, vi... | | |
| CVE-2024-54502 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvO... | | |
| CVE-2024-54503 | An inconsistent user interface issue was addressed with improved state management. This issue is fix... | | |
| CVE-2024-54504 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-54505 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17... | | |
| CVE-2024-54506 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in ma... | | |
| CVE-2024-54507 | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Seq... | | |
| CVE-2024-54508 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS... | | |
| CVE-2024-54509 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2024-54510 | A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS ... | | |
| CVE-2024-54512 | The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.... | | |
| CVE-2024-54513 | A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2,... | | |
| CVE-2024-54514 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS ... | | |
| CVE-2024-54515 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A... | | |
| CVE-2024-54516 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2024-54517 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watc... | | |
| CVE-2024-54518 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watc... | | |
| CVE-2024-54519 | The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequ... | | |
| CVE-2024-54520 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14... | | |
| CVE-2024-54522 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watc... | | |
| CVE-2024-54523 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watc... | | |
| CVE-2024-54524 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. ... | | |
| CVE-2024-54525 | A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchO... | | |
| CVE-2024-54526 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS ... | | |
| CVE-2024-54527 | This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS... | | |
| CVE-2024-54528 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, m... | | |
| CVE-2024-54529 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS V... | | |
| CVE-2024-54530 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.... | | |
| CVE-2024-54531 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An... | | |
| CVE-2024-54533 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... | | |
| CVE-2024-54534 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS... | | |
| CVE-2024-54535 | A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, vision... | | |
| CVE-2024-54536 | The issue was addressed with improved validation of environment variables. This issue is fixed in ma... | | |
| CVE-2024-54537 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.... | | |
| CVE-2024-54538 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in visio... | | |
| CVE-2024-54539 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.7... | | |
| CVE-2024-54540 | The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.1... | | |
| CVE-2024-54541 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2024-54542 | An authentication issue was addressed with improved state management. This issue is fixed in Safari ... | | |
| CVE-2024-54543 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.... | | |
| CVE-2024-54546 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An a... | | |
| CVE-2024-54547 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequ... | | |
| CVE-2024-54549 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-54550 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-54551 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.... | | |
| CVE-2024-54557 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, ... | | |
| CVE-2024-54558 | A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed i... | | |
| CVE-2024-54559 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may ... | | |
| CVE-2024-54560 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watch... | | |
| CVE-2024-54564 | This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, mac... | | |
| CVE-2024-54565 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may ... | | |
| CVE-2024-54658 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17... | | |
| CVE-2024-54660 | A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Con... | | |
| CVE-2024-54661 | readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.... | | |
| CVE-2024-54662 | Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configur... | | |
| CVE-2024-54663 | An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.... | | |
| CVE-2024-54664 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52945. Reason: This candidat... | R | |
| CVE-2024-54674 | app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exp... | | |
| CVE-2024-54675 | app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the edit... | | |
| CVE-2024-54676 | Apache OpenMeetings: Deserialisation of untrusted data in cluster mode | | |
| CVE-2024-54677 | Apache Tomcat: DoS in examples web application | | |
| CVE-2024-54679 | CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for res... | | |
| CVE-2024-54680 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-54681 | Ossur Mobile Logic Application Command Injection | S | |
| CVE-2024-54682 | Zipbomb DoS via Missing Slack Import Validation | S | |
| CVE-2024-54683 | netfilter: IDLETIMER: Fix for possible ABBA deadlock | S | |
| CVE-2024-54687 | Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and... | E | |
| CVE-2024-54724 | PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writi... | | |
| CVE-2024-54728 | Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized att... | | |
| CVE-2024-54730 | Flatnotes | | |
| CVE-2024-54731 | cpdf through 2.8 allows stack consumption via a crafted PDF document.... | | |
| CVE-2024-54745 | WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/s... | | |
| CVE-2024-54747 | WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, ... | | |
| CVE-2024-54749 | Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, ... | | |
| CVE-2024-54750 | Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, w... | | |
| CVE-2024-54751 | COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/sha... | | |
| CVE-2024-54756 | A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 all... | | |
| CVE-2024-54761 | BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.... | | |
| CVE-2024-54762 | Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the ... | E | |
| CVE-2024-54763 | An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attacke... | E | |
| CVE-2024-54764 | An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attack... | E | |
| CVE-2024-54767 | An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows att... | | |
| CVE-2024-54772 | An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 throug... | | |
| CVE-2024-54774 | Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create... | E | |
| CVE-2024-54775 | Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admi... | E | |
| CVE-2024-54779 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cros... | | |
| CVE-2024-54780 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to com... | | |
| CVE-2024-54790 | A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.... | E | |
| CVE-2024-54792 | A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user admin... | | |
| CVE-2024-54794 | The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.... | | |
| CVE-2024-54795 | SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edi... | | |
| CVE-2024-54802 | In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-b... | E | |
| CVE-2024-54803 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a spe... | E | |
| CVE-2024-54804 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a spe... | E | |
| CVE-2024-54805 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a spe... | E | |
| CVE-2024-54806 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which ... | E | |
| CVE-2024-54807 | In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the... | E | |
| CVE-2024-54808 | Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the Se... | E | |
| CVE-2024-54809 | Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in th... | E | |
| CVE-2024-54810 | A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-... | E | |
| CVE-2024-54811 | A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allo... | E | |
| CVE-2024-54818 | SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. ... | | |
| CVE-2024-54819 | I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to ... | | |
| CVE-2024-54820 | XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnera... | E | |
| CVE-2024-54840 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does ... | | |
| CVE-2024-54842 | A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/pass... | E | |
| CVE-2024-54846 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and acc... | | |
| CVE-2024-54847 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) pa... | | |
| CVE-2024-54848 | Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers ... | | |
| CVE-2024-54849 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key... | | |
| CVE-2024-54851 | Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection... | E | |
| CVE-2024-54852 | When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the l... | E | |
| CVE-2024-54853 | A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager ver... | | |
| CVE-2024-54879 | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker... | E | |
| CVE-2024-54880 | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker... | E | |
| CVE-2024-54887 | TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsse... | | |
| CVE-2024-54907 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc... | E | |
| CVE-2024-54909 | A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter o... | | |
| CVE-2024-54910 | Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recove... | E | |
| CVE-2024-54916 | An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate at... | | |
| CVE-2024-54918 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload i... | E | |
| CVE-2024-54919 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Manage... | E | |
| CVE-2024-54920 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management Sy... | E | |
| CVE-2024-54921 | A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, whi... | E | |
| CVE-2024-54922 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, wh... | E | |
| CVE-2024-54923 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Managemen... | E | |
| CVE-2024-54924 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0,... | E | |
| CVE-2024-54925 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0... | E | |
| CVE-2024-54926 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management Syst... | E | |
| CVE-2024-54927 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.ph... | E | |
| CVE-2024-54928 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.... | E | |
| CVE-2024-54929 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.... | E | |
| CVE-2024-54930 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.... | E | |
| CVE-2024-54931 | A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0,... | E | |
| CVE-2024-54932 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_departme... | E | |
| CVE-2024-54933 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.... | E | |
| CVE-2024-54934 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.ph... | E | |
| CVE-2024-54935 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php ... | E | |
| CVE-2024-54936 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-lear... | E | |
| CVE-2024-54937 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows rem... | E | |
| CVE-2024-54938 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows rem... | E | |
| CVE-2024-54951 | Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed co... | | |
| CVE-2024-54954 | OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template managem... | E | |
| CVE-2024-54957 | Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users ... | | |
| CVE-2024-54958 | Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tool... | | |
| CVE-2024-54959 | Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorit... | | |
| CVE-2024-54960 | A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL inject... | | |
| CVE-2024-54961 | Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users... | | |
| CVE-2024-54982 | An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authenticatio... | | |
| CVE-2024-54983 | An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a craft... | | |
| CVE-2024-54984 | An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS... | | |
| CVE-2024-54994 | MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the fir... | E | |
| CVE-2024-54996 | MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabiliti... | E | |
| CVE-2024-54997 | MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via t... | E | |
| CVE-2024-54998 | MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via t... | E | |
| CVE-2024-54999 | MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name pa... | |