| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-55000 | Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in re... | E | |
| CVE-2024-55008 | JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an ... | E | |
| CVE-2024-55009 | A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection managemen... | E | |
| CVE-2024-55028 | A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execut... | E | |
| CVE-2024-55029 | NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... | E | |
| CVE-2024-55030 | A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows att... | E | |
| CVE-2024-55056 | A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certific... | E | |
| CVE-2024-55057 | Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which... | E | |
| CVE-2024-55058 | An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth C... | E | |
| CVE-2024-55059 | A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v... | E | |
| CVE-2024-55060 | A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 all... | E | |
| CVE-2024-55062 | Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauth... | E | |
| CVE-2024-55063 | Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated... | | |
| CVE-2024-55064 | Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote at... | | |
| CVE-2024-55069 | ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/ia... | | |
| CVE-2024-55070 | A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-ko... | E | |
| CVE-2024-55072 | A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot m... | E | |
| CVE-2024-55073 | A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot m... | E | |
| CVE-2024-55074 | The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalatio... | E | |
| CVE-2024-55075 | Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to p... | | |
| CVE-2024-55076 | Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password... | E | |
| CVE-2024-55078 | An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA ... | | |
| CVE-2024-55081 | An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0... | | |
| CVE-2024-55082 | A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF... | | |
| CVE-2024-55085 | GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in th... | | |
| CVE-2024-55086 | In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved i... | E | |
| CVE-2024-55088 | GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin mo... | | |
| CVE-2024-55089 | Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data func... | | |
| CVE-2024-55093 | phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install script... | S | |
| CVE-2024-55099 | A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System... | E | |
| CVE-2024-55100 | A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurs... | E | |
| CVE-2024-55103 | Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the compo... | E | |
| CVE-2024-55104 | Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in ... | E | |
| CVE-2024-55156 | An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEven... | | |
| CVE-2024-55159 | GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName pa... | | |
| CVE-2024-55160 | GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy par... | E | |
| CVE-2024-55186 | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing ... | E | |
| CVE-2024-55192 | OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1... | E | |
| CVE-2024-55193 | OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenIm... | E | |
| CVE-2024-55194 | OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fma... | E | |
| CVE-2024-55195 | An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a... | E | |
| CVE-2024-55196 | Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an a... | | |
| CVE-2024-55198 | User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 pas... | E | |
| CVE-2024-55199 | A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a r... | E | |
| CVE-2024-55210 | An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authe... | | |
| CVE-2024-55211 | An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a cr... | E | |
| CVE-2024-55212 | DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys paramet... | | |
| CVE-2024-55213 | Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain s... | | |
| CVE-2024-55214 | Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain ... | | |
| CVE-2024-55215 | An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the ... | | |
| CVE-2024-55218 | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.... | | |
| CVE-2024-55224 | An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrar... | | |
| CVE-2024-55225 | An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to im... | | |
| CVE-2024-55226 | Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) ... | | |
| CVE-2024-55227 | A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allo... | E S | |
| CVE-2024-55228 | A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows att... | E S | |
| CVE-2024-55231 | An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management Sys... | E | |
| CVE-2024-55232 | An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management S... | E | |
| CVE-2024-55238 | OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the da... | E | |
| CVE-2024-55239 | A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in... | E | |
| CVE-2024-55241 | An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbi... | | |
| CVE-2024-55268 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.... | E | |
| CVE-2024-55272 | An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the ... | | |
| CVE-2024-55279 | Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files.... | E | |
| CVE-2024-55341 | A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to exe... | E | |
| CVE-2024-55342 | A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a cr... | E | |
| CVE-2024-55354 | Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is ... | | |
| CVE-2024-55355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-55356 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-55371 | Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authen... | | |
| CVE-2024-55372 | Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unaut... | | |
| CVE-2024-55407 | An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to... | | |
| CVE-2024-55408 | An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of softwa... | | |
| CVE-2024-55410 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-55411 | An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform... | | |
| CVE-2024-55412 | A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low... | | |
| CVE-2024-55413 | A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows l... | | |
| CVE-2024-55414 | A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which all... | | |
| CVE-2024-55415 | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.... | E | |
| CVE-2024-55416 | DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipula... | E | |
| CVE-2024-55417 | DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an ... | E | |
| CVE-2024-55451 | A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewin... | E | |
| CVE-2024-55452 | A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the uplo... | E | |
| CVE-2024-55456 | lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell... | E | |
| CVE-2024-55457 | MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An att... | | |
| CVE-2024-55459 | An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via download... | | |
| CVE-2024-55460 | A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distributio... | | |
| CVE-2024-55461 | SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(... | E | |
| CVE-2024-55466 | An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cl... | | |
| CVE-2024-55470 | Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid param... | | |
| CVE-2024-55471 | Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.User... | | |
| CVE-2024-55488 | A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute... | | |
| CVE-2024-55492 | Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).... | | |
| CVE-2024-55494 | A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode ... | E | |
| CVE-2024-55496 | A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0... | E | |
| CVE-2024-55500 | Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform ... | | |
| CVE-2024-55503 | An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted s... | | |
| CVE-2024-55504 | An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitra... | | |
| CVE-2024-55505 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privile... | | |
| CVE-2024-55506 | An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enabl... | E | |
| CVE-2024-55507 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privile... | E | |
| CVE-2024-55509 | SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker ... | E | |
| CVE-2024-55511 | A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacke... | | |
| CVE-2024-55513 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component af... | | |
| CVE-2024-55514 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component af... | | |
| CVE-2024-55515 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component af... | | |
| CVE-2024-55516 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component a... | | |
| CVE-2024-55517 | An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Inpu... | | |
| CVE-2024-55529 | Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.... | | |
| CVE-2024-55532 | Apache Ranger: Improper Neutralization of Formula Elements in a CSV File | | |
| CVE-2024-55538 | Sensitive information disclosure due to missing authentication. The following products are affected:... | | |
| CVE-2024-55539 | Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect ... | | |
| CVE-2024-55540 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-55541 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The... | | |
| CVE-2024-55542 | Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The follow... | | |
| CVE-2024-55543 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2024-55544 | Authenticated Command Injection | E | |
| CVE-2024-55545 | Reflected Cross-Site Scripting | E | |
| CVE-2024-55546 | Stored Cross-Site Scripting | E | |
| CVE-2024-55547 | Remote Command Execution via SNMP | E | |
| CVE-2024-55548 | Denial of Service | E | |
| CVE-2024-55549 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of r... | | |
| CVE-2024-55550 | Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege t... | KEV | |
| CVE-2024-55551 | An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malic... | | |
| CVE-2024-55553 | In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an ... | | |
| CVE-2024-55554 | Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet.... | | |
| CVE-2024-55555 | Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an att... | | |
| CVE-2024-55556 | A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY t... | | |
| CVE-2024-55557 | ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encrypti... | | |
| CVE-2024-55560 | MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed... | | |
| CVE-2024-55563 | Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a relat... | | |
| CVE-2024-55564 | The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.... | | |
| CVE-2024-55565 | nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.... | | |
| CVE-2024-55566 | ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name deri... | | |
| CVE-2024-55569 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, ... | | |
| CVE-2024-55570 | /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) f... | | |
| CVE-2024-55573 | An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.... | | |
| CVE-2024-55577 | Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software... | | |
| CVE-2024-55578 | Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and applicat... | | |
| CVE-2024-55579 | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivilege... | | |
| CVE-2024-55580 | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged u... | | |
| CVE-2024-55581 | When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vul... | E | |
| CVE-2024-55582 | Oxide before 6 has unencrypted Control Plane datastores.... | | |
| CVE-2024-55586 | Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filte... | | |
| CVE-2024-55587 | python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py fo... | | |
| CVE-2024-55590 | Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') ... | S | |
| CVE-2024-55591 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiO... | KEV S | |
| CVE-2024-55592 | An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, ... | S | |
| CVE-2024-55593 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | S | |
| CVE-2024-55594 | An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0... | S | |
| CVE-2024-55597 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWe... | S | |
| CVE-2024-55601 | Hugo does not escape some attributes in internal templates | | |
| CVE-2024-55602 | PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal | E S | |
| CVE-2024-55603 | Insufficient session invalidation in Kanboard | E S | |
| CVE-2024-55604 | Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources | | |
| CVE-2024-55605 | Suricata allows stack overflow in transforms | | |
| CVE-2024-55626 | Suricata oversized bpf file can lead to buffer overflow | S | |
| CVE-2024-55627 | Suricata segfault on StreamingBufferSlideToOffsetWithRegions | S | |
| CVE-2024-55628 | Suricata oversized resource names utilizing DNS name compression can lead to resource starvation | S | |
| CVE-2024-55629 | Suricata generic detection bypass using TCP urgent support | S | |
| CVE-2024-55630 | DOM Clobbering leads to temporary DOS in the note viewer in Joplin | E S | |
| CVE-2024-55631 | An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escal... | | |
| CVE-2024-55632 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t... | | |
| CVE-2024-55633 | Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access | | |
| CVE-2024-55634 | Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 | | |
| CVE-2024-55635 | Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 | | |
| CVE-2024-55636 | Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 | | |
| CVE-2024-55637 | Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 | | |
| CVE-2024-55638 | Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 | | |
| CVE-2024-55639 | net: renesas: rswitch: avoid use-after-put for a device tree node | | |
| CVE-2024-55641 | xfs: unlock inodes when erroring out of xfs_trans_alloc_dir | | |
| CVE-2024-55642 | block: Prevent potential deadlocks in zone write plug error recovery | S | |
| CVE-2024-55651 | i-Educar Stored Cross-Site Scripting vulnerability | | |
| CVE-2024-55652 | PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters | E | |
| CVE-2024-55653 | pwndoc's UnhandledPromiseRejection on audits causes Denial of Service (DoS) | E | |
| CVE-2024-55655 | sigstore-python has insufficient validation of integration timestamp during verification | | |
| CVE-2024-55656 | RedisBloom Integer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-55657 | SiYuan has an arbitrary file read via /api/template/render | | |
| CVE-2024-55658 | SiYuan has an arbitrary file read and path traversal via /api/export/exportResources | | |
| CVE-2024-55659 | SiYuan has an arbitrary file write in the host via /api/asset/upload | | |
| CVE-2024-55660 | SiYuan has an SSTI via /api/template/renderSprig | | |
| CVE-2024-55661 | Laravel Pulse Allows Remote Code Execution via Unprotected Query Method | | |
| CVE-2024-55662 | XWiki allows remote code execution through the extension sheet | E | |
| CVE-2024-55663 | XWiki Platform has an SQL injection in getdocuments.vm with sort parameter | S | |
| CVE-2024-55864 | Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.... | | |
| CVE-2024-55875 | http4k has a potential XXE (XML External Entity Injection) vulnerability | E | |
| CVE-2024-55876 | XWiki's scheduler in subwiki allows scheduling operations for any main wiki user | E S | |
| CVE-2024-55877 | XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList | E S | |
| CVE-2024-55878 | Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx | | |
| CVE-2024-55879 | XWiki allows RCE from script right in configurable sections | E S | |
| CVE-2024-55881 | KVM: x86: Play nice with protected guests in complete_hypercall_exit() | | |
| CVE-2024-55884 | In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-... | | |
| CVE-2024-55885 | Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames | | |
| CVE-2024-55886 | OpenTelemetry Logs source may lack authentication with some custom plugins | | |
| CVE-2024-55887 | Ucum-java has an XXE vulnerability in XML parsing | | |
| CVE-2024-55888 | Content Security Policy appears to be missing in software and production setup | | |
| CVE-2024-55889 | phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames | E | |
| CVE-2024-55890 | D-Tale allows Remote Code Execution through the Custom Filter Input | | |
| CVE-2024-55891 | Information Disclosure via Exception Handling/Logger in TYPO3 | | |
| CVE-2024-55892 | Potential Open Redirect via Parsing Differences in TYPO3 | | |
| CVE-2024-55893 | TYPO3 Cross-Site Request Forgery in Log Module | | |
| CVE-2024-55894 | TYPO3 Cross-Site Request Forgery in Backend User Module | | |
| CVE-2024-55895 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2024-55896 | IBM PowerHA SystemMirror for i clickjacking | | |
| CVE-2024-55897 | IBM PowerHA SystemMirror for i information disclosure | | |
| CVE-2024-55898 | IBM i privilege escalation | | |
| CVE-2024-55904 | IBM DevOps Deploy / IBM UrbanCode Deploy command injection | | |
| CVE-2024-55907 | IBM Cognos Mobile information disclosure | | |
| CVE-2024-55909 | IBM Concert Software denial of service | S | |
| CVE-2024-55910 | IBM Concert Software server-side request forgery | S | |
| CVE-2024-55912 | IBM Concert Software information disclosure | S | |
| CVE-2024-55913 | IBM Concert Software path traversal | S | |
| CVE-2024-55916 | Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet | S | |
| CVE-2024-55917 | An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to esc... | | |
| CVE-2024-55918 | An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambig... | | |
| CVE-2024-55920 | Cross-Site Request Forgery in Dashboard Module in TYPO3 | | |
| CVE-2024-55921 | Cross-Site Request Forgery in Extension Manager Module in TYPO3 | | |
| CVE-2024-55922 | Cross-Site Request Forgery in Form Framework Module in TYPO3 | | |
| CVE-2024-55923 | Cross-Site Request Forgery in Indexed Search Module in TYPO3 | | |
| CVE-2024-55924 | Cross-Site Request Forgery in Scheduler Module in TYPO3 | | |
| CVE-2024-55925 | API Security bypass through header manipulation | | |
| CVE-2024-55926 | Arbitrary file upload, deletion and read through header manipulation | | |
| CVE-2024-55927 | Flawed token generation implementation & Hard-coded key implementation | | |
| CVE-2024-55928 | Clear text secrets returned & Remote system secrets in clear text | | |
| CVE-2024-55929 | Mail spoofing | | |
| CVE-2024-55930 | Weak default folder permissions | | |
| CVE-2024-55931 | Token stored in session storage | | |
| CVE-2024-55945 | Cross-Site Request Forgery in DB Check Module in TYPO3 | | |
| CVE-2024-55946 | Playloom Engine Data Storage Vulnerability | | |
| CVE-2024-55947 | Gogs has a Path Traversal in file update API | E S | |
| CVE-2024-55948 | Anonymous cache poisoning via XHR requests in Discourse | | |
| CVE-2024-55949 | Privilege escalation in IAM import API in MinIO | | |
| CVE-2024-55950 | Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby | E | |
| CVE-2024-55951 | Metabase sandboxed users could see filter values from other sandboxed users | | |
| CVE-2024-55952 | Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability | E S | |
| CVE-2024-55953 | Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability | E S | |
| CVE-2024-55954 | OpenObserve Improper Authorization Allows Admin User to Remove Root User | | |
| CVE-2024-55955 | An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between v... | | |
| CVE-2024-55956 | In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthent... | KEV E | |
| CVE-2024-55957 | In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Softwar... | | |
| CVE-2024-55958 | Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed ver... | | |
| CVE-2024-55959 | Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.... | | |
| CVE-2024-55963 | An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissi... | | |
| CVE-2024-55964 | An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in th... | | |
| CVE-2024-55965 | An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have acce... | | |
| CVE-2024-55968 | An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, re... | | |
| CVE-2024-55969 | DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the r... | | |
| CVE-2024-55970 | File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue tha... | | |
| CVE-2024-55971 | SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.4... | | |
| CVE-2024-55972 | WordPress eTemplates plugin <= 0.2.1 - SQL Injection vulnerability | | |
| CVE-2024-55973 | WordPress TSB Occasion Editor plugin <= 1.2.1 - SQL Injection vulnerability | | |
| CVE-2024-55974 | WordPress Mimoos plugin <= 1.2 - SQL Injection vulnerability | | |
| CVE-2024-55975 | WordPress Dr Affiliate plugin <= 1.2.3 - SQL Injection vulnerability | | |
| CVE-2024-55976 | WordPress Critical Site Intel plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2024-55977 | WordPress LaunchPage.app Importer plugin <= 1.1 - SQL Injection vulnerability | | |
| CVE-2024-55978 | WordPress Code Generator Pro plugin <= 1.2 - SQL Injection vulnerability | | |
| CVE-2024-55979 | WordPress Wr Age Verification plugin <= 2.0.0 - SQL Injection vulnerability | | |
| CVE-2024-55980 | WordPress Wr Age Verification plugin <= 2.0.0 - SQL Injection vulnerability | | |
| CVE-2024-55981 | WordPress Nabz Image Gallery plugin <= v1.00 - SQL Injection vulnerability | | |
| CVE-2024-55982 | WordPress Share Buttons – Social Media plugin <= 1.0.2 - SQL Injection vulnerability | | |
| CVE-2024-55983 | WordPress PowerFormBuilder plugin <= 1.0.6 - SQL Injection vulnerability | | |
| CVE-2024-55984 | WordPress Saksh Escrow System plugin <= 2.4 - SQL Injection vulnerability | | |
| CVE-2024-55985 | WordPress YDS Support Ticket System plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2024-55986 | WordPress Service plugin <= 1.0.4 - SQL Injection vulnerability | | |
| CVE-2024-55987 | WordPress Advanced What should we write next about plugin <= 1.0.3 - SQL Injection vulnerability | | |
| CVE-2024-55988 | WordPress Navayan CSV Export Plugin <= 1.0.9 - SQL Injection vulnerability | | |
| CVE-2024-55989 | WordPress WP Simple Pay Lite Manager Plugin <= 1.4 - SQL Injection vulnerability | | |
| CVE-2024-55990 | WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability | | |
| CVE-2024-55991 | WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability | | |
| CVE-2024-55992 | WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability | | |
| CVE-2024-55993 | WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control vulnerability | | |
| CVE-2024-55994 | WordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerability | | |
| CVE-2024-55995 | WordPress Torod plugin <= 1.7 - Settings Change vulnerability | | |
| CVE-2024-55996 | WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability | | |
| CVE-2024-55997 | WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability | | |
| CVE-2024-55998 | WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability | | |
| CVE-2024-55999 | WordPress XML Multilanguage Sitemap Generator plugin <= 2.0.6 - Broken Access Control vulnerability | |