CVE-2024-7xxx

There are 947 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-7000 Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convince...
CVE-2024-7001 Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attack...
CVE-2024-7003 Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attac...
CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 ...
CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 ...
CVE-2024-7006 Libtiff: null pointer dereference in tif_dirinfo.c
M
CVE-2024-7007 Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005
S
CVE-2024-7008 Calibre Reflected Cross-Site Scripting (XSS)
E S
CVE-2024-7009 Calibre SQL Injection
E S
CVE-2024-7010 Timing Attack in mudler/localai
E S
CVE-2024-7011 Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P...
CVE-2024-7012 Puppet-foreman: an authentication bypass vulnerability exists in foreman
M
CVE-2024-7013 Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow...
CVE-2024-7014 Improper multimedia file attachment validation in Telegram for Android app
CVE-2024-7015 Improper Authentication in Profelis Informatics and Consulting's PassBOX
CVE-2024-7016 Stored XSS in Smarttek Informatics' Smart Doctor
CVE-2024-7018 Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to pot...
E
CVE-2024-7019 Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker...
E
CVE-2024-7020 Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote at...
E
CVE-2024-7022 Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform...
E
CVE-2024-7023 Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote atta...
E
CVE-2024-7024 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker...
E
CVE-2024-7025 Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to pote...
E
CVE-2024-7026 SQLi in Teknogis Informatics' Closed Circuit Vehicle Tracking Software
CVE-2024-7027 WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor
CVE-2024-7029 Command Injection in AVTech AVM1203 (IP Camera)
E S
CVE-2024-7030 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update
CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update
S
CVE-2024-7032 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion
CVE-2024-7033 Arbitrary File Write in open-webui/open-webui
E
CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui
E
CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui
E
CVE-2024-7036 Denial of Service in open-webui/open-webui
E
CVE-2024-7037 Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
E
CVE-2024-7038 Information Disclosure in open-webui/open-webui
E
CVE-2024-7039 Improper Privilege Management in open-webui/open-webui
E
CVE-2024-7040 Improper Access Control in open-webui/open-webui
E
CVE-2024-7041 IDOR in open-webui/open-webui
E
CVE-2024-7042 Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection
E S
CVE-2024-7043 Improper Access Control in open-webui/open-webui
E
CVE-2024-7044 Stored XSS in open-webui/open-webui
E
CVE-2024-7045 Improper Access Control in open-webui/open-webui
E
CVE-2024-7046 Improper Access Control in open-webui/open-webui
E
CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
S
CVE-2024-7048 IDOR in open-webui/open-webui
E
CVE-2024-7049 Exposure of Token in open-webui/open-webui
E
CVE-2024-7050 Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor...
S
CVE-2024-7051 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7052 Forminator < 1.38.3 - Admin+ Stored XSS
E
CVE-2024-7053 Session Fixation in open-webui/open-webui
E
CVE-2024-7054 Popup Maker <= 1.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-7055 FFmpeg pnmdec.c pnm_decode_frame heap-based overflow
E S
CVE-2024-7056 WPForms < 1.9.1.6 - Admin+ Stored XSS
E
CVE-2024-7057 Improper Access Control in GitLab
E S
CVE-2024-7058 Relative Path Traversal in parisneo/lollms-webui
E
CVE-2024-7059 A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the We...
S
CVE-2024-7060 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
S
CVE-2024-7061 Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerabili...
S
CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
E M
CVE-2024-7063 ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure
CVE-2024-7064 ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-7065 Spina CMS cross-site request forgery
E
CVE-2024-7066 F-logic DataCube3 HTTP POST Request config_time_sync.php os command injection
E
CVE-2024-7067 kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization
E S
CVE-2024-7068 SourceCodester Insurance Management System update_sub_category cross site scripting
E
CVE-2024-7069 SourceCodester Employee and Visitor Gate Pass Logging System sql injection
E
CVE-2024-7071 Unauthenticate SQLi in Brain Information Technologies' Brain Low-Code
CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services
S
CVE-2024-7074 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution
S
CVE-2024-7076 SQLi in Semtek Informatics Software's Semtek Sempos
CVE-2024-7077 Reflected XSS in Semtek Informatics Software's Semtek Sempos
CVE-2024-7078 Unauthenticate SQLi in Semtek Informatics Software's Semtek Sempos
CVE-2024-7079 Openshift-console: unauthenticated installation of helm charts
M
CVE-2024-7080 SourceCodester Insurance Management System direct request
E
CVE-2024-7081 itsourcecode Tailoring Management System expcatadd.php sql injection
E
CVE-2024-7082 easy-table-of-contents < 2.0.68 - Editor+ Stored XSS
E
CVE-2024-7084 Ajax Search Lite < 4.12.1 - Admin+ Stored XSS
E
CVE-2024-7085 Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM).
S
CVE-2024-7090 LH Add Media From Url <= 1.23 - Reflected Cross-Site Scripting
CVE-2024-7091 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
S
CVE-2024-7092 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter
S
CVE-2024-7093 Server-Side Template Injection in Dispatch Message Templates
CVE-2024-7094 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution
CVE-2024-7095 On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term
S
CVE-2024-7096 Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw
S
CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup
S
CVE-2024-7098 XML Injection in SFS Consulting's ww.Winsure
CVE-2024-7099 SQL Injection in netease-youdao/qanything
E S
CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode
S
CVE-2024-7101 ForIP Tecnologia Administração PABX Authentication Form login sql injection
CVE-2024-7102 Execution with Unnecessary Privileges in GitLab
E S
CVE-2024-7103 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow
S
CVE-2024-7104 Remote Code Execution in SFS Consulting's ww.Winsure
CVE-2024-7105 ForIP Tecnologia Administração PABX Lista Ura Page detalheIdUra sql injection
E
CVE-2024-7106 Spina CMS media_folders cross-site request forgery
E
CVE-2024-7107 Directory Traversal in National Keep's CyberMath
CVE-2024-7108 Incorrect Authorization in National Keep's CyberMath
CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
S
CVE-2024-7112 Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection
S
CVE-2024-7113 Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server
S
CVE-2024-7114 Tianchoy Blog so.php sql injection
E
CVE-2024-7115 MD-MAFUJUL-HASAN Online-Payroll-Management-System designation_viewmore.php sql injection
E
CVE-2024-7116 MD-MAFUJUL-HASAN Online-Payroll-Management-System branch_viewmore.php sql injection
E
CVE-2024-7117 MD-MAFUJUL-HASAN Online-Payroll-Management-System shift_viewmore.php sql injection
E
CVE-2024-7118 MD-MAFUJUL-HASAN Online-Payroll-Management-System department_viewmore.php sql injection
E
CVE-2024-7119 MD-MAFUJUL-HASAN Online-Payroll-Management-System employee_viewmore.php sql injection
E
CVE-2024-7120 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection
E
CVE-2024-7121 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-7122 Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-7123 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-7124 Reflected XSS in DInGO dLibra
CVE-2024-7125 Authentication Bypass Vulnerability in Hitachi Ops Center Common Services
CVE-2024-7127 XSS in Stackposts - Social Marketing Tool
CVE-2024-7128 Openshift-console: unauthenticated data exposure
M
CVE-2024-7129 Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE
E
CVE-2024-7130 Reflected XSS in Kion Computer's KION Exchange Programs Software
CVE-2024-7131 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7132 CoBlocks < 3.1.13 - Editor+ Stored XSS
E
CVE-2024-7133 My Sticky Bar < 2.7.3 - Admin+ Stored XSS
E
CVE-2024-7134 LiquidPoll <= 3.3.78 - Unauthenticated Stored Cross-Site Scripting via form_data Parameter
CVE-2024-7135 Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
S
CVE-2024-7136 JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-7137 Denial of Service in Silicon Labs RS9116 Bluetooth SDK
CVE-2024-7138 Denial of Service in Silicon Labs RS9116 Bluetooth SDK
CVE-2024-7139 Denial of Service in Silicon Labs RS9116 Bluetooth SDK
CVE-2024-7141 CSRF in Gliffy
CVE-2024-7142 On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
S
CVE-2024-7143 Pulpcore: rbac permissions incorrectly assigned in tasks that create objects
CVE-2024-7144 JetElements <= 2.6.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-7145 JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion
CVE-2024-7146 JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion
CVE-2024-7147 JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-7149 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion
S
CVE-2024-7150 Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter
S
CVE-2024-7151 Tenda O3 setMacFilter fromMacFilterSet stack-based overflow
E
CVE-2024-7152 Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow
E
CVE-2024-7153 Netgear WN604 siteSurvey.php direct request
E
CVE-2024-7154 TOTOLINK A3700R Password Reset wizard.html access control
E
CVE-2024-7155 TOTOLINK A3300R shadow.sample hard-coded password
E
CVE-2024-7156 TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure
E
CVE-2024-7157 TOTOLINK A3100R getSaveConfig buffer overflow
E
CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection
E
CVE-2024-7159 TOTOLINK A3600R Telnet Service product.ini hard-coded password
E
CVE-2024-7160 TOTOLINK A3700R cstecgi.cgi setWanCfg command injection
E
CVE-2024-7161 SeaCMS Password Change cross-site request forgery
E
CVE-2024-7162 SeaCMS cross site scripting
E
CVE-2024-7163 SeaCMS index.php cross site scripting
E
CVE-2024-7164 SourceCodester School Fees Payment System sql injection
E
CVE-2024-7165 SourceCodester School Fees Payment System view_payment.php sql injection
E
CVE-2024-7166 SourceCodester School Fees Payment System receipt.php sql injection
E
CVE-2024-7167 SourceCodester School Fees Payment System manage_course.php sql injection
E
CVE-2024-7168 SourceCodester School Fees Payment System manage_user.php sql injection
E
CVE-2024-7169 SourceCodester School Fees Payment System ajax.php cross-site request forgery
E
CVE-2024-7170 TOTOLINK A3000RU product.ini hard-coded password
E
CVE-2024-7171 TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection
E
CVE-2024-7172 TOTOLINK A3600R getSaveConfig buffer overflow
E
CVE-2024-7173 TOTOLINK A3600R cstecgi.cgi loginauth buffer overflow
E
CVE-2024-7174 TOTOLINK A3600R cstecgi.cgi setdeviceName buffer overflow
E
CVE-2024-7175 TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection
E
CVE-2024-7176 TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow
E
CVE-2024-7177 TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow
E
CVE-2024-7178 TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow
E
CVE-2024-7179 TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow
E
CVE-2024-7180 TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow
E
CVE-2024-7181 TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection
E
CVE-2024-7182 TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow
E S
CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow
E
CVE-2024-7184 TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow
E
CVE-2024-7185 TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow
E
CVE-2024-7186 TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow
E
CVE-2024-7187 TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow
E
CVE-2024-7188 Bylancer Quicklancer GET Parameter listing sql injection
E
CVE-2024-7189 itsourcecode Online Food Ordering System editproduct.php unrestricted upload
E
CVE-2024-7190 itsourcecode Society Management System get_price.php sql injection
E
CVE-2024-7191 itsourcecode Society Management System get_balance.php sql injection
E
CVE-2024-7192 itsourcecode Society Management System student.php unrestricted upload
E
CVE-2024-7193 Mp3tag DLL tak_deco_lib.dll uncontrolled search path
E S
CVE-2024-7194 itsourcecode Society Management System check_student.php sql injection
E
CVE-2024-7195 itsourcecode Society Management System check_admin.php sql injection
E
CVE-2024-7196 SourceCodester Complaints Report Management System sql injection
E
CVE-2024-7197 SourceCodester Complaints Report Management System manage_complaint.php sql injection
E
CVE-2024-7198 SourceCodester Complaints Report Management System manage_station.php sql injection
E
CVE-2024-7199 SourceCodester Complaints Report Management System manage_user.php sql injection
E
CVE-2024-7200 SourceCodester Complaints Report Management System cross site scripting
E
CVE-2024-7201 Simopro Technology WinMatrix3 Web package - SQL Injection
S
CVE-2024-7202 Simopro Technology WinMatrix3 Web package - SQL Injection
S
CVE-2024-7203 A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4....
CVE-2024-7204 Ai3 QbiBot - Stored XSS
S
CVE-2024-7205 sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user
S
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass
S
CVE-2024-7207 Rejected reason: Duplicate of CVE-2024-45806....
R
CVE-2024-7208 CVE-2024-7208
CVE-2024-7209 CVE-2024-7209
CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
CVE-2024-7212 TOTOLINK A7000R cstecgi.cgi loginauth buffer overflow
E
CVE-2024-7213 TOTOLINK A7000R cstecgi.cgi setWizardCfg buffer overflow
E
CVE-2024-7214 TOTOLINK LR350 cstecgi.cgi setWanCfg command injection
E
CVE-2024-7215 TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection
E
CVE-2024-7216 TOTOLINK LR1200 shadow.sample hard-coded password
E
CVE-2024-7217 TOTOLINK CA300-PoE cstecgi.cgi loginauth buffer overflow
E
CVE-2024-7218 SourceCodester School Log Management System cross site scripting
E
CVE-2024-7219 SourceCodester School Log Management System sql injection
E
CVE-2024-7220 SourceCodester School Log Management System print_barcode.php sql injection
E
CVE-2024-7221 SourceCodester School Log Management System manage_user.php sql injection
E
CVE-2024-7222 SourceCodester Lot Reservation Management System home.php sql injection
E
CVE-2024-7223 SourceCodester Lot Reservation Management System view_model.php sql injection
E
CVE-2024-7224 SourceCodester Lot Reservation Management System lot_details.php sql injection
E
CVE-2024-7225 SourceCodester Insurance Management System Edit Insurance Policy Page update_policy cross site scripting
E
CVE-2024-7226 SourceCodester Medicine Tracker System Password Change cross-site request forgery
E
CVE-2024-7227 Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7228 Avast Free Antivirus Link Following Denial-of-Service Vulnerability
CVE-2024-7229 Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
CVE-2024-7230 Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
CVE-2024-7231 Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
CVE-2024-7232 Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7233 Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7234 AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7235 AVG AntiVirus Free Link Following Denial-of-Service Vulnerability
CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability
CVE-2024-7237 AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7238 VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7239 VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability
CVE-2024-7240 F-Secure Total Link Following Local Privilege Escalation Vulnerability
CVE-2024-7241 Panda Security Dome Link Following Local Privilege Escalation Vulnerability
CVE-2024-7242 Panda Security Dome Link Following Local Privilege Escalation Vulnerability
CVE-2024-7243 Panda Security Dome Link Following Local Privilege Escalation Vulnerability
CVE-2024-7244 Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability
CVE-2024-7245 Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-7246 HPACK table poisoning in gRPC C++, Python & Ruby
E S
CVE-2024-7247 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets
S
CVE-2024-7248 Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability
CVE-2024-7249 Comodo Firewall Link Following Local Privilege Escalation Vulnerability
CVE-2024-7250 Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability
CVE-2024-7251 Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability
CVE-2024-7252 Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability
CVE-2024-7253 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite
S
CVE-2024-7255 Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker...
CVE-2024-7256 Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a re...
E
CVE-2024-7257 YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function
CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
S
CVE-2024-7259 Ovirt-engine: potential exposure of cleartext provider passwords via web ui
M
CVE-2024-7260 Keycloak-core: open redirect on account page
CVE-2024-7261 The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel ...
CVE-2024-7262 Arbitrary Code Execution in WPS Office
KEV S
CVE-2024-7263 Arbitrary Code Execution in WPS Office
S
CVE-2024-7264 ASN.1 date parser overread
E
CVE-2024-7265 Privilege Escalation in EZD RP
CVE-2024-7266 Users listing in EZD RP
CVE-2024-7267 Internal infrastructure data leak in EZD RP
CVE-2024-7269 Stored XSS in ConnX ESP HR Management
CVE-2024-7272 FFmpeg swresample.c fill_audiodata heap-based overflow
E
CVE-2024-7273 itsourcecode Alton Management System search.php sql injection
E
CVE-2024-7274 itsourcecode Alton Management System reservation_status.php sql injection
E
CVE-2024-7275 itsourcecode Alton Management System category_save.php sql injection
E
CVE-2024-7276 itsourcecode Alton Management System member_save.php sql injection
E
CVE-2024-7277 itsourcecode Alton Management System Add a Menu menu.php unrestricted upload
E
CVE-2024-7278 itsourcecode Alton Management System team_save.php sql injection
E
CVE-2024-7279 SourceCodester Lot Reservation Management System sql injection
E
CVE-2024-7280 SourceCodester Lot Reservation Management System view_reserved.php sql injection
E
CVE-2024-7281 SourceCodester Lot Reservation Management System sql injection
E
CVE-2024-7282 SourceCodester Lot Reservation Management System manage_model.php sql injection
E
CVE-2024-7283 SourceCodester Lot Reservation Management System manage_user.php sql injection
E
CVE-2024-7284 SourceCodester Lot Reservation Management System cross site scripting
E
CVE-2024-7285 SourceCodester Establishment Billing Management System cross site scripting
E
CVE-2024-7286 SourceCodester Establishment Billing Management System Login sql injection
E
CVE-2024-7287 SourceCodester Establishment Billing Management System manage_user.php sql injection
E
CVE-2024-7288 SourceCodester Establishment Billing Management System sql injection
E
CVE-2024-7289 SourceCodester Establishment Billing Management System manage_payment.php sql injection
E
CVE-2024-7290 SourceCodester Establishment Billing Management System manage_tenant.php sql injection
E
CVE-2024-7291 JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
CVE-2024-7292 Account Controller allows high count of login attempts
CVE-2024-7293 Password policy for new users is not strong enough
CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints
CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption
CVE-2024-7296 Incorrect Authorization in GitLab
E S
CVE-2024-7297 Langflow Privilege Escalation
CVE-2024-7298 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7299 Bolt CMS Entry Preview page cross site scripting
E
CVE-2024-7300 Bolt CMS Showcase Creation showcases cross site scripting
E
CVE-2024-7301 WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-7302 Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload
S
CVE-2024-7303 itsourcecode Online Blood Bank Management System Send Blood Request Page request.php cross site scripting
E
CVE-2024-7304 Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-7305 DWF Vulnerability in Autodesk Desktop Software
CVE-2024-7306 SourceCodester Establishment Billing Management System manage_block.php sql injection
E
CVE-2024-7307 SourceCodester Establishment Billing Management System manage_billing.php sql injection
E
CVE-2024-7308 SourceCodester Establishment Billing Management System view_bill.php sql injection
E
CVE-2024-7309 SourceCodester Record Management System entry.php cross site scripting
E
CVE-2024-7310 SourceCodester Record Management System sort_user.php cross site scripting
E
CVE-2024-7311 code-projects Online Bus Reservation Site register.php sql injection
E
CVE-2024-7312 REST Interface Link Redirection via Host parameter
CVE-2024-7313 Shield Security < 20.0.6 - Reflected XSS
E
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass
E S
CVE-2024-7315 Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure
E
CVE-2024-7316 Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series
CVE-2024-7317 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-7318 Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity
CVE-2024-7319 Openstack-heat: incomplete fix for cve-2023-1625
CVE-2024-7320 itsourcecode Online Blood Bank Management System Admin Login index.php sql injection
E
CVE-2024-7321 itsourcecode Online Blood Bank Management System User Registration signup.php cross site scripting
E
CVE-2024-7322 Dos in ZigBee device due to unsolicited encrypted rejoin response
CVE-2024-7323 Digiwin EasyFlow .NET - Arbitrary File Download
S
CVE-2024-7324 IObit iTop Data Recovery Pro BPL madbasic_.bpl uncontrolled search path
CVE-2024-7325 IObit Driver Booster BPL VCL120.BPL uncontrolled search path
CVE-2024-7326 IObit DualSafe Password Manager BPL RTL120.BPL uncontrolled search path
E
CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection
E
CVE-2024-7328 YouDianCMS information disclosure
E
CVE-2024-7329 YouDianCMS image_upload.php unrestricted upload
E
CVE-2024-7330 YouDianCMS ydLib.php curl_exec server-side request forgery
E
CVE-2024-7331 TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow
E
CVE-2024-7332 TOTOLINK CP450 Telnet Service product.ini hard-coded password
E
CVE-2024-7333 TOTOLINK N350RT cstecgi.cgi setParentalRules buffer overflow
E
CVE-2024-7334 TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow
E
CVE-2024-7335 TOTOLINK EX200 getSaveConfig buffer overflow
E
CVE-2024-7336 TOTOLINK EX200 cstecgi.cgi loginauth buffer overflow
E
CVE-2024-7337 TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow
E
CVE-2024-7338 TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow
E
CVE-2024-7339 TVT DVR TD-2104TS-CL queryDevInfo information disclosure
E
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
S
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
M
CVE-2024-7342 Baidu UEditor unrestricted upload
E
CVE-2024-7343 Baidu UEditor cross site scripting
E
CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
E S
CVE-2024-7345 Direct local client connections to MS Agents can bypass authentication
S
CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
S
CVE-2024-7347 NGINX MP4 module vulnerability
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL
CVE-2024-7349 LifterLMS <= 7.7.5 - Authenticated (Admin+) SQL Injection
S
CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover
CVE-2024-7351 Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection
S
CVE-2024-7352 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-7353 Accept Stripe Payments <= 2.0.86 - Authenticated (Contributor+) Stored Cross-Site Scripting via accept_stripe_payment_ng Shortcode
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
E
CVE-2024-7355 Organization chart <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters
S
CVE-2024-7356 Zephyr Project Manager <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter
S
CVE-2024-7357 D-Link DIR-600 soap.cgi soapcgi_main os command injection
E
CVE-2024-7358 Point B Ltd Getscreen Agent Installation getscreen.msi temp file
E
CVE-2024-7359 SourceCodester Tracking Monitoring Management System ajax.php cross site scripting
E
CVE-2024-7360 SourceCodester Tracking Monitoring Management System ajax.php cross-site request forgery
E
CVE-2024-7361 SourceCodester Tracking Monitoring Management System ajax.php sql injection
E
CVE-2024-7362 SourceCodester Tracking Monitoring Management System manage_user.php sql injection
E
CVE-2024-7363 SourceCodester Tracking Monitoring Management System manage_person.php sql injection
E
CVE-2024-7364 SourceCodester Tracking Monitoring Management System manage_records.php sql injection
E
CVE-2024-7365 SourceCodester Tracking Monitoring Management System manage_establishment.php sql injection
E
CVE-2024-7366 SourceCodester Tracking Monitoring Management System Login ajax.php sql injection
E
CVE-2024-7367 SourceCodester Simple Realtime Quiz System ajax.php cross-site request forgery
E
CVE-2024-7368 SourceCodester Simple Realtime Quiz System ajax.php cross site scripting
E
CVE-2024-7369 SourceCodester Simple Realtime Quiz System Login ajax.php sql injection
E
CVE-2024-7370 SourceCodester Simple Realtime Quiz System manage_quiz.php sql injection
E
CVE-2024-7371 SourceCodester Simple Realtime Quiz System quiz_view.php sql injection
E
CVE-2024-7372 SourceCodester Simple Realtime Quiz System quiz_board.php sql injection
E
CVE-2024-7373 SourceCodester Simple Realtime Quiz System ajax.php sql injection
E
CVE-2024-7374 SourceCodester Simple Realtime Quiz System manage_user.php sql injection
E
CVE-2024-7375 SourceCodester Simple Realtime Quiz System my_quiz_result.php sql injection
E
CVE-2024-7376 SourceCodester Simple Realtime Quiz System print_quiz_records.php sql injection
E
CVE-2024-7377 SourceCodester Simple Realtime Quiz System view_result.php sql injection
E
CVE-2024-7378 SourceCodester Simple Realtime Quiz System manage_question.php sql injection
E
CVE-2024-7380 Geo Controller <= 8.6.9 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion
CVE-2024-7381 Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution
CVE-2024-7382 Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure
CVE-2024-7383 Libnbd: nbd server improper certificate validation
CVE-2024-7384 AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function
S
CVE-2024-7385 WordPress Simple HTML Sitemap <= 3.1 - Authenticated (Admin+) SQL Injection
S
CVE-2024-7386 Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery
S
CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
M
CVE-2024-7388 WP Bannerize Pro <= 1.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting
CVE-2024-7389 Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure
E S
CVE-2024-7390 WP Testimonial Widget <= 3.0 - Missing Authorization
CVE-2024-7391 ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability
CVE-2024-7392 ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability
CVE-2024-7393 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()
S
CVE-2024-7395 Insufficient Authentication
CVE-2024-7396 Plaintext Communication
CVE-2024-7397 Unauthenticated Command Injection
CVE-2024-7398 Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature
S
CVE-2024-7399 Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Ser...
CVE-2024-7400 Local privilege escalation in ESET products for Windows
CVE-2024-7401 Client Enrollment Process Bypass
E S
CVE-2024-7402 Netskope Client Configuration Tampering with Local MITM
S
CVE-2024-7403 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7404 Improper Restriction of Rendered UI Layers or Frames in GitLab
E S
CVE-2024-7407 Weak password encoding in Streamsoft Prestiż
CVE-2024-7408 Information Disclosure Vulnerability in Airveda Air Quality Monitor
S
CVE-2024-7409 Qemu: denial of service via improper synchronization in qemu nbd server during socket closure
M
CVE-2024-7410 My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure
CVE-2024-7411 Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure
CVE-2024-7412 No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure
CVE-2024-7413 Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure
CVE-2024-7414 PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure
CVE-2024-7415 Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure
S
CVE-2024-7416 Reveal Template <= 3.7 - Unauthenticated Full Path Disclosure
CVE-2024-7417 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure
S
CVE-2024-7418 The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure
S
CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields
CVE-2024-7420 Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion
S
CVE-2024-7421 An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows all...
CVE-2024-7422 Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update
CVE-2024-7423 Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update
S
CVE-2024-7424 Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization
CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update
CVE-2024-7426 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.6.0 - Unauthenticated Full Path Disclosure
CVE-2024-7427 Potential Cross-Site Scripting vulnerability affect OpenText™ Network Node Manager i (NNMi).
S
CVE-2024-7428 Potential Open Redirect issues affect OpenText™ Network Node Manager i (NNMi).
S
CVE-2024-7429 Zotpress <= 7.3.12 - Missing Authorization
S
CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-7433 Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-7434 UltraPress <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-7435 Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection
S
CVE-2024-7436 D-Link DI-8100 msp_info.htm msp_info_htm command injection
E
CVE-2024-7437 SimpleMachines SMF Delete User index.php resource injection
E
CVE-2024-7438 SimpleMachines SMF User Alert Read Status index.php resource injection
E
CVE-2024-7439 Vivotek CC8160 httpd read stack-based overflow
E
CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection
CVE-2024-7441 Vivotek SD9364 httpd read stack-based overflow
E
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection
CVE-2024-7443 Vivotek IB8367A upload_file.cgi getenv command injection
CVE-2024-7444 itsourcecode Ticket Reservation System Login Page login.php sql injection
E
CVE-2024-7445 itsourcecode Ticket Reservation System checkout_ticket_save.php sql injection
E
CVE-2024-7446 itsourcecode Ticket Reservation System list_tickets.php sql injection
E
CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload
S
CVE-2024-7448 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
CVE-2024-7449 itsourcecode Placement Management System login.php sql injection
E
CVE-2024-7450 itsourcecode Placement Management System Image resume_upload.php unrestricted upload
E
CVE-2024-7451 itsourcecode Placement Management System apply_now.php sql injection
E
CVE-2024-7452 itsourcecode Placement Management System view_company.php sql injection
E
CVE-2024-7453 FastAdmin Attachment Management Section 4 cross site scripting
E
CVE-2024-7454 SourceCodester Clinics Patient Management System patients.php patient_name sql injection
E
CVE-2024-7455 itsourcecode Tailoring Management System partedit.php sql injection
E
CVE-2024-7456 SQL Injection in lunary-ai/lunary
E
CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences
CVE-2024-7458 elunez eladmin Database Management/Deployment Management upload path traversal
E
CVE-2024-7459 OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery
E
CVE-2024-7460 OSWAPP Warehouse Inventory System change_password.php cross-site request forgery
E
CVE-2024-7461 ForIP Tecnologia Administração PABX monitcallcenter authMonitCallcenter sql injection
E
CVE-2024-7462 TOTOLINK N350RT cstecgi.cgi setWizardCfg buffer overflow
E
CVE-2024-7463 TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow
E
CVE-2024-7464 TOTOLINK CP900 Telnet Service setTelnetCfg command injection
E
CVE-2024-7465 TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow
E
CVE-2024-7466 PMWeb Web Application Firewall cross site scripting
E
CVE-2024-7467 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_ip_network.php sslvpn_config_mod os command injection
E
CVE-2024-7468 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_service_manage.php sslvpn_config_mod os command injection
E
CVE-2024-7469 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_vpn_web_custom.php sslvpn_config_mod os command injection
E
CVE-2024-7470 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface vpn_template_style.php sslvpn_config_mod os command injection
E
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
E S
CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary
E S
CVE-2024-7474 IDOR in lunary-ai/lunary
E S
CVE-2024-7475 Improper Access Control in lunary-ai/lunary
E S
CVE-2024-7476 Broken Access Control in lunary-ai/lunary
E S
CVE-2024-7477 Avaya Aura System Manager SQL injection vulnerability
CVE-2024-7479 Improper signature verification of VPN driver installation in TeamViewer Remote Clients
S
CVE-2024-7480 Improper access control in Avaya Aura System Manager
CVE-2024-7481 Improper signature verification of Printer driver installation in TeamViewer Remote Clients
S
CVE-2024-7484 CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
S
CVE-2024-7485 Traffic Manager <= 1.4.5 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-7486 MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-7487 Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication
S
CVE-2024-7488 Business Logic Error in RestApp Inc.'s Online Ordering System
CVE-2024-7489 Forms for Mailchimp by Optin Cat <= 2.5.6 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters
CVE-2024-7490 Remote Code Execution in Advanced Software Framework DHCP server
S
CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe
S
CVE-2024-7492 MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update
S
CVE-2024-7493 WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta
CVE-2024-7494 SourceCodester Clinics Patient Management System new_prescription.php sql injection
E
CVE-2024-7495 itsourcecode Laravel Accounting System HomeController.php unrestricted upload
E
CVE-2024-7496 itsourcecode Airline Reservation System index.php file inclusion
E
CVE-2024-7497 itsourcecode Airline Reservation System index.php file inclusion
E
CVE-2024-7498 itsourcecode Airline Reservation System Admin Login Page login.php login2 sql injection
E
CVE-2024-7499 itsourcecode Airline Reservation System flights.php sql injection
E
CVE-2024-7500 itsourcecode Airline Reservation System admin_class.php save_settings unrestricted upload
E
CVE-2024-7501 Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery
CVE-2024-7502 Delta Electronics DIAScreen Stack-Based Buffer Overflow
S
CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover
CVE-2024-7505 itsourcecode Bike Delivery System contact_us_action.php sql injection
E
CVE-2024-7506 itsourcecode Tailoring Management System setlogo.php unrestricted upload
E
CVE-2024-7507 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation
S
CVE-2024-7508 Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-7509 Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-7510 Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-7511 Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-7512 Concrete CMS Stored XSS in Board instances
CVE-2024-7513 Rockwell Automation FactoryTalk® View Site Edition Code Execution Vulnerability via File Permissions
S
CVE-2024-7514 WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal
CVE-2024-7515 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation
S
CVE-2024-7516 Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
CVE-2024-7517 Privileged escalation via crafted use of portcfg command
CVE-2024-7518 Select options could obscure the fullscreen notification dialog. This could be used by a malicious s...
CVE-2024-7519 Insufficient checks when processing graphics shared memory could have led to memory corruption. This...
CVE-2024-7520 A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code ex...
CVE-2024-7521 Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affe...
CVE-2024-7522 Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This v...
CVE-2024-7523 A select option could partially obscure security prompts. This could be used by a malicious site to ...
CVE-2024-7524 Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking ...
CVE-2024-7525 It was possible for a web extension with minimal permissions to create a `StreamFilter` which could ...
CVE-2024-7526 ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be...
CVE-2024-7527 Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerabil...
CVE-2024-7528 Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulne...
CVE-2024-7529 The date picker could partially obscure security prompts. This could be used by a malicious site to ...
CVE-2024-7530 Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affe...
CVE-2024-7531 Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can resu...
CVE-2024-7532 Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attack...
CVE-2024-7533 Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker t...
CVE-2024-7534 Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to ...
CVE-2024-7535 Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker...
CVE-2024-7536 Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to pote...
CVE-2024-7537 oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-7538 oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability
CVE-2024-7539 oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability
CVE-2024-7540 oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability
CVE-2024-7541 oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability
CVE-2024-7542 oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability
CVE-2024-7543 oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
CVE-2024-7544 oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
CVE-2024-7545 oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
CVE-2024-7546 oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
CVE-2024-7547 oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability
CVE-2024-7548 LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter
S
CVE-2024-7550 Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentiall...
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal
E
CVE-2024-7552 DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection
E
CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation
CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
S
CVE-2024-7556 Wordpress Simple Share Plugin <=0.5.3 - Admin+ XSS
E
CVE-2024-7557 Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai
M
CVE-2024-7558 JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju c...
E S
CVE-2024-7559 File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-7560 News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection
CVE-2024-7561 The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-7562 A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setup...
CVE-2024-7564 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
CVE-2024-7565 SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability
CVE-2024-7566 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7567 Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port
S
CVE-2024-7568 Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion
S
CVE-2024-7569 An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 ...
S
CVE-2024-7570 Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earl...
S
CVE-2024-7571 Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated atta...
CVE-2024-7572 Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attac...
CVE-2024-7573 Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection
CVE-2024-7574 Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
S
CVE-2024-7575 Improper neutralization special element in hyperlinks
CVE-2024-7576 Progress UI for WPF format provider unsafe deserialization vulnerability
CVE-2024-7577 IBM InfoSphere Information Server information disclosure
CVE-2024-7578 Alien Technology ALR-F800 cmd.php improper authorization
E
CVE-2024-7579 Alien Technology ALR-F800 File Name upgrade.cgi popen os command injection
E
CVE-2024-7580 Alien Technology ALR-F800 system.html os command injection
E
CVE-2024-7581 Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow
E
CVE-2024-7582 Tenda i22 apPortalAccessCodeAuth formApPortalAccessCodeAuth buffer overflow
E
CVE-2024-7583 Tenda i22 apPortalOneKeyAuth formApPortalOneKeyAuth buffer overflow
E
CVE-2024-7584 Tenda i22 apPortalPhoneAuth formApPortalPhoneAuth buffer overflow
E
CVE-2024-7585 Tenda i22 apPortalAuth formApPortalWebAuth buffer overflow
E
CVE-2024-7586 Insertion of Sensitive Information into Log File in GitLab
S
CVE-2024-7587 Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64
M
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
CVE-2024-7589 OpenSSH pre-authentication async signal safety issue
CVE-2024-7590 WordPress Spectra – WordPress Gutenberg Blocks plugin<= 2.14.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
S
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
E S
CVE-2024-7593 Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or ...
KEV S
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet
CVE-2024-7596 Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
CVE-2024-7599 Advanced Sermons <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-7600 Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability
CVE-2024-7601 Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability
CVE-2024-7602 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
CVE-2024-7603 Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability
CVE-2024-7604 Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability
CVE-2024-7605 HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update
S
CVE-2024-7606 Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-7607 Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection
S
CVE-2024-7608 An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path t...
CVE-2024-7609 Directory Traversal in Vidco Software's VOC TESTER
CVE-2024-7610 Uncontrolled Resource Consumption in GitLab
S
CVE-2024-7611 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget
CVE-2024-7612 Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify s...
CVE-2024-7613 Tenda FH1206 GstDhcpSetSer fromGstDhcpSetSer buffer overflow
E
CVE-2024-7614 Tenda FH1206 qossetting fromqossetting stack-based overflow
E
CVE-2024-7615 Tenda FH1206 fromSafeUrlFilter stack-based overflow
E
CVE-2024-7616 Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
CVE-2024-7617 Contact Form to Any API <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form
CVE-2024-7618 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter
CVE-2024-7619 Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This c...
R
CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import
S
CVE-2024-7621 Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-7622 Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
S
CVE-2024-7624 Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation
S
CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
CVE-2024-7626 WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read
S
CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition
S
CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover
S
CVE-2024-7629 Responsive Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-7630 Relevanssi <= 4.22.2 - Unauthenticated Information Exposure
S
CVE-2024-7631 Openshift-console: openshift console: path traversal
M
CVE-2024-7633 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2024-7634 NGINX Agent Vulnerability
CVE-2024-7635 code-projects Simple Ticket Booking Registration register_insert.php sql injection
E
CVE-2024-7636 code-projects Simple Ticket Booking Login authenticate.php sql injection
E
CVE-2024-7637 code-projects Online Polling Registration registeracc.php sql injection
E
CVE-2024-7638 SourceCodester Kortex Lite Advocate Office Management System delete_client.php sql injection
E
CVE-2024-7639 SourceCodester Kortex Lite Advocate Office Management System delete_act.php sql injection
E
CVE-2024-7640 SourceCodester Kortex Lite Advocate Office Management System delete_register.php sql injection
E
CVE-2024-7641 SourceCodester Kortex Lite Advocate Office Management System deactivate_act.php sql injection
E
CVE-2024-7642 SourceCodester Kortex Lite Advocate Office Management System activate_act.php sql injection
E
CVE-2024-7643 SourceCodester Leads Manager Tool Delete Leads delete-leads.php sql injection
E
CVE-2024-7644 SourceCodester Leads Manager Tool Add Leads add-leads.php cross site scripting
E
CVE-2024-7645 SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery
E
CVE-2024-7646 A security issue was discovered in ingress-nginx where an actor with permission to create Ingress ob...
S
CVE-2024-7647 OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-7648 Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
CVE-2024-7649 Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-7650 Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4
S
CVE-2024-7651 App Builder – Create Native Android & iOS Apps On The Flight <= 4.2.6 - Unauthenticated Limited SQL Injection via app-builder-search
S
CVE-2024-7652 An error in the ECMA-262 specification relating to Async Generators could have resulted in a type co...
CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service
S
CVE-2024-7655 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-7656 Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection
CVE-2024-7657 Gila CMS HTTP POST Request page cross site scripting
CVE-2024-7658 projectsend process.php get_preview resource injection
S
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
S
CVE-2024-7660 SourceCodester File Manager App Add File cross site scripting
E
CVE-2024-7661 SourceCodester Car Driving School Management System index.php save_users cross-site request forgery
E
CVE-2024-7662 SourceCodester Car Driving School Management System manag_package.php save_package cross-site request forgery
E
CVE-2024-7663 SourceCodester Car Driving School Management System manage_user.php sql injection
E
CVE-2024-7664 SourceCodester Car Driving School Management System view_details.php sql injection
E
CVE-2024-7665 SourceCodester Car Driving School Management System manage_package.php sql injection
E
CVE-2024-7666 SourceCodester Car Driving School Management System view_package.php sql injection
E
CVE-2024-7667 SourceCodester Car Driving School Management System User.php delete_users sql injection
E
CVE-2024-7668 SourceCodester Car Driving School Management System Master.php delete_package sql injection
E
CVE-2024-7669 SourceCodester Car Driving School Management System Master.php delete_enrollment sql injection
E
CVE-2024-7670 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-7671 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-7672 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-7673 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-7674 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-7675 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-7676 Sourcecodester Car Driving School Management System Master.php save_package sql injection
E
CVE-2024-7677 SourceCodester Car Driving School Management System SystemSettings.php update_settings_info cross site scripting
E
CVE-2024-7678 SourceCodester Car Driving School Management System Master.php cross site scripting
E
CVE-2024-7679 Improper neutralization special element in hyperlinks
CVE-2024-7680 itsourcecode Tailoring Management System incedit.php sql injection
E
CVE-2024-7681 code-projects College Management System Login Page login.php sql injection
E
CVE-2024-7682 code-projects Job Portal rw_i_nat.php sql injection
E
CVE-2024-7683 SourceCodester Kortex Lite Advocate Office Management System addcase_stage.php cross site scripting
E
CVE-2024-7684 SourceCodester Kortex Lite Advocate Office Management System add_act.php cross site scripting
E
CVE-2024-7685 SourceCodester Kortex Lite Advocate Office Management System adds.php cross site scripting
E
CVE-2024-7686 SourceCodester Kortex Lite Advocate Office Management System register_case.php cross site scripting
E
CVE-2024-7687 AZIndex <= 0.8.1 - Stored XSS via CSRF
E
CVE-2024-7688 AZIndex <= 0.8.1 - Index Deletion via CSRF
E
CVE-2024-7689 Snapshot Backup <= 2.1.1 - Stored XSS via CSRF
E
CVE-2024-7690 DN Popup <= 1.2.2 - Settings Update via CSRF
E
CVE-2024-7691 Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS
E
CVE-2024-7692 Flaming Forms <= 1.0.1 - Reflected XSS
E
CVE-2024-7693 Team Johnlong software Raiden MAILD Remote Management System - Arbitrary File Reading through Path Traversal
S
CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload
S
CVE-2024-7695 Out-of-bounds Write Vulnerability
S
CVE-2024-7696 Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for ...
CVE-2024-7697 Logical vulnerability in com.transsion.carlcare
CVE-2024-7698 Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products
CVE-2024-7699 Phoenix Contact: OS command execution in MGUARD products
CVE-2024-7700 Foreman: command injection in "host init config" template via "install packages" field on foreman
CVE-2024-7701 Misuse of SHA256 to create an encryption key
M
CVE-2024-7702 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function
S
CVE-2024-7703 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-7704 Weaver e-cology Source Code ecology_dev.zip information disclosure
E
CVE-2024-7705 Fujian mwcms Image Upload uploadeditor.html uploadeditor unrestricted upload
E
CVE-2024-7706 Fujian mwcms uploadfile.html uploadimage unrestricted upload
E
CVE-2024-7707 Tenda FH1206 HTTP POST Request SafeEmailFilter formSafeEmailFilter stack-based overflow
E
CVE-2024-7709 OcoMon URL require_access_recovery.php cross site scripting
S
CVE-2024-7711 An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an att...
CVE-2024-7712 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7713 AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure
E
CVE-2024-7714 AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
E
CVE-2024-7715 D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection
E
CVE-2024-7716 GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS
E
CVE-2024-7717 WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection
CVE-2024-7720 HP Security Manager - Potential Remote Code Execution
CVE-2024-7721 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
S
CVE-2024-7722 Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability
CVE-2024-7723 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
CVE-2024-7724 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
CVE-2024-7725 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
CVE-2024-7726 Arbitrary Code execution via exposed JTAG port in Kioxia CM6, PM6, PM7
E
CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler
S
CVE-2024-7728 CAYIN Technology CMS - OS Command Injection
S
CVE-2024-7729 CAYIN Technology CMS - Sensitive File Download
S
CVE-2024-7730 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()
CVE-2024-7731 SECOM Dr.ID Access control system - SQL injection
S
CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload
S
CVE-2024-7733 FastCMS New Article Category Page cross site scripting
E
CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.
M
CVE-2024-7735 SQLi in Exnet Informatics Software's Ferry Reservation System
CVE-2024-7736 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-7737 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-7738 yzane vscode-markdown-pdf Markdown File pathname traversal
E
CVE-2024-7739 yzane vscode-markdown-pdf cross site scripting
E
CVE-2024-7740 wanglongcn ltcms API Endpoint download server-side request forgery
E
CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal
E
CVE-2024-7742 wanglongcn ltcms API Endpoint multiDownload server-side request forgery
E
CVE-2024-7743 wanglongcn ltcms API Endpoint downloadUrl server-side request forgery
E
CVE-2024-7744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
CVE-2024-7746 Use of default credentials at Traccar fleet management solution
CVE-2024-7747 Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types
S
CVE-2024-7748 SourceCodester Accounts Manager App delete-account.php sql injection
E
CVE-2024-7749 SourceCodester Accounts Manager App add-account.php cross site scripting
E
CVE-2024-7750 SourceCodester Clinics Patient Management System medicines.php sql injection
E
CVE-2024-7751 SourceCodester Clinics Patient Management System update_medicine.php sql injection
E
CVE-2024-7752 SourceCodester Clinics Patient Management System update_medicine.php cross site scripting
E
CVE-2024-7753 SourceCodester Clinics Patient Management System user_images direct request
E
CVE-2024-7754 SourceCodester Clinics Patient Management System check_medicine_name.php sql injection
E
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
S
CVE-2024-7756 A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a...
S
CVE-2024-7757 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7758 Stylish Price List < 7.1.8 - Contributor+ Stored XSS
E
CVE-2024-7759 PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS
E
CVE-2024-7760 CSRF in aimhubio/aim
E
CVE-2024-7761 Simple Job Board < 2.12.2 - Admin+ Stored XSS
E
CVE-2024-7762 Simple Job Board < 2.12.6 - Unauthenticated Resumes Download
E
CVE-2024-7763 WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability
CVE-2024-7764 SQL Injection in vanna-ai/vanna
CVE-2024-7765 Denial of Service in h2oai/h2o-3
E
CVE-2024-7766 Adicon Server <= 1.2 - Admin+ SQL Injection
E
CVE-2024-7767 Improper Access Control in danswer-ai/danswer
E
CVE-2024-7768 Denial of Service in h2oai/h2o-3
E
CVE-2024-7769 Wordpress Clicksold IDX Plugin <= 1.90 - Admin+ XSS
E
CVE-2024-7770 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2024-7771 Denial of Service in mintplex-labs/anything-llm
E S
CVE-2024-7772 Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
S
CVE-2024-7773 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-7774 Path Traversal in langchain-ai/langchainjs
E S
CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
S
CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx
E
CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion
S
CVE-2024-7778 Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-7779 ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer
CVE-2024-7780 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection
S
CVE-2024-7781 Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
S
CVE-2024-7782 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion
S
CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm
E S
CVE-2024-7784 During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the pro...
CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System
CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak
E
CVE-2024-7787 Reflected XSS in ITG Computer Technology's vSRM Supplier Relationship Management System
CVE-2024-7788 Signatures in "repair mode" should not be trusted
CVE-2024-7790 DevikaAI Stored Cross-Site Scripting
E
CVE-2024-7791 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget
S
CVE-2024-7792 SourceCodester Task Progress Tracker delete-task.php sql injection
E
CVE-2024-7793 SourceCodester Task Progress Tracker add-task.php cross site scripting
E
CVE-2024-7794 itsourcecode Vehicle Management System mybill.php sql injection
E
CVE-2024-7795 Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-7797 SourceCodester Simple Online Bidding System ajax.php sql injection
E
CVE-2024-7798 SourceCodester Simple Online Bidding System ajax.php sql injection
E
CVE-2024-7799 SourceCodester Simple Online Bidding System users.php improper authorization
E
CVE-2024-7800 SourceCodester Simple Online Bidding System ajax.php sql injection
E
CVE-2024-7801 SQL injection in get_chart_data in TimeProvider 4100
E M
CVE-2024-7803 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-7804 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7805 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7806 Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui
E
CVE-2024-7807 Denial of Service (DOS) in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-7808 code-projects Job Portal logindbc.php sql injection
E
CVE-2024-7809 SourceCodester Online Graduate Tracer System nbproject exposure of information through directory listing
E
CVE-2024-7810 SourceCodester Online Graduate Tracer System view_itprofile.php sql injection
E
CVE-2024-7811 SourceCodester Daily Expenses Monitoring App delete-expense.php sql injection
E
CVE-2024-7812 SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting
E
CVE-2024-7813 SourceCodester Prison Management System Profile Image insufficiently protected credentials
E
CVE-2024-7814 CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting
E
CVE-2024-7815 CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting
E
CVE-2024-7816 Gixaw Chat <= 1.0 - Stored XSS via CSRF
E
CVE-2024-7817 Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF
E
CVE-2024-7818 Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF
E
CVE-2024-7819 CORS Misconfiguration in danswer-ai/danswer
CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF
E
CVE-2024-7821 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7822 Quick Code <= 1.0 - Stored XSS via CSRF
E
CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump
CVE-2024-7825 Type confusion that can cause the WRSA.exe service to crash and generate a crash dump
CVE-2024-7826 Unhandled exception vulnerability that can cause the WRSA.exe service to crash and generate a crash dump
CVE-2024-7827 Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter
CVE-2024-7828 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_set_cover buffer overflow
E
CVE-2024-7829 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow
E
CVE-2024-7830 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_move_photo buffer overflow
E
CVE-2024-7831 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_get_cooliris buffer overflow
E
CVE-2024-7832 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_get_fullscreen_photos buffer overflow
E
CVE-2024-7833 D-Link DI-8100 upgrade_filter.asp upgrade_filter_asp command injection
E
CVE-2024-7834 Local privilege escalation in Overwolf
CVE-2024-7835 Reflected XSS in Exnet Informatics Software's Ferry Reservation System
CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication
CVE-2024-7837 SQLi in Firmanet Software's ERP
CVE-2024-7838 itsourcecode Online Food Ordering System addcategory.php sql injection
E
CVE-2024-7839 itsourcecode Billing System addbill.php sql injection
E
CVE-2024-7840 Improper neutralization special element in hyperlinks
CVE-2024-7841 SourceCodester Clinics Patient Management System check_user_name.php sql injection
E
CVE-2024-7842 SourceCodester Online Graduate Tracer System export_it.php information disclosure
E
CVE-2024-7843 SourceCodester Online Graduate Tracer System exportcs.php information disclosure
E
CVE-2024-7844 SourceCodester Online Graduate Tracer System add_acc.php cross site scripting
E
CVE-2024-7845 SourceCodester Online Graduate Tracer System fetch_it.php sql injection
E
CVE-2024-7846 YITH WooCommerce Ajax Search < 2.7.1 - Contributor+ Stored XSS
E
CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script
M
CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access
S
CVE-2024-7849 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_create_album buffer overflow
E
CVE-2024-7850 BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-7851 SourceCodester Yoga Class Registration System Add User Users.php improper authorization
E
CVE-2024-7852 SourceCodester Yoga Class Registration System view_inquiry.php cross site scripting
E
CVE-2024-7853 SourceCodester Yoga Class Registration System sql injection
E
CVE-2024-7854 Woo Inquiry <= 0.1 - Unauthenticated SQL Injection
CVE-2024-7855 WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
S
CVE-2024-7857 Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection
S
CVE-2024-7858 Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions
S
CVE-2024-7859 Visual Sound <= 1.03 - Settings Update via CSRF
E
CVE-2024-7860 Simple Headline Rotator <= 1.0 - Stored XSS via CSRF
E
CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF
E
CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF
E
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
E
CVE-2024-7864 Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF
E
CVE-2024-7865 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: T...
R
CVE-2024-7866 Stack overflow in Xpdf 4.05 due to object loop in PDF pattern
CVE-2024-7867 Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates
CVE-2024-7868 Uninitialized variable in Xpdf 4.05 due to invalid JPEG header
CVE-2024-7869 123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-7870 PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion
S
CVE-2024-7871 Huachu Easytest Online Learning Test Platform - SQL Injection
CVE-2024-7872 Sensetive Data Exposure in ExtremePACS' Extreme XDS
CVE-2024-7873 Stored XSS in Veribilim Software's Veribase Order Management
CVE-2024-7874 XSS in Tungsten Automation TotalAgility
CVE-2024-7875 XSS in Tungsten Automation TotalAgility
CVE-2024-7876 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
E
CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
E
CVE-2024-7878 WP ULike < 4.7.4 - Admin+ Stored XSS
E
CVE-2024-7879 WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets
E
CVE-2024-7880 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7881 An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of...
CVE-2024-7882 SQLi in Special Minds' e-Commerce
CVE-2024-7883 CMSE secure state may leak from stack to floating-point registers
S
CVE-2024-7884 Memory leak when calling a canister method via `ic_cdk::call`
S
CVE-2024-7885 Undertow: improper state management in proxy protocol parsing causes information leakage
CVE-2024-7886 Scooter Software Beyond Compare 7zxa.dll uncontrolled search path
CVE-2024-7887 LimeSurvey File Upload index.php denial of service
E
CVE-2024-7888 Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization
S
CVE-2024-7889 Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
CVE-2024-7890 Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
CVE-2024-7891 Floating Contact Button < 2.8 - Admin+ Stored XSS
E
CVE-2024-7892 adstxt Plugin <= 1.0.0 - Settings Update via CSRF
E
CVE-2024-7894 If Menu <= 0.19.1 - Missing Authorization to License Key Update
CVE-2024-7895 Beaver Builder (Lite Version) <= 2.8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter
S
CVE-2024-7896 Tosei Online Store Management System ネット店舗管理システム p1_ftpserver.php command injection
E
CVE-2024-7897 Tosei Online Store Management System ネット店舗管理システム tosei_kikai.php command injection
E
CVE-2024-7898 Tosei Online Store Management System ネット店舗管理システム Backend default credentials
E
CVE-2024-7899 InnoCMS Backend edit code injection
E
CVE-2024-7900 xiaohe4966 TpMeCMS Basic Configuration config cross site scripting
E
CVE-2024-7901 Scada-LTS Message Scada cross site scripting
CVE-2024-7902 pkp ojs signOut redirect
CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload
E
CVE-2024-7904 DedeBIZ File Extension file_manage_control.php unrestricted upload
E
CVE-2024-7905 DedeBIZ archives_do.php AdminUpload unrestricted upload
E
CVE-2024-7906 DedeBIZ Attachment Settings select_images_post.php get_mime_type unrestricted upload
E
CVE-2024-7907 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection
E
CVE-2024-7908 TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
E
CVE-2024-7909 TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
E
CVE-2024-7910 CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload
E
CVE-2024-7911 SourceCodester Simple Online Bidding System index.php file inclusion
E
CVE-2024-7912 CodeAstro Online Railway Reservation System assets exposure of information through directory listing
E
CVE-2024-7913 itsourcecode Billing System addclient1.php sql injection
E
CVE-2024-7914 SourceCodester Yoga Class Registration System SystemSettings.php cross site scripting
E
CVE-2024-7915 macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack
CVE-2024-7916 nafisulbari/itsourcecode Insurance Management System Add Nominee Page addNominee.php cross site scripting
E
CVE-2024-7917 DouPHP Favicon system.php unrestricted upload
E
CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS
E
CVE-2024-7919 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
E
CVE-2024-7920 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control
E
CVE-2024-7921 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
E
CVE-2024-7922 D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection
E
CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore
M
CVE-2024-7924 ZZCMS list.php path traversal
E
CVE-2024-7925 ZZCMS eginfo.php information disclosure
E
CVE-2024-7926 ZZCMS about_edit.php path traversal
E
CVE-2024-7927 ZZCMS class.php path traversal
E
CVE-2024-7928 FastAdmin lang path traversal
E
CVE-2024-7929 SourceCodester Simple Forum Website Signup Page registration.php cross site scripting
E
CVE-2024-7930 SourceCodester Clinics Patient Management System get_packings.php sql injection
E
CVE-2024-7931 SourceCodester Online Graduate Tracer System view_csprofile.php sql injection
E
CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x
CVE-2024-7933 itsourcecode Project Expense Monitoring System Backend Login login1.php sql injection
E
CVE-2024-7934 itsourcecode Project Expense Monitoring System execute.php sql injection
E
CVE-2024-7935 itsourcecode Project Expense Monitoring System print.php sql injection
E
CVE-2024-7936 itsourcecode Project Expense Monitoring System transferred_report.php sql injection
E
CVE-2024-7937 itsourcecode Project Expense Monitoring System printtransfer.php sql injection
E
CVE-2024-7938 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x
CVE-2024-7939 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x
CVE-2024-7940 The product exposes a service that is intended for local only to all network interfaces without any ...
CVE-2024-7941 An HTTP parameter may contain a URL value and could cause the web application to redirect the reques...
CVE-2024-7942 SourceCodester Leads Manager Tool update-leads.php cross site scripting
E S
CVE-2024-7943 itsourcecode Laravel Property Management System PropertiesController.php upload unrestricted upload
E
CVE-2024-7944 itsourcecode Laravel Property Management System DocumentsController.php UpdateDocumentsRequest unrestricted upload
E
CVE-2024-7945 itsourcecode Laravel Property Management System Notes Page create cross site scripting
E
CVE-2024-7946 itsourcecode Online Blood Bank Management System User Signup register.php sql injection
E
CVE-2024-7947 SourceCodester Point of Sales and Inventory Management System login.php sql injection
E
CVE-2024-7948 SourceCodester Accounts Manager App Update Account Page update-account.php cross site scripting
E S
CVE-2024-7949 SourceCodester Online Graduate Tracer System fetch_genderit.php sql injection
E
CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation
S
CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution
E
CVE-2024-7955 Starbox < 3.5.2 - Admin+ Stored XSS
E
CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer
CVE-2024-7958 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-7959 SSRF in open-webui/open-webui
E
CVE-2024-7960 Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®
S
CVE-2024-7961 Rockwell Automation Path Traversal Vulnerability in Pavilion8®
S
CVE-2024-7962 Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-7963 CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-7964 Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote atta...
CVE-2024-7965 Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker...
KEV
CVE-2024-7966 Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacke...
CVE-2024-7967 Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to p...
CVE-2024-7968 Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had...
CVE-2024-7969 Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potential...
CVE-2024-7970 Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to pote...
E
CVE-2024-7971 Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit he...
KEV E S
CVE-2024-7972 Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker...
CVE-2024-7973 Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to ...
CVE-2024-7974 Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote atta...
CVE-2024-7975 Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote...
CVE-2024-7976 Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attac...
CVE-2024-7977 Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed...
CVE-2024-7978 Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a r...
CVE-2024-7979 Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed...
CVE-2024-7980 Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed...
CVE-2024-7981 Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attac...
CVE-2024-7982 Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS
E
CVE-2024-7983 Denial of Service in open-webui/open-webui
E
CVE-2024-7984 Joy Of Text Lite – SMS messaging for WordPress <= 2.3.1 - Settings Update via CSRF
E
CVE-2024-7985 FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2024-7986 Rockwell Automation ThinManager® ThinServer™ Information Disclosure
S
CVE-2024-7987 Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
S
CVE-2024-7988 ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
S
CVE-2024-7989 Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This c...
R
CVE-2024-7990 Stored Cross-Site Scripting in open-webui/open-webui
E
CVE-2024-7991 Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability
CVE-2024-7992 Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability
CVE-2024-7993 Out-of-Bounds Write Vulnerability in Autodesk Revit
CVE-2024-7994 Stack-Based Buffer Overflow Vulnerability in Autodesk Revit
CVE-2024-7995 Autodesk VRED Design Privilege Escalation Vulnerability
CVE-2024-7998 In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could...
CVE-2024-7999 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.