CVE-2024-6xxx

There are 961 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-6000 FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload
CVE-2024-6001 An improper certificate validation vulnerability was reported in LADM that could allow a network att...
S
CVE-2024-6002 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection
E
CVE-2024-6004 A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthent...
S
CVE-2024-6005 ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting
CVE-2024-6006 ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting
CVE-2024-6007 Netentsec NS-ASG Application Security Gateway deleteiscgwrouteconf.php sql injection
E
CVE-2024-6008 itsourcecode Online Book Store edit_book.php sql injection
E
CVE-2024-6009 itsourcecode Event Calendar process.php regDelete sql injection
E
CVE-2024-6010 Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation
CVE-2024-6011 Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
E S
CVE-2024-6012 Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation
S
CVE-2024-6013 itsourcecode Online Book Store admin_delete.php sql injection
E
CVE-2024-6014 itsourcecode Document Management System edithis.php sql injection
E
CVE-2024-6015 itsourcecode Online House Rental System manage_user.php sql injection
E
CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection
E
CVE-2024-6017 Music Request Manager <= 1.3 - Stored XSS via CSRF
E
CVE-2024-6018 Music Request Manager <= 1.3 - Reflected XSS
E
CVE-2024-6019 Music Request Manager <= 1.3 - Unauthenticated Stored XSS
E
CVE-2024-6020 Sign-up Sheets < 2.2.13 - Reflected XSS
E
CVE-2024-6021 Donation Block for PayPal <= 2.1.0 - Unauthenticated Stored XSS
E
CVE-2024-6022 ContentLock <= 1.0.3 - Settings Update via CSRF
E
CVE-2024-6023 ContentLock <= 1.0.3 - Email Adding via CSRF
E
CVE-2024-6024 ContentLock <= 1.0.3 - Groups/Emails Deletion via CSRF
E
CVE-2024-6025 Quiz and Survey Master < 9.0.5 - Contributor+ Stored XSS
E
CVE-2024-6026 Slider by 10Web < 1.2.56 - Editor+ Stored XSS
E
CVE-2024-6027 Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter
CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter
CVE-2024-6029 Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability
CVE-2024-6030 Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability
CVE-2024-6031 Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability
CVE-2024-6032 Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability
CVE-2024-6033 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import
S
CVE-2024-6035 Stored XSS in gaizhenbiao/chuanhuchatgpt
E
CVE-2024-6036 Denial of Service in gaizhenbiao/chuanhuchatgpt
CVE-2024-6037 Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt
CVE-2024-6038 ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt
CVE-2024-6039 Feng Office Workspaces sql injection
E
CVE-2024-6040 Missing client_id in parisneo/lollms-webui
CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection
E
CVE-2024-6042 itsourcecode Real Estate Management System property-detail.php sql injection
E
CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection
E
CVE-2024-6044 D-Link router - Arbitrary File Reading
S
CVE-2024-6045 D-Link router - Hidden Backdoor
S
CVE-2024-6046 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6047 GeoVision EOL device - OS Command Injection
KEV E S
CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection
S
CVE-2024-6049 Unauthenticated Path Traversal
S
CVE-2024-6050 Reflected XSS in SOWA OPAC
CVE-2024-6051 Cross Application Scripting in Redlink SDK
CVE-2024-6052 XSS in SQL check parameters
CVE-2024-6053 Improper access control in the clipboard synchronization feature
CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-6055 Improper removal of sensitive information in data source export feature in Devolutions Remote Deskto...
CVE-2024-6056 nasirkhan Laravel Starter Password Reset forgot-password observable response discrepancy
E
CVE-2024-6057 Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.3...
CVE-2024-6058 LabVantage LIMS cross site scripting
E
CVE-2024-6059 Ingenico Estate Manager News Feed messages cross site scripting
E
CVE-2024-6060 An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access ...
CVE-2024-6061 GPAC MP4Box isoffin_read.c isoffin_process infinite loop
E S
CVE-2024-6062 GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference
E S
CVE-2024-6063 GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference
E S
CVE-2024-6064 GPAC MP4Box loader_xmt.c xmt_node_end use after free
E S
CVE-2024-6065 itsourcecode Bakery Online Ordering System index.php sql injection
E
CVE-2024-6066 SourceCodester Best House Rental Management System payment_report.php sql injection
E
CVE-2024-6067 SourceCodester Music Class Enrollment System sql injection
E
CVE-2024-6068 Input Validation Vulnerability exists in Arena® Input Analyzer
S
CVE-2024-6069 Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation/Deactivation
CVE-2024-6070 if-so < 1.8.0.4 - Admin+ Stored XSS
E
CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization
S
CVE-2024-6072 WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI']
E
CVE-2024-6073 WP eStore < 8.5.5 - Reflected XSS in Discount Editing
E
CVE-2024-6074 WP eStore < 8.5.5 - Reflected XSS in Customer Editing
E
CVE-2024-6075 WP eStore < 8.5.5 - Coupon Deletion via CSRF
E
CVE-2024-6076 WP eStore < 8.5.5 - Reflected XSS in Category Editing
E
CVE-2024-6077 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP
S
CVE-2024-6078 Rockwell Automation Authentication Bypass Vulnerability in DataMosaix™
S
CVE-2024-6079 DLL Hijacking Vulnerability Exists in Rockwell Automation Emulate3D™
S
CVE-2024-6080 Intelbras InControl incontrolWebcam Service unquoted search path
S
CVE-2024-6081 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6082 PHPVibe Global Options Page functionalities.global.php cross site scripting
E
CVE-2024-6083 PHPVibe Media Upload Page upload-mp3.php unrestricted upload
E
CVE-2024-6084 itsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted upload
E
CVE-2024-6085 Path Traversal in parisneo/lollms
CVE-2024-6086 Improper Access Control in lunary-ai/lunary
E
CVE-2024-6087 Improper Access Control in lunary-ai/lunary
E S
CVE-2024-6088 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass
S
CVE-2024-6089 Rockwell Automation Major nonrecoverable fault in 5015 – AENFTXT
S
CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt
CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt
E S
CVE-2024-6093 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6094 WP ULike < 4.7.1 - Admin+ Stored XSS
E
CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
E S
CVE-2024-6096 Unsafe Deserialization Vulnerability
CVE-2024-6097 Absolute Path Traversal Vulnerability
CVE-2024-6098 PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling
M
CVE-2024-6099 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration
S
CVE-2024-6100 Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute a...
CVE-2024-6101 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacke...
CVE-2024-6102 Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attack...
CVE-2024-6103 Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potenti...
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
CVE-2024-6105 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6106 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6108 Genexis Tilgin Home Gateway Login cross site scripting
CVE-2024-6109 itsourcecode Tailoring Management System addmeasurement.php sql injection
E
CVE-2024-6110 itsourcecode Magbanua Beach Resort Online Reservation System controller.php unrestricted upload
E
CVE-2024-6111 itsourcecode Pool of Bethesda Online Reservation System login.php sql injection
E
CVE-2024-6112 itsourcecode Pool of Bethesda Online Reservation System index.php sql injection
E
CVE-2024-6113 itsourcecode Monbela Tourist Inn Online Reservation System login.php sql injection
E
CVE-2024-6114 itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload
E
CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload
E
CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload
E
CVE-2024-6117 Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type
CVE-2024-6118 Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password
CVE-2024-6119 Possible denial of service in X.509 name checks
S
CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import
CVE-2024-6121 NI SystemLink Server Ships Out of Date Redis Version
CVE-2024-6122 Incorrect Default Directory Permissions for NI SystemLink Redis Service
M
CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload
CVE-2024-6124 Reflected XSS in Hubshare via Open Redirect
S
CVE-2024-6125 Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism
CVE-2024-6126 Cockpit: authenticated user can kill any process when enabling pam_env's user_readenv option
M
CVE-2024-6127 BC Security Empire Path Traversal RCE
E
CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow
E
CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy
E
CVE-2024-6130 Form Maker by 10Web < 1.15.26 - Admin+ Stored XSS
E
CVE-2024-6132 Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-6133 WP eStore < 8.5.6 - Reflected XSS in Customer Search
E
CVE-2024-6134 WP eStore < 8.5.6 - Reflected XSS in Product Editing
E
CVE-2024-6135 BT:Classic: Multiple missing buf length checks
E
CVE-2024-6136 WP eStore < 8.5.6 - Settings Reset via CSRF
E
CVE-2024-6137 BT: Classic: SDP OOB access in get_att_search_list
E
CVE-2024-6138 Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS
E
CVE-2024-6139 Path Traversal in parisneo/lollms
CVE-2024-6140 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6141 Windscribe Directory Traversal Local Privilege Escalation Vulnerability
CVE-2024-6142 Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6143 Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6144 Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6145 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability
CVE-2024-6146 Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6147 Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability
CVE-2024-6148 Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5...
S
CVE-2024-6149 Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5...
CVE-2024-6150 A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning...
CVE-2024-6151 Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
CVE-2024-6152 Flipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-6153 Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
CVE-2024-6154 Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
CVE-2024-6155 Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting
CVE-2024-6156 Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's c...
CVE-2024-6157 An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vul...
CVE-2024-6158 Category Posts Widget (Free < 4.9.17, Pro < 4.9.13) - Admin+ Stored XSS
E
CVE-2024-6159 Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi
E
CVE-2024-6160 SQL Injection in MegaBIP
CVE-2024-6161 Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-6162 Undertow: url-encoded request path information can be broken on ajp-listener
M
CVE-2024-6163 local IP restriction of internal HTTP endpoints
M
CVE-2024-6164 Filter & Grids < 2.8.33 - Unauthenticated LFI
E
CVE-2024-6165 WANotifier < 2.6.1 - Admin+ Stored XSS
E
CVE-2024-6166 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection
S
CVE-2024-6167 Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions
CVE-2024-6168 Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery via AJAX actions
CVE-2024-6169 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'
E S
CVE-2024-6170 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'
E S
CVE-2024-6171 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass
S
CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe
S
CVE-2024-6173 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter a...
CVE-2024-6175 Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates
CVE-2024-6176 Port scanning vulnerability in LG SuperSign CMS
CVE-2024-6177 XSS vulnerability in LG SuperSign CMS
CVE-2024-6178 XSS vulnerability in LG SuperSign CMS
CVE-2024-6179 XSS vulnerability in LG SuperSign CMS
CVE-2024-6180 EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates
CVE-2024-6181 LabVantage LIMS cross site scripting
E
CVE-2024-6182 LabVantage LIMS cross site scripting
E
CVE-2024-6183 EZ-Suite EZ-Partner Forgot Password cross site scripting
CVE-2024-6184 Ruijie RG-UAC reboot_commit.php os command injection
E
CVE-2024-6185 Ruijie RG-UAC commit.php get_ip_addr_details os command injection
E
CVE-2024-6186 Ruijie RG-UAC commit.php os command injection
E
CVE-2024-6187 Ruijie RG-UAC sub_commit.php os command injection
E
CVE-2024-6188 Parsec Automation TrackSYS pagedefinition direct request
E
CVE-2024-6189 Tenda A301 WifiExtraSet fromSetWirelessRepeat stack-based overflow
E
CVE-2024-6190 itsourcecode Farm Management System Login index.php sql injection
E
CVE-2024-6191 itsourcecode Student Management System Login Page login.php sql injection
E
CVE-2024-6192 itsourcecode Loan Management System Login Page login.php sql injection
E
CVE-2024-6193 itsourcecode Vehicle Management System driverprofile.php sql injection
E
CVE-2024-6194 itsourcecode Tailoring Management System editmeasurement.php sql injection
E
CVE-2024-6195 itsourcecode Tailoring Management System orderadd.php sql injection
E
CVE-2024-6196 itsourcecode Banking Management System admin_class.php sql injection
E
CVE-2024-6197 freeing stack buffer in utf8asn1str
E
CVE-2024-6198 SNORE Interface Unauthenticated Remote Code Execution
S
CVE-2024-6199 Unauthenticated Remote Code Execution
S
CVE-2024-6200 HaloITSM - Stored Cross-Site Scripting in Tickets
CVE-2024-6201 HaloITSM - Emailing Template Injection
CVE-2024-6202 HaloITSM - SAML XML Signature Wrapping (XSW)
CVE-2024-6203 HaloITSM - Password Reset Poisoning
CVE-2024-6204 SQL injection
CVE-2024-6205 PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
E
CVE-2024-6206 A security vulnerability has been identified in HPE Athonet Mobile Core software. The core applicati...
CVE-2024-6207 CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN...
S
CVE-2024-6208 Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-6209 unauthorized file access
CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure
CVE-2024-6212 SourceCodester Simple Student Attendance System student_form.php get_student cross site scripting
E
CVE-2024-6213 SourceCodester Food Ordering Management System Login Panel login.php sql injection
E
CVE-2024-6214 SourceCodester Food Ordering Management System add-item.php sql injection
E
CVE-2024-6215 SourceCodester Food Ordering Management System view-ticket-admin.php sql injection
E
CVE-2024-6216 SourceCodester Food Ordering Management System add-users.php sql injection
E
CVE-2024-6217 SourceCodester Food Ordering Management System user-router.php sql injection
E
CVE-2024-6218 itsourcecode Vehicle Management System busprofile.php sql injection
E
CVE-2024-6219 Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could b...
CVE-2024-6220 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
S
CVE-2024-6221 Improper Access Control in corydolphin/flask-cors
E
CVE-2024-6222 In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
M
CVE-2024-6223 Send email only on Reply to My Comment <= 1.0.6 - Reflected XSS
E
CVE-2024-6224 Send email only on Reply to My Comment <= 1.0.6 - Stored XSS via CSRF
E
CVE-2024-6225 Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-6226 WpStickyBar <= 2.1.0 - Reflected XSS
E
CVE-2024-6227 Infinite Loop in aimhubio/aim
E
CVE-2024-6229 Stored XSS in stangirard/quivr
E
CVE-2024-6230 Pardakht Delkhah <= 2.9.8 - Form Fields Reset via CSRF
E
CVE-2024-6231 Request a Quote < 2.4.1 - Admin+ Stored XSS
E
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
E S
CVE-2024-6233 Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability
CVE-2024-6235 Sensitive information disclosure
CVE-2024-6236 Denial of Service
CVE-2024-6237 389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request
M
CVE-2024-6238 pgAdmin 4 Installation Directory permission issue
CVE-2024-6239 Poppler: pdfinfo: crash in broken documents when using -dests parameter
S
CVE-2024-6240 Improper privilege management vulnerability in Parallels Desktop
S
CVE-2024-6241 Pear Admin Boot getDictItems sql injection
E
CVE-2024-6242 Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices
M
CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS
E
CVE-2024-6244 pz-frontend-manager < 1.0.6 - CSRF change user profile picture
E
CVE-2024-6245 Default Credentials in ssh service for SmartPlay in Maruti Suzuki
CVE-2024-6246 Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6247 Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability
CVE-2024-6248 Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
CVE-2024-6249 Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui
CVE-2024-6251 playSMS New Phonebook cross site scripting
CVE-2024-6252 Zorlan SkyCaiji Task cross site scripting
E
CVE-2024-6253 itsourcecode Online Food Ordering System purchase.php sql injection
E
CVE-2024-6254 Brizy – Page Builder <= 2.5.1 - Cross-Site Request Forgery
S
CVE-2024-6255 Path Traversal in gaizhenbiao/chuanhuchatgpt
E
CVE-2024-6256 Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
CVE-2024-6258 BT: Missing length checks of net_buf in rfcomm_handle_data
E
CVE-2024-6259 BT: HCI: adv_ext_report Improper discarding in adv_ext_report
E
CVE-2024-6260 Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
CVE-2024-6261 Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2024-6262 Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2024-6263 WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2024-6264 Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'
S
CVE-2024-6266 Pear Admin Boot loadDictItem sql injection
E
CVE-2024-6267 SourceCodester Service Provider Management System System Info Page index.php cross site scripting
E
CVE-2024-6268 lahirudanushka School Management System Login Page login.php sql injection
E
CVE-2024-6269 Ruijie RG-UAC HTTP POST Request sxh_vpnlic.php get_ip.addr_details command injection
E
CVE-2024-6270 Community Events < 1.5.1 - Admin+ Stored XSS
E
CVE-2024-6271 Community Events < 1.5 - Event Deletion via CSRF
E
CVE-2024-6272 SpiderContacts <= 1.1.7 - Reflected XSS
E
CVE-2024-6273 SourceCodester Clinic Queuing System patient_side.php save_patient cross site scripting
E
CVE-2024-6274 lahirudanushka School Management System Attendance Report Page attendancelist.php sql injection
E
CVE-2024-6275 lahirudanushka School Management System Parent Page parent.php sql injection
E
CVE-2024-6276 lahirudanushka School Management System Teacher Page teacher.php sql injection
E
CVE-2024-6277 lahirudanushka School Management System Student Page student.php sql injection
E
CVE-2024-6278 lahirudanushka School Management System Subject Page subject.php sql injection
E
CVE-2024-6279 lahirudanushka School Management System Exam Results Page examresults-par.php sql injection
E
CVE-2024-6280 SourceCodester Simple Online Bidding System unrestricted upload
E
CVE-2024-6281 Path Traversal in parisneo/lollms
CVE-2024-6282 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element
S
CVE-2024-6283 DethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget
CVE-2024-6284 Improper IPv4 and IPv6 byte order storage in github.com/google/nftables
CVE-2024-6285 Integer Underflow in Memory Range Check in Renesas RCAR
S
CVE-2024-6286 Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
CVE-2024-6287 Incorrect Address Range Calculations
S
CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting
CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
E
CVE-2024-6290 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potenti...
E
CVE-2024-6291 Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to ...
E
CVE-2024-6292 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potenti...
E
CVE-2024-6293 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potenti...
E
CVE-2024-6294 udn News App - Sensitive Information Exposure
S
CVE-2024-6295 udn News App - Insecure Data Storage
S
CVE-2024-6296 Stackable – Page Builder Gutenberg Blocks <= 3.13.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor
CVE-2024-6298 remote code execution
CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit
S
CVE-2024-6300 Incomplete Cleanup in Conduit
S
CVE-2024-6301 Origin Validation Error in Conduit
S
CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit
S
CVE-2024-6303 Missing Authorization in Conduit
S
CVE-2024-6304 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6305 Rejected reason: **REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-3111...
R
CVE-2024-6306 Rejected reason: **REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-3211...
R
CVE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API
CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection
E
CVE-2024-6309 Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-6310 Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-6311 Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload
CVE-2024-6312 Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion
CVE-2024-6313 Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload
CVE-2024-6314 IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
CVE-2024-6315 Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-6316 Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-6317 Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Deletion
CVE-2024-6318 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file'
S
CVE-2024-6319 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'
S
CVE-2024-6320 ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-6322 Access control for plugin data sources protected by the ReqActions json field of the plugin.json is ...
CVE-2024-6323 Improper Isolation or Compartmentalization in GitLab
S
CVE-2024-6324 Inefficient Algorithmic Complexity in GitLab
E S
CVE-2024-6325 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
S
CVE-2024-6326 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
S
CVE-2024-6327 Progress Telerik Report Server Deserialization
CVE-2024-6328 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.14.7 - Authentication Bypass
S
CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab
E S
CVE-2024-6330 GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
E
CVE-2024-6331 Injection by Prompt Injection in stitionai/devika
E
CVE-2024-6332 Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive Information Exposure
CVE-2024-6333 Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products
CVE-2024-6334 Easy Table of Contents < 2.0.67 - Editor+ Stored XSS
E
CVE-2024-6335 Tracking Code Manager < 2.3.0- Admin+ Stored Cross-Site Scripting
E
CVE-2024-6336 Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure
CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server
CVE-2024-6338 FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter
S
CVE-2024-6339 Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters
CVE-2024-6340 Premium Addons for Elementor <= 4.10.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
S
CVE-2024-6341 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-6342 **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel N...
CVE-2024-6343 A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 ...
CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
CVE-2024-6345 Remote Code Execution in pypa/setuptools
CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85a - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget
CVE-2024-6347 Unauthorized access to ECU functionality
CVE-2024-6348 Predictable seed generation after ECU reset
CVE-2024-6349 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6350 EmberZNet malformed MAC layer packet leads to denial of service
CVE-2024-6351 Malformed packet leads to denial of service in NWK/APS layer
CVE-2024-6352 Malformed packet leads to denial of service in APS layer
CVE-2024-6353 Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]'
CVE-2024-6354 Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier...
CVE-2024-6355 Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting
CVE-2024-6356 Incorrect User Management in GitLab
E S
CVE-2024-6357 Insecure Direct Object Reference vulnerability
CVE-2024-6358 Incorrect Authorization vulnerability
CVE-2024-6359 Privilege escalation vulnerability
CVE-2024-6360 Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText™ Vertica.
S
CVE-2024-6361 Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product.
S
CVE-2024-6362 Ultimate Blocks < 3.2.0 - Contributor+ Stored XSS
E
CVE-2024-6363 Stock Ticker <= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode
S
CVE-2024-6364 Server Identity Validation Bypass in Absolute Persistence®
CVE-2024-6365 Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution
CVE-2024-6366 User Profile Builder < 3.11.8 - Unauthenticated Media Upload
E
CVE-2024-6367 LabVantage LIMS POST Request cross site scripting
E
CVE-2024-6368 LabVantage LIMS POST Request cross site scripting
E
CVE-2024-6369 LabVantage LIMS POST Request cross site scripting
E
CVE-2024-6370 LabVantage LIMS POST Request cross site scripting
E
CVE-2024-6371 itsourcecode Pool of Bethesda Online Reservation System controller.php sql injection
E
CVE-2024-6372 itsourcecode Tailoring Management System customeradd.php sql injection
E
CVE-2024-6373 itsourcecode Online Food Ordering System addproduct.php unrestricted upload
E
CVE-2024-6374 lahirudanushka School Management System Subject Page subject.php cross site scripting
E
CVE-2024-6375 Missing authorization check may lead to shard key refinement
S
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
S
CVE-2024-6377 URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-6378 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-6379 Reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-6380 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-6381 MongoDB C Driver bson_strfreev may be susceptible to integer overflow
CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
CVE-2024-6383 MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
CVE-2024-6385 Improper Access Control in GitLab
E S
CVE-2024-6386 WPML Multilingual CMS <= 4.6.12 - Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection
E
CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos
E M
CVE-2024-6388 Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the P...
CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
E S
CVE-2024-6390 Quiz and Survey Master (QSM) < 9.1.0 - Contributor+ Stored XSS
E
CVE-2024-6391 oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode
CVE-2024-6392 Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update
S
CVE-2024-6393 NextGEN Gallery < 3.59.5 - Admin+ Stored XSS
E
CVE-2024-6394 Local File Inclusion in parisneo/lollms-webui
CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys
CVE-2024-6396 Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim
CVE-2024-6397 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin
S
CVE-2024-6398 An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 1...
CVE-2024-6400 Cleartext Storage of Username and Password in Finrota's Netahsilat
CVE-2024-6401 SQLi in SFS Consulting's InsureE GL
CVE-2024-6402 Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow
E
CVE-2024-6403 Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow
E
CVE-2024-6405 Floating Social Buttons <= 1.5 - Cross-Site Request Forgery
CVE-2024-6406 Sensetive Data Exposure in Yordam Information Technology's Mobile Library Application
CVE-2024-6407 CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a...
CVE-2024-6408 Slider by 10Web < 1.2.57 - Editor+ Stored XSS
E
CVE-2024-6409 Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
M
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference
S
CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
S
CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF
E
CVE-2024-6413 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: T...
R
CVE-2024-6414 Parsec Automation TrakSYS Export Page contentpage direct request
E
CVE-2024-6415 Ingenico Estate Manager New Widget cross site scripting
E
CVE-2024-6416 SeaCMS sql injection
E
CVE-2024-6417 SourceCodester Simple Online Bidding System sql injection
E
CVE-2024-6418 SourceCodester Medicine Tracker System sql injection
E
CVE-2024-6419 SourceCodester Medicine Tracker System sql injection
E
CVE-2024-6420 Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
E
CVE-2024-6421 Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products
CVE-2024-6422 Pepperl+Fuchs: OIT Products can be manipulated via unintended Telnet access
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook
CVE-2024-6425 Incorrect Provision of Specified Functionality vulnerability in MESbook
CVE-2024-6426 Information exposure vulnerability vulnerability in MESbook
CVE-2024-6427 Uncontrolled Resource Consumption vulnerability in MESbook
CVE-2024-6428 Limited DoS due to permitting creating users with user-defined IDs
S
CVE-2024-6431 Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-6432 Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter
S
CVE-2024-6433 Local File Inclusion in stitionai/devika
CVE-2024-6434 Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service
S
CVE-2024-6435 Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®
S
CVE-2024-6436 Rockwell Automation Input Validation Vulnerability exists in the SequenceManager™ Server
S
CVE-2024-6437 On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options ma
S
CVE-2024-6438 Hitout Carsale OrderController.java sql injection
E
CVE-2024-6439 SourceCodester Home Owners Collection Management System unrestricted upload
E
CVE-2024-6440 SourceCodester Home Owners Collection Management System sql injection
E
CVE-2024-6441 ORIPA LoaderXML.java deserialization
S
CVE-2024-6442 Bluetooth: ASCS Unchecked tailroom of the response buffer
CVE-2024-6443 zephyr: out-of-bound read in utf8_trunc
E
CVE-2024-6444 Bluetooth: ots: missing buffer length check
CVE-2024-6445 Authenticated Local File Inclusion (LFI) in DataFlowX's DataDiodeX
CVE-2024-6446 Business Logic Errors in GitLab
E S
CVE-2024-6447 FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter
CVE-2024-6448 Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure
CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit
CVE-2024-6450 Reflected XSS in HyperView Geoportal Toolkit
CVE-2024-6451 AI Engine < 2.5.1 - Admin+ RCE
E
CVE-2024-6452 linlinjava litemall AdminGoodscontroller.java sql injection
E
CVE-2024-6453 itsourcecode Farm Management System sql injection
E
CVE-2024-6455 ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function
CVE-2024-6456 SQL Injection vulnerability in AVEVA Historian Server
S
CVE-2024-6457 HUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL Injection
S
CVE-2024-6458 WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting
S
CVE-2024-6459 News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI
E
CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
E
CVE-2024-6461 Rejected reason: **REJECT** This is a duplicate CVE issued in error on a framework vulnerability. Pl...
R
CVE-2024-6462 DL Yandex Metrika <= 1.2 - Admin+ Stored XSS
E
CVE-2024-6463 Rejected reason: **REJECT** This is a duplicate CVE issued in error on a framework vulnerability. Pl...
R
CVE-2024-6464 Rejected reason: **REJECT** This is a duplicate CVE issued in error on a framework vulnerability. Pl...
R
CVE-2024-6465 WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update
CVE-2024-6466 NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations ...
CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
S
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
CVE-2024-6469 playSMS Template injection
E
CVE-2024-6470 playSMS Template injection
CVE-2024-6471 SourceCodester Online Tours & Travels Management sms_setting.php sql injection
E
CVE-2024-6472 Ability to trust not validated macro signatures removed in high security mode
CVE-2024-6473 DLL Hijacking in Yandex Browser
CVE-2024-6476 Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible f...
CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure
E
CVE-2024-6478 CTT Expresso para WooCommerce < 3.2.13 - Admin+ Stored XSS
E
CVE-2024-6479 SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL Injection
CVE-2024-6480 SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting
CVE-2024-6481 Search Filter Pro < 2.5.18 - Admin+ Stored XSS
E
CVE-2024-6482 Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
S
CVE-2024-6483 Arbitrary File/Directory Deletion in aimhubio/aim
CVE-2024-6484 XSS in Bootstrap carousel component
E
CVE-2024-6485 XSS in Bootstrap button component
CVE-2024-6486 ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection
E
CVE-2024-6487 Inline Related Posts < 3.8.0 - Admin+ Stored XSS
E
CVE-2024-6488 Rejected reason: This is REJECTED....
R
CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update
S
CVE-2024-6490 Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion
E
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
S
CVE-2024-6492 Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Deskto...
CVE-2024-6493 NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS
E
CVE-2024-6494 WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS
E
CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget
S
CVE-2024-6496 Light Poll <= 1.0.0 - Polls Deletion via CSRF
E
CVE-2024-6497 SEO Plugin by Squirrly SEO <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter
E S
CVE-2024-6498 CollectChat < 2.4.4 - Admin+ XSS
E
CVE-2024-6499 WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure
S
CVE-2024-6500 InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete
CVE-2024-6501 Networkmanager: denial of service
CVE-2024-6502 Incorrect Provision of Specified Functionality in GitLab
E S
CVE-2024-6504 Rapid7 InsightVM Protection Mechanism Failure
CVE-2024-6505 Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
M
CVE-2024-6506 Information exposure vulnerability in the MRW plug-in
S
CVE-2024-6507 Deep Lake Kaggle command injection
S
CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy
M
CVE-2024-6509 Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi wa...
CVE-2024-6510 Local privilege escalation vulnerability in AVG Internet Security
S
CVE-2024-6511 y_project RuoYi Content-Type isJsonRequest cross site scripting
E
CVE-2024-6512 Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 an...
CVE-2024-6513 Rejected reason: CVE assigned by mistake as a duplicate....
R
CVE-2024-6515 unauthorized file access
CVE-2024-6516 Cross Site Scripting XSS
CVE-2024-6517 Contact Form 7 Math Captcha <= 2.0.1 - Reflected XSS
E
CVE-2024-6518 fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-6519 Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
CVE-2024-6520 fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-6521 fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-6522 Modern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery
CVE-2024-6523 ZKTeco BioTime system-group-add cross site scripting
E
CVE-2024-6524 ShopXO Uploader.php server-side request forgery
E
CVE-2024-6525 D-Link DAR-7000 decodmail.php deserialization
E
CVE-2024-6526 CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting
E S
CVE-2024-6527 SQL Injection in MegaBIP
CVE-2024-6528 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2024-6529 Ultimate Classified Listings < 1.4 - Reflected XSS
E
CVE-2024-6530 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-6531 XSS in Bootstrap carousel component
E
CVE-2024-6532 Sheet to Table Live Sync for Google Sheet <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via STWT_Sheet_Table Shortcode
CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options
E
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets
CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies
CVE-2024-6536 Zephyr Project Manager < 3.3.99 - Editor+ XSS
E
CVE-2024-6538 Openshift-console: openshift console: server-side request forgery
M
CVE-2024-6539 heyewei SpringBootCMS Guestbook guestbook cross site scripting
E
CVE-2024-6540 Information exlosure in external interface
S
CVE-2024-6542 Livestatus injection in mknotifyd
CVE-2024-6544 Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure
CVE-2024-6545 Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure
CVE-2024-6546 One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure
CVE-2024-6547 Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure
CVE-2024-6548 Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure
CVE-2024-6549 Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure
CVE-2024-6550 Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure
CVE-2024-6551 GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure
CVE-2024-6552 Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure
CVE-2024-6553 WP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path Disclosure
S
CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure
S
CVE-2024-6555 WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure
CVE-2024-6556 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure
CVE-2024-6557 SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure
CVE-2024-6558 HMS Industrial Networks Anybus-CompactCom 30 Cross-site Scripting
M
CVE-2024-6559 XCloner <= 4.7.3 - Unauthenticated Full Path Disclosure
CVE-2024-6560 Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure
CVE-2024-6562 affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure
CVE-2024-6563 Buffer Overflow Arbitrary Write
S
CVE-2024-6564 Buffer overflow in Rensas RCAR
S
CVE-2024-6565 AForms <= 2.2.6 - Unauthenticated Full Path Disclosure
CVE-2024-6566 Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure
CVE-2024-6567 Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure
CVE-2024-6568 Flamix: Bitrix24 and Contact Form 7 integrations <= 3.1.0 - Unauthenticated Full Path Disclosure
CVE-2024-6569 Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure
CVE-2024-6570 Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure
CVE-2024-6571 Optimize Images ALT Text (alt tag) & names for SEO using AI <= 3.1.1 - Unauthenticated Full Path Disclosure
S
CVE-2024-6572 Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem'
CVE-2024-6573 Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure
CVE-2024-6574 Laposta <= 1.12 - Unauthenticated Full Path Disclosure
CVE-2024-6575 The Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget
S
CVE-2024-6576 MOVEit Transfer Privilege Escalation Vulnerability
CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve
CVE-2024-6578 Stored XSS in aimhubio/aim
E
CVE-2024-6579 Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification
CVE-2024-6580 /n software IPWorks SSH insufficient file access verification
CVE-2024-6581 Remote Code Execution due to Stored XSS in parisneo/lollms
E S
CVE-2024-6582 Broken Access Control in lunary-ai/lunary
E S
CVE-2024-6583 Path Traversal in stangirard/quivr
CVE-2024-6584 Jetpack Boost < 3.4.7 - Admin+ SSRF
E
CVE-2024-6585 Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard...
CVE-2024-6586 Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Edi...
CVE-2024-6587 SSRF in berriai/litellm
E S
CVE-2024-6588 PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter
CVE-2024-6589 LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion
S
CVE-2024-6590 Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.7.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.6 - Missing Authorization to Unauthenticated Email Creation
CVE-2024-6592 WatchGuard Firebox Single Sign-On Agent Protocol Authorization Bypass
M
CVE-2024-6593 WatchGuard Firebox Single Sign-On Agent Management Interface Authentication Bypass
CVE-2024-6594 WatchGuard Firebox Single Sign-On Client Denial-of-Service
CVE-2024-6595 Uncontrolled Search Path Element in GitLab
E S
CVE-2024-6596 Endress+Hauser: Multiple products are vulnerable to code injection
CVE-2024-6598 Denial-of-service on KNIME Business Hub when certain jobs are executed
S
CVE-2024-6599 Meks Video Importer <= 1.0.11 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification
CVE-2024-6600 Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access c...
CVE-2024-6601 A race condition could lead to a cross-origin container obtaining permissions of the top-level origi...
CVE-2024-6602 A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability...
CVE-2024-6603 In an out-of-memory scenario an allocation could fail but free would have been called on the pointer...
CVE-2024-6604 Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these...
CVE-2024-6605 Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjac...
CVE-2024-6606 Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds...
CVE-2024-6607 It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay custo...
CVE-2024-6608 It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor ...
CVE-2024-6609 When almost out-of-memory an elliptic curve key which was never allocated could have been freed agai...
CVE-2024-6610 Form validation popups could capture escape key presses. Therefore, spamming form validation message...
CVE-2024-6611 A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This...
CVE-2024-6612 CSP violations generated links in the console tab of the developer tools, pointing to the violating ...
CVE-2024-6613 The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorr...
CVE-2024-6614 The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorr...
CVE-2024-6615 Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of...
CVE-2024-6617 NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles
E
CVE-2024-6618 Path Traversal in Ocean Data Systems Dream Report
S
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
S
CVE-2024-6620 Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site sc...
CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update
S
CVE-2024-6624 JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation
S
CVE-2024-6625 WP Total Branding <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via title Parameter
CVE-2024-6626 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization
CVE-2024-6627 Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget
CVE-2024-6628 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request Forgery
CVE-2024-6629 All-in-One Video Gallery <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode
S
CVE-2024-6630 Rejected reason: **REJECT** This CVE ID was issued in error and is a duplicate. Please use CVE-2024-...
R
CVE-2024-6631 ImageRecycle pdf & image compression <= 3.1.14 - Missing Authorization in Several AJAX Actions
S
CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)
S
CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)
S
CVE-2024-6634 Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode
CVE-2024-6635 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass
CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
CVE-2024-6637 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password
CVE-2024-6638 Integer Overflow Vulnerability Reading TDMS Files in LabVIEW
CVE-2024-6639 MDx <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdx_list_item Shortcode
CVE-2024-6640 pf incorrectly matches different ICMPv6 states in the state table
CVE-2024-6641 WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
S
CVE-2024-6642 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2024-6643 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6644 zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization
E
CVE-2024-6645 WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization
E
CVE-2024-6646 Netgear WN604 Web Interface downloadFile.php information disclosure
E
CVE-2024-6647 Croogo Setting Theme unrestricted upload
E
CVE-2024-6648 Path Traversal in AP Page Builder
S
CVE-2024-6649 SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users cross-site request forgery
E
CVE-2024-6650 SourceCodester Employee and Visitor Gate Pass Logging System Master.php save_designation cross site scripting
E
CVE-2024-6651 WordPress File Upload < 4.24.8 - Reflected XSS
E
CVE-2024-6652 itsourcecode Gym Management System manage_member.php sql injection
E
CVE-2024-6653 code-projects Simple Task List Login loginForm.php sql injection
E
CVE-2024-6654 Denial of Service vulnerability in ESET products for macOS
CVE-2024-6655 Gtk3: gtk2: library injection from cwd
M
CVE-2024-6656 Hardcoded Credentals in TNB Mobile Solutions' Cockpit Software
CVE-2024-6657 BLE peripheral DoS after few cycles of connect/disconnects
S
CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.
CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
S
CVE-2024-6661 ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-6662 CSRF in MegaBIP
CVE-2024-6663 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2024-6664 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2024-6665 kbucket < 4.1.6 - Admin+ Stored XSS
E
CVE-2024-6666 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id
S
CVE-2024-6667 kbucket < 4.1.5 - Reflected XSS
E
CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting
E
CVE-2024-6669 AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
KEV
CVE-2024-6671 WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability
CVE-2024-6672 WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability
CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui
E S
CVE-2024-6674 Data Leak through CORS Misconfiguration in parisneo/lollms-webui
E S
CVE-2024-6675 Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File
CVE-2024-6676 witmy my-springsecurity-plus user sql injection
E
CVE-2024-6677 Privilege escalation in uberAgent...
CVE-2024-6678 Authentication Bypass by Spoofing in GitLab
E S
CVE-2024-6679 witmy my-springsecurity-plus role sql injection
E
CVE-2024-6680 witmy my-springsecurity-plus build sql injection
E
CVE-2024-6681 witmy my-springsecurity-plus dept sql injection
E
CVE-2024-6684 Authentication Bypass in GST Electronics' inohom Nova Panel N7
CVE-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab
E S
CVE-2024-6687 CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory
S
CVE-2024-6688 Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update
CVE-2024-6689 Local privilege escalation vulnerability in baramundi Management Agent via MSI Installer
CVE-2024-6690 WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect
E
CVE-2024-6691 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings
S
CVE-2024-6692 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text
S
CVE-2024-6693 WP Content Copy Protection & No Right Click (premium) <= 15.0 - Admin+ Stored XSS
E
CVE-2024-6694 WP Mail SMTP <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure
CVE-2024-6695 profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation
E
CVE-2024-6696 Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control
CVE-2024-6697 Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges
CVE-2024-6698 FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation
S
CVE-2024-6699 SQLi in Mikafon Electronic's Mikafon MA7
CVE-2024-6700 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name....
CVE-2024-6701 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type....
CVE-2024-6702 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage....
CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields
S
CVE-2024-6704 Comments – wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection
CVE-2024-6705 RegLevel <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
E
CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal
E
CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting
E
CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update
S
CVE-2024-6710 Ditty < 3.1.45 - Author+ Stored XSS
E
CVE-2024-6711 Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS
E
CVE-2024-6712 MapFig Studio <= 0.2.1 - Stored XSS via CSRF
E
CVE-2024-6713 PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS
E
CVE-2024-6714 An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local att...
S
CVE-2024-6715 Ditty 3.1.39-3.1.45 - Author+ Stored XSS
E
CVE-2024-6716 Rejected reason: Invalid security issue....
R
CVE-2024-6717 Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
CVE-2024-6718 PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode
E
CVE-2024-6719 Offload Videos – Bunny.net, AWS S3 <= 1.0.1 Subscriber+ CSRF
E
CVE-2024-6720 Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF
E
CVE-2024-6721 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-5324. Reason: This ...
R
CVE-2024-6722 Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS
E
CVE-2024-6723 AI Engine < 2.4.8 - Admin+ SQLi
E
CVE-2024-6724 Generate Images – Magic Post Thumbnail < 5.2.8 - Admin+ Stored XSS
E
CVE-2024-6725 Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-6726 Remote Code Execution (RCE) in Delphix
CVE-2024-6727 Broken Access Control in Delphix
CVE-2024-6728 itsourcecode Tailoring Management System typeedit.php sql injection
E
CVE-2024-6729 SourceCodester Kortex Lite Advocate Office Management System add_act.php sql injection
E
CVE-2024-6730 Nanjing Xingyuantu Technology SparkShop uploadFile unrestricted upload
E
CVE-2024-6731 SourceCodester Student Study Center Desk Management System Master.php sql injection
E
CVE-2024-6732 SourceCodester Student Study Center Desk Management System Users.php sql injection
E
CVE-2024-6733 itsourcecode Tailoring Management System templateedit.php sql injection
E
CVE-2024-6734 itsourcecode Tailoring Management System templateadd.php sql injection
E
CVE-2024-6735 itsourcecode Tailoring Management System setgeneral.php sql injection
E
CVE-2024-6736 SourceCodester Employee and Visitor Gate Pass Logging System view_employee.php sql injection
E
CVE-2024-6737 2100 TECHNOLOGY Electronic Official Document Management System - Broken Access Control
S
CVE-2024-6738 WisdomGarden Tronclass - Broken Access Control
S
CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag
E S
CVE-2024-6740 Openfind Mail2000 - Stored XSS
E S
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
E S
CVE-2024-6742 AguardNet Space Management System - Reflected Cross-Site Scripting
S
CVE-2024-6743 AguardNet Space Management System - SQL injection
S
CVE-2024-6744 The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, lea...
S
CVE-2024-6745 code-projects Simple Ticket Booking Login adminauthenticate.php sql injection
E
CVE-2024-6746 NaiboWang EasySpider HTTP GET Request server.js path traversal
E
CVE-2024-6747 Information leak in mknotifyd
CVE-2024-6748 SQL Injection
CVE-2024-6749 Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident re...
CVE-2024-6750 Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions
CVE-2024-6751 Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions
CVE-2024-6752 Social Auto Poster <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-6753 Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-6754 Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template
CVE-2024-6755 Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function
CVE-2024-6758 Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E
CVE-2024-6759 NFS client accepts file names containing path separators
CVE-2024-6760 ktrace(2) fails to detach when executing a setuid binary
CVE-2024-6761 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6762 Jetty PushSessionCacheFilter can cause remote DoS attacks
S
CVE-2024-6763 Jetty URI parsing of invalid authority
E S
CVE-2024-6765 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6766 Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS
E
CVE-2024-6767 WordSurvey <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via sounding_title Parameter
CVE-2024-6768 Denial of Service in CLFS.sys
CVE-2024-6769 Medium to High Integrity Privilege Escalation in Microsoft Windows
E
CVE-2024-6770 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-6772 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacke...
E
CVE-2024-6773 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacke...
E
CVE-2024-6774 Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker ...
E
CVE-2024-6775 Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker wh...
E
CVE-2024-6776 Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potent...
E
CVE-2024-6777 Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convin...
E
CVE-2024-6778 Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user t...
E
CVE-2024-6779 Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker...
E
CVE-2024-6780 Improper permission control in com.android.server.telecom
CVE-2024-6781 Calibre Arbitrary File Read
S
CVE-2024-6782 Calibre Remote Code Execution
S
CVE-2024-6783 Vue client-side XSS via prototype pollution
CVE-2024-6784 SSRF Server Side Request Forgery
CVE-2024-6785 MXview One and MXview One Central Manager Series store cleartext credentials in a local file
S
CVE-2024-6786 MXview One Series vulnerable to Path Traversal
S
CVE-2024-6787 MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition
S
CVE-2024-6788 Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password
CVE-2024-6789 Path traversal in M-Files API
S
CVE-2024-6790 Mali GPU Kernel Driver can cause the whole system to become unresponsive
S
CVE-2024-6791 Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files
CVE-2024-6792 WP ULike < 4.7.2.1 - Subscriber+ Stored-XSS
E
CVE-2024-6793 Deserialization of Untrusted Data in NI VeriStand DataLogging Server
CVE-2024-6794 Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server
CVE-2024-6795 Vulnerability in Baxter Connex Health Portal
S
CVE-2024-6796 Vulnerability in Baxter Connex Health Portal
S
CVE-2024-6797 DL Robots.txt <= 1.2 - Admin+ Stored XSS
E
CVE-2024-6798 DL Verification <= 1.2 - Admin+ Stored XSS
E
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation
S
CVE-2024-6800 An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SA...
CVE-2024-6801 SourceCodester Online Student Management System add-students.php unrestricted upload
E
CVE-2024-6802 SourceCodester Computer Laboratory Management System Master.php sql injection
E
CVE-2024-6803 itsourcecode Document Management System insert.php sql injection
E
CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File
S
CVE-2024-6805 Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
CVE-2024-6806 Missing Authorization Checks In NI VeriStand Gateway For Project Resources
CVE-2024-6807 SourceCodester Student Study Center Desk Management System HTTP POST Request Users.php cross site scripting
E
CVE-2024-6808 itsourcecode Simple Task List signUp.php insertUserRecord sql injection
E
CVE-2024-6809 Simple Video Directory < 1.4.3 - Unauthenticated SQLi
E
CVE-2024-6810 Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-6811 IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6812 IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6813 NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability
CVE-2024-6814 NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability
CVE-2024-6815 IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6816 IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-6817 IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6818 IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6819 IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6820 IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6821 IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6822 IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-6823 Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action
S
CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
S
CVE-2024-6825 Remote Code Execution in BerriAI/litellm
CVE-2024-6826 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
CVE-2024-6828 Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim
CVE-2024-6830 SourceCodester Simple Inventory Management System Order action.php sql injection
E
CVE-2024-6831 Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to ed...
CVE-2024-6833 Zowe CLI Auto-Init Leaks Credentials Locally
S
CVE-2024-6834 Imperative Local Command Injection allows Activity Masking
S
CVE-2024-6835 Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form
S
CVE-2024-6836 Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update
S
CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow
E
CVE-2024-6839 Improper Regex Path Matching in corydolphin/flask-cors
CVE-2024-6840 Automation-controller: gain access to the k8s api server via job execution with container group
CVE-2024-6841 CSRF in vanna-ai/vanna
CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm
CVE-2024-6843 SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS
E
CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors
CVE-2024-6845 SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure
E
CVE-2024-6846 SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
E
CVE-2024-6847 SmartSearch WP <= 2.4.4 - Unauthenticated SQLi
E
CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload
E S
CVE-2024-6849 Preloader Plus – WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-6850 Carousel Slider < 2.2.14 - Editor+ Stored XSS
E
CVE-2024-6851 Arbitrary File Deletion in aimhubio/aim
CVE-2024-6852 WP MultiTasking <= 0.1.12 - Settings Update via CSRF
E
CVE-2024-6853 WP MultiTasking <= 0.1.12 - Welcome Popup Update via CSRF
E
CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3
CVE-2024-6855 WP MultiTasking <= 0.1.12 - Exit Popup Update via CSRF
E
CVE-2024-6856 WP MultiTasking <= 0.1.12 - SMTP Settings Update via CSRF
E
CVE-2024-6857 WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF
E
CVE-2024-6859 WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode
E
CVE-2024-6860 WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF
E
CVE-2024-6861 Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
M
CVE-2024-6862 Cross-Site Request Forgery (CSRF) in lunary-ai/lunary
E S
CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3
CVE-2024-6864 WP Last Modified Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via lmt-post-modified-info Shortcode
S
CVE-2024-6865 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors
CVE-2024-6867 Information Disclosure in lunary-ai/lunary
E S
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
E S
CVE-2024-6869 Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure
S
CVE-2024-6870 Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload
S
CVE-2024-6871 G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update
S
CVE-2024-6873 Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.
M
CVE-2024-6874 macidn punycode buffer overread
E
CVE-2024-6875 Infinispan: infinispan: rest compare api has buffer leak
CVE-2024-6876 Out-of-bounds read in OSCAT-Library
CVE-2024-6877 Reflected XSS in Eliz Software's Panel
CVE-2024-6878 Directory Browsing in Eliz Software's Panel
CVE-2024-6879 Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS
E
CVE-2024-6880 CSRF in MegaBIP
CVE-2024-6881 Stored XSS Vulnerability
S
CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 5.0.22.decaf - Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification
CVE-2024-6884 Gutenberg Blocks with AI by Kadence WP < 3.2.39 - Contributor+ Stored XSS
E
CVE-2024-6885 MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles <= 1.9.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2024-6886 Inproper Sanitation of field leading to stored XSS
CVE-2024-6887 Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS
E
CVE-2024-6888 Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS
E
CVE-2024-6889 Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS
E
CVE-2024-6890 Journyx Unauthenticated Password Reset Bruteforce
E
CVE-2024-6891 Journyx Authenticated Remote Code Execution
E
CVE-2024-6892 Journyx Reflected Cross Site Scripting
CVE-2024-6893 Journyx Unauthenticated XML External Entities Injection
E
CVE-2024-6894 RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-6895 Insecure Account Profile Management
S
CVE-2024-6896 AMP for WP – Accelerated Mobile Pages <= 1.0.96.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-6897 aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-6898 SourceCodester Record Management System index.php sql injection
E
CVE-2024-6899 SourceCodester Record Management System view_info.php sql injection
E
CVE-2024-6900 SourceCodester Record Management System edit_emp.php sql injection
E
CVE-2024-6901 SourceCodester Record Management System entry.php sql injection
E
CVE-2024-6902 SourceCodester Record Management System sort_user.php sql injection
E
CVE-2024-6903 SourceCodester Record Management System sort1_user.php sql injection
E
CVE-2024-6904 SourceCodester Record Management System sort2_user.php sql injection
E
CVE-2024-6905 SourceCodester Record Management System view_info_user.php sql injection
E
CVE-2024-6906 SourceCodester Record Management System add_leave_non_user.php sql injection
E
CVE-2024-6907 SourceCodester Record Management System sort.php cross site scripting
E
CVE-2024-6908 Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request
S
CVE-2024-6909 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-6910 EventON < 2.2.17 - Admin+ Stored XSS
E
CVE-2024-6911 Unauthenticated Local File Inclusion
E S
CVE-2024-6912 Hardcoded MSSQL Credentials
E S
CVE-2024-6913 Execution with Unnecessary Privileges
E S
CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover
S
CVE-2024-6915 JFrog Artifactory Cache Poisoning
CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties
S
CVE-2024-6917 RCE in Veribilim Software's Veribase Order Management
CVE-2024-6918 CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists...
CVE-2024-6919 SQLi in NAC Telecommunication's NACPremium
CVE-2024-6920 Stored XSS in NAC Telecommunication's NACPremium
CVE-2024-6921 Cleartext Username and Password in NAC Telecommunication's NACPremium
CVE-2024-6922 Server-Side Request Forgery in Automation 360
CVE-2024-6923 Email header injection due to unquoted newlines
S
CVE-2024-6924 TrueBooker < 1.0.3 - Multiple Unauthenticated SQLi
E
CVE-2024-6925 TrueBooker < 1.0.3 - Settings Update via CSRF
E
CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi
E
CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS
E
CVE-2024-6928 Opti Marketing <= 2.0.9 - Unauthenticated SQLi
E
CVE-2024-6929 Dynamic Featured Image <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter
CVE-2024-6930 WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode
S
CVE-2024-6931 The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2024-6932 ClassCMS cross site scripting
E
CVE-2024-6933 LimeSurvey Survey General Settings actionUpdateSurveyLocaleSettingsGeneralSettings sql injection
E
CVE-2024-6934 formtools.org Form Tools cross site scripting
E
CVE-2024-6935 formtools.org Form Tools User Settings Page cross site scripting
E
CVE-2024-6936 formtools.org Form Tools Setting code injection
E
CVE-2024-6937 formtools.org Form Tools Import Option List edit.php curl_exec file inclusion
E
CVE-2024-6938 SiYuan PDF PDF.js cross site scripting
E
CVE-2024-6939 Xinhu RockOA tpl_upload.html okla cross site scripting
E
CVE-2024-6940 DedeCMS article_template_rand.php code injection
E
CVE-2024-6941 ThinkSAAS do.php cross site scripting
E
CVE-2024-6942 ThinkSAAS Admin Panel Security Center anti.php cross site scripting
E
CVE-2024-6943 ZhongBangKeJi CRMEB CopyTaobaoServices.php downloadImage deserialization
E
CVE-2024-6944 ZhongBangKeJi CRMEB PublicController.php get_image_base64 deserialization
E
CVE-2024-6945 Flute CMS Avatar Upload Page ImagesController.php unrestricted upload
E
CVE-2024-6946 Flute CMS list code injection
E
CVE-2024-6947 Flute CMS Notification ContentParser.php replaceContent code injection
E
CVE-2024-6948 Gargaj wuhu Slide Editor slideeditor.php unrestricted upload
E
CVE-2024-6949 Gargaj wuhu path traversal
E
CVE-2024-6950 Prain HTTP POST Request ?import code injection
E
CVE-2024-6951 SourceCodester Simple Online Book Store System admin_delete.php sql injection
E
CVE-2024-6952 itsourcecode University Management System sql injection
E
CVE-2024-6953 itsourcecode Tailoring Management System sms.php sql injection
E
CVE-2024-6954 SourceCodester Record Management System sort1.php cross site scripting
E
CVE-2024-6955 SourceCodester Record Management System sort2.php cross site scripting
E
CVE-2024-6956 itsourcecode University Management System view_cgpa.php sql injection
E
CVE-2024-6957 itsourcecode University Management System Login functions.php sql injection
E
CVE-2024-6958 itsourcecode University Management System Avatar File st_update.php unrestricted upload
E
CVE-2024-6959 Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
E
CVE-2024-6960 H2O deserializes ML models without filtering, potentially allowing execution of malicious code
CVE-2024-6961 XXE in Guardrails AI when consuming RAIL documents
CVE-2024-6962 Tenda O3 formQosSet stack-based overflow
E
CVE-2024-6963 Tenda O3 formexeCommand stack-based overflow
E
CVE-2024-6964 Tenda O3 fromDhcpSetSer stack-based overflow
E
CVE-2024-6965 Tenda O3 fromVirtualSet stack-based overflow
E
CVE-2024-6966 itsourcecode Online Blood Bank Management System Login login.php sql injection
E
CVE-2024-6967 SourceCodester Employee and Visitor Gate Pass Logging System sql injection
E
CVE-2024-6968 SourceCodester Clinics Patient Management System print_patients_visits.php sql injection
E
CVE-2024-6969 SourceCodester Clinics Patient Management System get_patient_history.php sql injection
E
CVE-2024-6970 itsourcecode Tailoring Management System staffcatadd.php sql injection
E
CVE-2024-6971 Path Traversal in parisneo/lollms-webui
CVE-2024-6972 In affected versions of Octopus Server under certain circumstances it is possible for sensitive vari...
CVE-2024-6973 Remote Code Execution in Cato Windows SDP client via crafted URLs
E
CVE-2024-6974 Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade
E
CVE-2024-6975 Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
E
CVE-2024-6977 Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover
E
CVE-2024-6978 Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users
E
CVE-2024-6979 Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which wo...
CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service
S
CVE-2024-6981 OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function
M
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms
CVE-2024-6983 Remote Code Execution in mudler/localai
CVE-2024-6984 An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows ...
E S
CVE-2024-6985 Path Traversal in api open_personality_folder in parisneo/lollms-webui
E S
CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui
CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation
S
CVE-2024-6988 Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker...
CVE-2024-6989 Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potent...
CVE-2024-6990 Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attack...
CVE-2024-6991 Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentia...
CVE-2024-6994 Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to ...
CVE-2024-6995 Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowe...
CVE-2024-6996 Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a use...
CVE-2024-6997 Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinc...
CVE-2024-6998 Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker w...
CVE-2024-6999 Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attac...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.