CVE-2024-8xxx

There are 948 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-8000 On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar
S
CVE-2024-8001 VIWIS LMS Print authorization
CVE-2024-8002 VIWIS LMS File Upload cross site scripting
CVE-2024-8003 Go-Tribe gotribe-admin Log routes.go InitRoutes deserialization
E S
CVE-2024-8004 Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-8005 demozx gf_cms JWT Authentication auth.go init hard-coded credentials
E S
CVE-2024-8006 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support
S
CVE-2024-8007 Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors
M
CVE-2024-8009 Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure
E
CVE-2024-8011 Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Optio...
CVE-2024-8012 An authentication bypass weakness in the message broker service of Ivanti Workspace Control version ...
CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
CVE-2024-8014 Telerik Reporting EntityDataSource Insecure Type Resolution
CVE-2024-8015 Telerik Report Server Insecure Type Resolution
CVE-2024-8016 The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution
CVE-2024-8017 Cross-site Scripting (XSS) in open-webui/open-webui
CVE-2024-8018 Denial of Service (DOS) in imartinez/privategpt
CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning
CVE-2024-8021 Open Redirect in gradio-app/gradio
E
CVE-2024-8022 Genexis Tilgin Home Gateway cross site scripting
CVE-2024-8023 chillzhuang SpringBlade list sql injection
E
CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything
CVE-2024-8025 Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-8026 CSRF due to overly permissive CORS headers in netease-youdao/qanything
E
CVE-2024-8027 Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
CVE-2024-8028 Denial of Service in danswer-ai/danswer
CVE-2024-8029 Stored XSS in imartinez/privategpt
CVE-2024-8030 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection
CVE-2024-8031 Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download
E
CVE-2024-8032 Smooth Gallery Replacement <= 1.0 - CSRF to Stored XSS
E
CVE-2024-8033 Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 a...
CVE-2024-8034 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allow...
CVE-2024-8035 Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowe...
CVE-2024-8036 Unauthorized Modifications of Firmware and Configuration
M
CVE-2024-8037 Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_...
CVE-2024-8038 Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsibl...
CVE-2024-8039 Improper permission configurationDomain configuration vulnerability of the mobile application (com.a...
CVE-2024-8040 Authorization Bypass Through User-Controlled Key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x
CVE-2024-8041 Uncontrolled Resource Consumption in GitLab
E S
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation
CVE-2024-8043 Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF
E
CVE-2024-8044 infolinks Ad Wrap <= 1.0.2 - Settings Update via CSRF
E
CVE-2024-8045 Advanced WordPress Backgrounds <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter
CVE-2024-8046 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8047 Visual Sound (old) <= 1.06 - Settings Update via CSRF
E
CVE-2024-8048 Telerik Reporting Insecure Expression Evaluation
CVE-2024-8049 Telerik Document Processing Improper Handling of Memory Resources
CVE-2024-8050 Custom Author Base <= 1.1.1 - Settings Update via CSRF
E
CVE-2024-8051 Special Feed Items <= 1.0.1 - Stored XSS via CSRF
E
CVE-2024-8052 Review Ratings <= 1.6 - Stored XSS via CSRF
E
CVE-2024-8053 Improper Authentication in open-webui/open-webui
E
CVE-2024-8054 MM-Breaking News <= 0.7.9 - Stored XSS via CSRF
E
CVE-2024-8055 Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna
CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS
E
CVE-2024-8057 Improper Access Control in danswer-ai/danswer
CVE-2024-8058 An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file i...
S
CVE-2024-8059 IPMI credentials may be captured in XCC audit log entries when the account username length is 16 cha...
S
CVE-2024-8060 Remote Code Execution in OpenWebUI via Arbitrary File Upload
CVE-2024-8061 Denial of Service in aimhubio/aim
CVE-2024-8062 Denial of Service in h2oai/h2o-3
E
CVE-2024-8063 Divide by Zero in ollama/ollama
E
CVE-2024-8064 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8065 CSRF in danswer-ai/danswer
CVE-2024-8066 File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2024-8067 Unicode "best fit" argument injection
CVE-2024-8068 Privilege escalation to NetworkService Account access
CVE-2024-8069 Limited remote code execution with privilege of a NetworkService Account access
CVE-2024-8070 CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentia...
CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin
S
CVE-2024-8072 Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
CVE-2024-8073 Command Injection Vulnerability in Hillstone Networks Web Application Firewall
S
CVE-2024-8074 Sensetive Data Exposure in Nomysoft Informatics' Nomysem
CVE-2024-8075 TOTOLINK AC1200 T8 setDiagnosisCfg os command injection
CVE-2024-8076 TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow
CVE-2024-8077 TOTOLINK AC1200 T8 setTracerouteCfg os command injection
E
CVE-2024-8078 TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow
E
CVE-2024-8079 TOTOLINK AC1200 T8 exportOvpn buffer overflow
E
CVE-2024-8080 SourceCodester Online Health Care System search.php sql injection
E
CVE-2024-8081 itsourcecode Payroll Management System login.php sql injection
E
CVE-2024-8082 Widgets Reset <= 0.1 - Settings Update via CSRF
E
CVE-2024-8083 SourceCodester Online Computer and Laptop Store Master.php sql injection
E
CVE-2024-8084 SourceCodester Online Computer and Laptop Store Setting SystemSettings.php cross site scripting
E
CVE-2024-8085 PeoplePond <= 1.1.9 - CSRF to Stored XSS
E
CVE-2024-8086 SourceCodester E-Commerce System Admin Login login.php sql injection
E
CVE-2024-8087 SourceCodester E-Commerce System popup_Item.php sql injection
E
CVE-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path
S
CVE-2024-8089 SourceCodester E-Commerce System controller.php unrestricted upload
E
CVE-2024-8090 JavaScript Logic <= 0.1 - CSRF to Stored XSS
E
CVE-2024-8091 Enhanced Search Box <= 0.6.1 - Settings Update via CSRF
E
CVE-2024-8092 Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF
E
CVE-2024-8093 Posts reminder <= 0.20 - Settings Update via CSRF
E
CVE-2024-8094 Ntz Antispam <= 2.0e - Settings Update via CSRF
E
CVE-2024-8095 BabelZ – Google Translate Widget <= 1.1.5 - CSRF to Stored XSS
E
CVE-2024-8096 OCSP stapling bypass with GnuTLS
CVE-2024-8097 Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level
CVE-2024-8099 Server-Side Request Forgery (SSRF) in vanna-ai/vanna
CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
S
CVE-2024-8101 Stored XSS in aimhubio/aim
E
CVE-2024-8102 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update
S
CVE-2024-8103 WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
CVE-2024-8104 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download
S
CVE-2024-8105 Insecure Platform Key (PK) used in UEFI system firmware signature
CVE-2024-8106 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure
S
CVE-2024-8107 Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8108 Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter
CVE-2024-8110 Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a c...
CVE-2024-8112 thinkgem JeeSite Cookie login cross site scripting
E
CVE-2024-8113 Stored XSS in Placeholder Samples in Mail Preview
CVE-2024-8114 Missing Authorization in GitLab
E S
CVE-2024-8116 Incorrect Authorization in GitLab
E S
CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option
S
CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint
CVE-2024-8119 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page
S
CVE-2024-8120 ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions
S
CVE-2024-8121 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change
S
CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference
S
CVE-2024-8124 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management.
S
CVE-2024-8126 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2024-8127 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_unzip command injection
E
CVE-2024-8128 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection
E
CVE-2024-8129 D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection
E
CVE-2024-8130 D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3 command injection
E
CVE-2024-8131 D-Link DNS-1550-04 HTTP POST Request apkg_mgr.cgi module_enable_disable command injection
E
CVE-2024-8132 D-Link DNS-1550-04 HTTP POST Request webdav_mgr.cgi webdav_mgr command injection
E
CVE-2024-8133 D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_R5_SpareDsk_DiskMGR command injection
E
CVE-2024-8134 D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_Std2R5_1st_DiskMGR command injection
E
CVE-2024-8135 Go-Tribe gotribe token.go Sign hard-coded credentials
S
CVE-2024-8136 SourceCodester Record Management System sort1_user.php cross site scripting
E
CVE-2024-8137 SourceCodester Record Management System search_user.php cross site scripting
E
CVE-2024-8138 code-projects Pharmacy Management System Parameter index.php editManager sql injection
E
CVE-2024-8139 itsourcecode E-Commerce Website search_list.php sql injection
E
CVE-2024-8140 SourceCodester Task Progress Tracker update-task.php cross site scripting
E S
CVE-2024-8141 SourceCodester Daily Calories Monitoring Tool add-calorie.php cross site scripting
E
CVE-2024-8142 SourceCodester Daily Calories Monitoring Tool delete-calorie.php cross site scripting
E
CVE-2024-8143 Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-8144 ClassCMS Logo admin cross site scripting
E
CVE-2024-8145 ClassCMS Article admin cross site scripting
E
CVE-2024-8146 code-projects Pharmacy Management System index.php sql injection
E
CVE-2024-8147 code-projects Pharmacy Management System index.php sql injection
E
CVE-2024-8148 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1)
CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.
CVE-2024-8150 ContiNew Admin user sql injection
E
CVE-2024-8151 SourceCodester Interactive Map with Marker delete-mark.php cross site scripting
E
CVE-2024-8152 SourceCodester QR Code Bookmark System Parameter add-bookmark.php cross site scripting
E
CVE-2024-8153 SourceCodester QR Code Bookmark System delete-bookmark.php cross site scripting
E
CVE-2024-8154 SourceCodester QR Code Bookmark System Parameter update-bookmark.php cross site scripting
E S
CVE-2024-8155 ContiNew Admin tree sql injection
E
CVE-2024-8156 Command Injection in significant-gravitas/autogpt
E S
CVE-2024-8157 Alphabetical List <= 1.0.3 - Settings Update via CSRF
E
CVE-2024-8158 User impersonation for lib9p based 9p fileservers
S
CVE-2024-8159 Deep Freeze 9.00.020.5760 - Out-of-bounds read
CVE-2024-8160 Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did...
CVE-2024-8161 SQL injection vulnerability in CIGESv2 system
S
CVE-2024-8162 TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials
E
CVE-2024-8163 Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
E
CVE-2024-8164 Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload
E
CVE-2024-8165 Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
E
CVE-2024-8166 Ruijie EG2000K index.php unrestricted upload
E
CVE-2024-8167 code-projects Job Portal forget.php sql injection
E
CVE-2024-8168 code-projects Online Bus Reservation Site login.php sql injection
E
CVE-2024-8169 code-projects Online Quiz Site signupuser.php sql injection
E
CVE-2024-8170 SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload
E
CVE-2024-8171 itsourcecode Tailoring Management System staffcatedit.php sql injection
E
CVE-2024-8172 SourceCodester QR Code Attendance System delete-student.php cross site scripting
E
CVE-2024-8173 code-projects Blood Bank System Login Page login.php sql injection
E
CVE-2024-8174 code-projects Blood Bank System Login Page login.php cross site scripting
E
CVE-2024-8175 CODESYS: web server vulnerable to DoS
CVE-2024-8176 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
M
CVE-2024-8177 Inefficient Algorithmic Complexity in GitLab
E S
CVE-2024-8178 Multiple issues in ctl(4) CAM Target Layer
CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-8181 Flowise Authentication Bypass
CVE-2024-8182 Flowise Denial of Service
CVE-2024-8183 CORS Misconfiguration in prefecthq/prefect
CVE-2024-8184 Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
S
CVE-2024-8185 Vault Vulnerable to Denial of Service When Processing Raft Join Requests
CVE-2024-8186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-8187 Smart Post Show <= 3.0.0 - Editor+ Stored XSS
E
CVE-2024-8188 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-8189 WP MultiTasking - WP Utilities <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-8190 An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and ...
KEV
CVE-2024-8191 SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update ...
CVE-2024-8193 Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who ...
CVE-2024-8194 Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potential...
CVE-2024-8195 Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure
S
CVE-2024-8196 Missing Authentication for Critical Function in mintplex-labs/anything-llm
CVE-2024-8197 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-7859. Reason: T...
R
CVE-2024-8198 Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who ...
CVE-2024-8199 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
S
CVE-2024-8200 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery
S
CVE-2024-8201 Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer
CVE-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths
CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
CVE-2024-8209 nafisulbari/itsourcecode Insurance Management System addClient.php cross site scripting
CVE-2024-8210 D-Link DNS-1550-04 hd_config.cgi sprintf command injection
E
CVE-2024-8211 D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R1_DiskMGR command injection
E
CVE-2024-8212 D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_2nd_DiskMGR command injection
E
CVE-2024-8213 D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_1st_DiskMGR command injection
E
CVE-2024-8214 D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R5_2nd_DiskMGR command injection
E
CVE-2024-8215 Payload Injection Attack via Management REST interface
CVE-2024-8216 nafisulbari/itsourcecode Insurance Management System Payment editPayment.php access control
CVE-2024-8217 SourceCodester E-Commerce Website registration.php sql injection
E
CVE-2024-8218 code-projects Online Quiz Site index.php sql injection
E
CVE-2024-8219 code-projects Responsive Hotel Site index.php sql injection
E
CVE-2024-8220 itsourcecode Tailoring Management System staffedit.php sql injection
E
CVE-2024-8221 SourceCodester Music Gallery Site manage_category.php sql injection
E
CVE-2024-8222 SourceCodester Music Gallery Site sql injection
E
CVE-2024-8223 SourceCodester Music Gallery Site Master.php sql injection
E
CVE-2024-8224 Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow
E
CVE-2024-8225 Tenda G3 SetSysTimeCfg formSetSysTime stack-based overflow
E
CVE-2024-8226 Tenda O1 setcfm formSetCfm stack-based overflow
E
CVE-2024-8227 Tenda O1 DhcpSetSer fromDhcpSetSer stack-based overflow
E
CVE-2024-8228 Tenda O5 setMacFilterList fromSafeSetMacFilter stack-based overflow
E
CVE-2024-8229 Tenda O6 operateMacFilter frommacFilterModify stack-based overflow
E
CVE-2024-8230 Tenda O6 setMacFilterList fromSafeSetMacFilter stack-based overflow
E
CVE-2024-8231 Tenda O6 setPortForward fromVirtualSet stack-based overflow
E
CVE-2024-8232 iniNet Solutions SpiderControl SCADA Web Server Unrestricted Upload of File with Dangerous Type
S
CVE-2024-8233 Inefficient Algorithmic Complexity in GitLab
E S
CVE-2024-8234 ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), for...
E
CVE-2024-8235 Libvirt: crash of virtinterfaced via virconnectlistinterfaces()
S
CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8237 Inefficient Algorithmic Complexity in GitLab
E S
CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim
CVE-2024-8239 Starbox < 3.5.3 - Contributor+ Stored XSS
E
CVE-2024-8240 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
S
CVE-2024-8242 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload
S
CVE-2024-8243 Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF
E
CVE-2024-8245 GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF
E
CVE-2024-8246 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation
S
CVE-2024-8247 Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation
S
CVE-2024-8248 Path Traversal in mintplex-labs/anything-llm
CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm
CVE-2024-8250 Expired Pointer Dereference in Wireshark
E S
CVE-2024-8251 Prisma Injection in mintplex-labs/anything-llm
CVE-2024-8252 Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion
S
CVE-2024-8253 Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation
S
CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
S
CVE-2024-8255 Path Traversal in Ocean Data Systems Dream Report
S
CVE-2024-8256 Incorrect Permission Assignment in RutOS based routers and TSWOS based managed switches
CVE-2024-8258 Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
E S
CVE-2024-8259 Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Management Program
CVE-2024-8260 OPA SMB Force-Authentication
CVE-2024-8261 IDOR in Proliz Software's OBS
CVE-2024-8262 Path Traversal in Proliz Software's OBS
CVE-2024-8263 An improper privilege management vulnerability allowed arbitrary workflows to be committed using an ...
CVE-2024-8264 Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05
S
CVE-2024-8266 Execution with Unnecessary Privileges in GitLab
E S
CVE-2024-8267 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
CVE-2024-8268 Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call
S
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
S
CVE-2024-8271 FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2024-8272 macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation
CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting
S
CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection
S
CVE-2024-8276 WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
S
CVE-2024-8277 WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation
CVE-2024-8278 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated X...
S
CVE-2024-8279 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated X...
S
CVE-2024-8280 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user ...
S
CVE-2024-8281 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user ...
S
CVE-2024-8282 Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
S
CVE-2024-8283 Slider by 10Web < 1.2.59 - Admin+ Stored XSS
E
CVE-2024-8284 Download Manager <= 3.2.98 - Admin+ Stored XSS
E
CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification
M
CVE-2024-8286 GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF
E
CVE-2024-8287 Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate p...
CVE-2024-8288 Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover
CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation
S
CVE-2024-8291 Concrete CMS Stored XSS in Image Editor Background Color
S
CVE-2024-8292 WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update
S
CVE-2024-8294 FeehiCMS index.php update unrestricted upload
E
CVE-2024-8295 FeehiCMS index.php createBanner unrestricted upload
E
CVE-2024-8296 FeehiCMS index.php insert unrestricted upload
E
CVE-2024-8297 kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs
S
CVE-2024-8298 Memory request vulnerability in the memory management module Impact: Successful exploitation of this...
CVE-2024-8299 Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
CVE-2024-8300 Malicious Code Execution Vulnerability in GENESIS64
CVE-2024-8301 dingfanzu CMS checkin.php sql injection
E
CVE-2024-8302 dingfanzu CMS chpwd.php sql injection
E
CVE-2024-8303 dingfanzu CMS getBasicInfo.php sql injection
E
CVE-2024-8304 jpress Template Module edit path traversal
E
CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints
CVE-2024-8306 CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, lo...
CVE-2024-8308 Siempelkamp: SQL injection due to improper handling of HTTP request input data
CVE-2024-8309 SQL Injection in langchain-ai/langchain
E S
CVE-2024-8310 OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function
S
CVE-2024-8311 Improper Protection of Alternate Path in GitLab
S
CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-8313 Default or Guessable SNMP community names in B&R APROL
CVE-2024-8314 Improper session handling in B&R APROL
CVE-2024-8315 Improper Handling of Insufficient Permissions or Privileges in B&R APROL
CVE-2024-8316 Progress UI for WPF format provider unsafe deserialization vulnerability
CVE-2024-8317 WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_alignment Attribute
S
CVE-2024-8318 Attributes for Blocks <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributesForBlocks Parameter
S
CVE-2024-8319 Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions
S
CVE-2024-8320 Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September upd...
CVE-2024-8321 Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September upd...
CVE-2024-8322 Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update ...
CVE-2024-8323 Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute
S
CVE-2024-8324 XO Slider <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8325 Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-8326 s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure
CVE-2024-8327 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection
S
CVE-2024-8328 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - Reflected XSS
S
CVE-2024-8329 Gether Technology 6SHR System - SQL Injection
S
CVE-2024-8330 Gether Technology 6SHR System - Unrestricted File Upload
S
CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection
E
CVE-2024-8332 master-nan Sweet-CMS index sql injection
E S
CVE-2024-8333 Rejected reason: Test CVE...
R
CVE-2024-8334 master-nan Sweet-CMS log.go LogHandler neutralization for logs
S
CVE-2024-8335 OpenRapid RapidCMS runlogon.php sql injection
E
CVE-2024-8336 SourceCodester Music Gallery Site Master.php sql injection
E
CVE-2024-8337 SourceCodester Contact Manager with Export to VCF index.html cross site scripting
E
CVE-2024-8338 HFO4 shudong-share File Extension fileReceive.php unrestricted upload
E
CVE-2024-8339 SourceCodester Electric Billing Management System Connection Code ?page=tracks sql injection
E
CVE-2024-8340 SourceCodester Electric Billing Management System Actions.php sql injection
E
CVE-2024-8341 SourceCodester Petshop Management System add_user.php unrestricted upload
E
CVE-2024-8342 SourceCodester Petshop Management System add_client.php unrestricted upload
E
CVE-2024-8343 SourceCodester Sentiment Based Movie Rating System User Registration Users.php sql injection
E
CVE-2024-8344 Campcodes Supplier Management System edit_area.php sql injection
E
CVE-2024-8345 SourceCodester Music Gallery Site Users.php sql injection
E
CVE-2024-8346 SourceCodester Computer Laboratory Management System SystemSettings.php update_settings_info sql injection
E
CVE-2024-8347 SourceCodester Computer Laboratory Management System Master.php delete_record sql injection
E
CVE-2024-8348 SourceCodester Computer Laboratory Management System Master.php delete_category sql injection
E
CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation
CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add
E
CVE-2024-8351 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8352 Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download
S
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
S
CVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()
CVE-2024-8355 Visteon Infotainment System DeviceManager iAP Serial Number SQL Injection Vulnerability
CVE-2024-8356 Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
CVE-2024-8357 Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
CVE-2024-8358 Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability
CVE-2024-8359 Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability
CVE-2024-8360 Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
CVE-2024-8361 DoS caused due to wrong hash length returned for SHA2/224 algorithm
CVE-2024-8362 Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to pot...
E
CVE-2024-8363 Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode
S
CVE-2024-8364 WP Custom Fields Search <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode
CVE-2024-8365 Vault Leaks AppRole Client Tokens And Accessor in Audit Log
CVE-2024-8366 code-projects Pharmacy Management System Update My Profile Page index.php cross site scripting
CVE-2024-8367 HM Courts & Tribunals Service Probate Back Office Markdown NotificationService.java injection
S
CVE-2024-8368 code-projects Hospital Management System Login index.php sql injection
E
CVE-2024-8369 EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure
CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting
CVE-2024-8371 Rejected reason: Duplicate of CVE-2024-45305....
R
CVE-2024-8372 AngularJS improper sanitization in 'srcset' attribute
E
CVE-2024-8373 AngularJS improper sanitization in '' element
E
CVE-2024-8374 Arbitrary Code Injection in Cura
S
CVE-2024-8375 Object deserialization in Reverb leading to RCE
CVE-2024-8376 Memory leak
S
CVE-2024-8377 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8378 Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass
E
CVE-2024-8379 Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection
E
CVE-2024-8380 SourceCodester Contact Manager with Export to VCF Delete Contact delete-account.php sql injection
E
CVE-2024-8381 A potentially exploitable type confusion could be triggered when looking up a property name on an ob...
CVE-2024-8382 Internal browser event interfaces were exposed to web content when privileged EventHandler listener ...
CVE-2024-8383 Firefox normally asks for confirmation before asking the operating system to find an application to ...
CVE-2024-8384 The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were de...
CVE-2024-8385 A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an expl...
CVE-2024-8386 If a site had been granted the permission to open popup windows, it could cause Select elements to a...
CVE-2024-8387 Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these b...
CVE-2024-8388 Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notifi...
CVE-2024-8389 Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption a...
CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size
CVE-2024-8392 WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.2 - Authenticated (Admin+) Local File Inclusion
CVE-2024-8394 When aborting the verification of an OTR chat session, an attacker could have caused a use-after-fre...
CVE-2024-8395 FlyCASS Cockpit Access Security System (CASS) SQL Injection
E S
CVE-2024-8397 GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS
E
CVE-2024-8398 Simple Nav Archives <= 2.1.3 - Settings Update via CSRF
E
CVE-2024-8399 Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vuln...
CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt
E S
CVE-2024-8401 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnera...
CVE-2024-8402 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
E S
CVE-2024-8403 Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module
CVE-2024-8404 Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder
CVE-2024-8405 Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack
CVE-2024-8407 alwindoss akademy handlers.go cross site scripting
E
CVE-2024-8408 Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
E
CVE-2024-8409 ABCD ABCD2 show_image.php path traversal
E
CVE-2024-8410 ABCD ABCD2 otros_sitios.php path traversal
E
CVE-2024-8411 ABCD ABCD2 buscar_integrada.php cross site scripting
E
CVE-2024-8412 LinuxOSsk Shakal-NG views.py redirect
E S
CVE-2024-8413 Cross Site Scripting (XSS) in Raspcontrol
S
CVE-2024-8414 SourceCodester Insurance Management System cross-site request forgery
E
CVE-2024-8415 SourceCodester Food Ordering Management System add-ticket.php sql injection
E
CVE-2024-8416 SourceCodester Food Ordering Management System ticket-status.php sql injection
E
CVE-2024-8417 云课网络科技有限公司 Yunke Online School System videobind.html sensitive information in source
E
CVE-2024-8418 Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
E M
CVE-2024-8420 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation
CVE-2024-8421 Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed....
R
CVE-2024-8422 CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of se...
CVE-2024-8424 WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM
CVE-2024-8425 WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload
CVE-2024-8426 Pagelayer < 1.8.8 - Admin+ Stored XSS
E
CVE-2024-8427 Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
S
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVE-2024-8429 Improper Authentication in Digital Operation Services' WiFiBurada
CVE-2024-8430 Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import
CVE-2024-8431 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private Gallery Title Disclosure
CVE-2024-8432 Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update
S
CVE-2024-8433 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-8434 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates
S
CVE-2024-8436 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection
CVE-2024-8437 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation
CVE-2024-8438 Path Traversal in modelscope/agentscope
CVE-2024-8439 Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This c...
R
CVE-2024-8440 Essential Addons for Elementor -- Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget
S
CVE-2024-8441 An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update...
CVE-2024-8442 Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget
S
CVE-2024-8443 Libopensc: heap buffer overflow in openpgp driver when generating key
CVE-2024-8444 Download Manager < 3.3.00 - Contributor+ Stored XSS
E
CVE-2024-8445 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)
M
CVE-2024-8447 Narayana: deadlock via multiple join requests sent to lra coordinator
CVE-2024-8448 PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials
S
CVE-2024-8449 PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials
S
CVE-2024-8450 PLANET Technology switch devices - Hard-coded SNMPv1 read-write community string
S
CVE-2024-8451 PLANET Technology switch devices - SSH server DoS attack
S
CVE-2024-8452 PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials
S
CVE-2024-8453 PLANET Technology switch devices - Weak hash for users' passwords
S
CVE-2024-8454 PLANET Technology switch devices - Swctrl service DoS attack
S
CVE-2024-8455 PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords
S
CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes
S
CVE-2024-8457 PLANET Technology switch devices - Stored cross-site scripting (XSS) in the User Management
S
CVE-2024-8458 PLANET Technology switch devices - Cross-site Request Forgery
S
CVE-2024-8459 PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords
S
CVE-2024-8460 D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure
E
CVE-2024-8461 D-Link DNS-320 Web Management Interface discovery.cgi information disclosure
E
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
S
CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal
CVE-2024-8464 SQL injection vulnerability in Job Portal
CVE-2024-8465 SQL injection vulnerability in Job Portal
CVE-2024-8466 SQL injection vulnerability in Job Portal
CVE-2024-8467 SQL injection vulnerability in Job Portal
CVE-2024-8468 SQL injection vulnerability in Job Portal
CVE-2024-8469 SQL injection vulnerability in Job Portal
CVE-2024-8470 SQL injection vulnerability in Job Portal
CVE-2024-8471 SQL injection vulnerability in Job Portal
CVE-2024-8472 SQL injection vulnerability in Job Portal
CVE-2024-8473 SQL injection vulnerability in Job Portal
CVE-2024-8474 OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key ...
CVE-2024-8475 Protection Mechanism Failure in Digital Operation Services' WiFiBurada
CVE-2024-8476 Easy PayPal Events <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion
S
CVE-2024-8477 Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery
S
CVE-2024-8478 Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2024-8480 Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload
S
CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-8482 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget
CVE-2024-8483 MAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure
S
CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection
CVE-2024-8485 REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover
CVE-2024-8486 Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets
S
CVE-2024-8487 CORS Vulnerability in modelscope/agentscope
E
CVE-2024-8488 Survey Maker – Customer Satisfaction Questionnaire, Chat Survey, Calculation Form, Payment Forms <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting
S
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
CVE-2024-8490 PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details
S
CVE-2024-8492 Hustle < 7.8.5 - Admin+ Stored XSS
E
CVE-2024-8493 The Events Calendar < 6.6.4 - Admin+ Stored XSS
E
CVE-2024-8494 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
CVE-2024-8495 A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
CVE-2024-8496 Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18....
CVE-2024-8497 Franklin Fueling Systems TS-550 EVO Absolute Path Traversal
S
CVE-2024-8499 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice
S
CVE-2024-8500 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2024-8501 Arbitrary File Download in modelscope/agentscope
E
CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope
CVE-2024-8503 VICIdial Unauthenticated SQL Injection
S
CVE-2024-8504 VICIdial Authenticated Remote Code Execution
S
CVE-2024-8505 WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter
S
CVE-2024-8507 File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-8508 Unbounded name compression could lead to Denial of Service
S
CVE-2024-8509 Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication
M
CVE-2024-8510 N-central Path Traversal
CVE-2024-8512 W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
CVE-2024-8513 QA Analytics <= 4.1.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-8514 Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection
S
CVE-2024-8515 Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8516 Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure
CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection
E
CVE-2024-8518 CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 ...
CVE-2024-8519 Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-8520 Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change
S
CVE-2024-8521 Wavelog Live QSO qso index cross site scripting
E S
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
S
CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection
E
CVE-2024-8524 Directory Traversal in modelscope/agentscope
E
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
S
CVE-2024-8526 Automated Logic WebCTRL and Carrier i-Vu Open Redirect
S
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'
S
CVE-2024-8530 CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure...
CVE-2024-8531 CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise...
CVE-2024-8533 Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions
S
CVE-2024-8534 Memory safety vulnerability leading to memory corruption and Denial of Service
CVE-2024-8535 Authenticated user can access unintended user capabilities
CVE-2024-8536 Ultimate Blocks < 3.2.2 - Contributor+ Stored XSS
E
CVE-2024-8537 Path Traversal in modelscope/agentscope
CVE-2024-8538 Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure
S
CVE-2024-8539 Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authentic...
CVE-2024-8540 Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local auth...
CVE-2024-8541 Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting
S
CVE-2024-8542 Everest Forms < 3.0.3.1 - Admin+ Stored XSS
E
CVE-2024-8543 Slider comparison image before and after <= 0.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8544 Pixel Cat – Conversion Pixel Manager <= 3.0.5 - Reflected Cross-Site Scripting
S
CVE-2024-8545 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8546 ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget
S
CVE-2024-8547 Simple Popup Plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8548 KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
CVE-2024-8549 Simple Calendar – Google Calendar Plugin <= 3.4.2 - Reflected Cross-Site Scripting
S
CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope
E
CVE-2024-8551 Path Traversal in modelscope/agentscope
CVE-2024-8552 Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable
S
CVE-2024-8553 Foreman: read-only access to entire db from templates
M
CVE-2024-8554 SourceCodester Clinics Patient Management System users.php cross site scripting
E
CVE-2024-8555 SourceCodester Clinics Patient Management System congratulations.php redirect
E
CVE-2024-8556 Stored XSS in modelscope/agentscope
E
CVE-2024-8557 SourceCodester Food Ordering Management System cancel-order.php sql injection
E
CVE-2024-8558 SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input
E
CVE-2024-8559 SourceCodester Online Food Menu delete-menu.php sql injection
CVE-2024-8560 SourceCodester Simple Invoice Generator System save_invoice.php sql injection
CVE-2024-8561 SourceCodester PHP CRUD Delete Person delete.php sql injection
CVE-2024-8562 SourceCodester PHP CRUD Add.php cross site scripting
CVE-2024-8563 SourceCodester PHP CRUD update.php cross site scripting
E S
CVE-2024-8564 SourceCodester PHP CRUD update.php sql injection
CVE-2024-8565 SourceCodesters Clinics Patient Management System print_diseases.php sql injection
E
CVE-2024-8566 code-projects Online Shop Store settings.php cross site scripting
E
CVE-2024-8567 itsourcecode Payroll Management System ajax.php sql injection
E
CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection
E
CVE-2024-8569 code-projects Hospital Management System user-login.php sql injection
E
CVE-2024-8570 itsourcecode Tailoring Management System inccatadd.php sql injection
E
CVE-2024-8571 erjemin roll_cms views.py information exposure
CVE-2024-8572 Gouniverse GoLang CMS FrontendHandler.go PageRenderHtmlByAlias cross site scripting
S
CVE-2024-8573 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow
E
CVE-2024-8574 TOTOLINK AC1200 T8 cstecgi.cgi setParentalRules os command injection
E S
CVE-2024-8575 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow
E
CVE-2024-8576 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow
E
CVE-2024-8577 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow
E
CVE-2024-8578 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiMeshName buffer overflow
E
CVE-2024-8579 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiRepeaterCfg buffer overflow
E
CVE-2024-8580 TOTOLINK AC1200 T8 shadow.sample hard-coded password
E
CVE-2024-8581 Path Traversal in parisneo/lollms-webui
CVE-2024-8582 SourceCodester Food Ordering Management System index.php cross site scripting
E
CVE-2024-8583 SourceCodester Online Bank Management System Feedback mfeedback.php cross site scripting
E
CVE-2024-8584 LEARNING DIGITAL Orca HCM - Missing Authentication
S
CVE-2024-8585 LEARNING DIGITAL Orca HCM - Arbitrary File Download
S
CVE-2024-8586 Uniong WebITR - Open Redirect
S
CVE-2024-8587 Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability
CVE-2024-8588 Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability
CVE-2024-8589 Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability
CVE-2024-8590 Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability
CVE-2024-8591 Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability
CVE-2024-8592 Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability
CVE-2024-8593 Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability
CVE-2024-8594 Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability
CVE-2024-8595 Autodesk AutoCAD MODEL File Parsing Use-After-Free Code Execution Vulnerability
CVE-2024-8596 Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Code Execution Vulnerability
CVE-2024-8597 Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability
CVE-2024-8598 Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability
CVE-2024-8599 Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability
CVE-2024-8600 A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a ...
CVE-2024-8601 Improper Access Control Vulnerability in TechExcel Back Office Software
S
CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar
S
CVE-2024-8603 A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in ...
CVE-2024-8604 SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting
CVE-2024-8605 code-projects Inventory Management Registration Form registration.php cross site scripting
E
CVE-2024-8606 Fix 2FA bypass via RestAPI
CVE-2024-8607 SQLi in Oceanic Software's ValeApp
CVE-2024-8608 Stored XSS in Oceanic Software's ValeApp
CVE-2024-8609 Improper Access Control in Oceanic Software's ValeApp
CVE-2024-8610 SourceCodester Best House Rental Management System New Tenant Page index.php cross site scripting
E
CVE-2024-8611 itsourcecode Tailoring Management System ssms.php sql injection
E
CVE-2024-8612 Qemu-kvm: information leak in virtio devices
CVE-2024-8613 Improper Access Control in gaizhenbiao/chuanhuchatgpt
CVE-2024-8614 WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-8615 WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3
CVE-2024-8617 Quiz Maker <= 6.5.9.8 - Admin+ Stored XSS
E
CVE-2024-8618 Page Builder: Pagelayer < 1.9.0- Admin+ Stored XSS
E
CVE-2024-8619 Ajax Search Lite <= 4.12.2 - Admin+ Stored XSS
E
CVE-2024-8620 MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings
E
CVE-2024-8621 Daily Prayer Time <= 2024.08.26 - Authenticated (Contributor+) SQL Injection
S
CVE-2024-8622 amCharts: Charts and Maps <= 1.4.4 - Reflected Cross-Site Scripting via Cross-Site Request Forgery
S
CVE-2024-8623 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2024-8624 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection
S
CVE-2024-8625 TS Poll – Survey, Versus Poll, Image Poll, Video Poll < 2.4.0 - Admin+ SQL Injection
E
CVE-2024-8626 Logix Controllers Vulnerable to Denial-of-Service Vulnerability
S
CVE-2024-8627 Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8628 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-8629 WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting
CVE-2024-8630 Alisonic Sibylla SQL Injection
M
CVE-2024-8631 Privilege Defined With Unsafe Actions in GitLab
E S
CVE-2024-8632 KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure
CVE-2024-8633 Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
S
CVE-2024-8636 Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to p...
CVE-2024-8637 Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote ...
CVE-2024-8638 Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potential...
CVE-2024-8639 Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote atta...
CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
E S
CVE-2024-8641 Privilege Context Switching Error in GitLab
E S
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied
S
CVE-2024-8643 Session Hijacking in Oceanic Software's ValeApp
CVE-2024-8644 Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp
CVE-2024-8645 Access of Uninitialized Pointer in Wireshark
S
CVE-2024-8646 Eclipse Glassfish: URL redirection vulnerability to untrusted sites
S
CVE-2024-8647 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
E S
CVE-2024-8648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2024-8650 Incorrect Authorization in GitLab
E S
CVE-2024-8651 Netcat CMS: user enumeration
S
CVE-2024-8652 Netcat CMS: reflected cross-site scripting in openstat module
S
CVE-2024-8653 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module
S
CVE-2024-8654 MongoDB Server may access non-initialized region of memory leading to unexpected behaviour
CVE-2024-8655 Mercury MNVR816 web-static file access
CVE-2024-8656 WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting
S
CVE-2024-8657 Garden Gnome Package <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-8658 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade
S
CVE-2024-8660 Stored XSS in the "Top Navigator Bar" block
S
CVE-2024-8661 Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block
S
CVE-2024-8662 Koko Analytics <= 1.3.12 - Reflected Cross-Site Scripting
S
CVE-2024-8663 WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting
S
CVE-2024-8664 WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting
S
CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting
S
CVE-2024-8666 Shoutcast Icecast HTML5 Radio Player <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8667 HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Publication
CVE-2024-8668 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2024-8669 Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection
S
CVE-2024-8670 Photo Gallery by 10Web < 1.8.29 - Admin+ Stored XSS
E
CVE-2024-8671 WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite
CVE-2024-8672 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
CVE-2024-8673 Z-Downloads < 1.11.7 - Admin+ Stored XSS via SVG Upload
E
CVE-2024-8674 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8675 Soumettre.fr <= 2.1.2 - Missing Authorization
CVE-2024-8676 Cri-o: checkpoint restore can be triggered from different namespaces
M
CVE-2024-8677 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update
S
CVE-2024-8679 Library Management System <= 3.0.0 - Authenticated (Admin+) SQL Injection
CVE-2024-8680 MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
S
CVE-2024-8681 Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget
S
CVE-2024-8682 JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration
CVE-2024-8684 OS Command Injection vulnerability in Revolution Pi
S
CVE-2024-8685 Path-Traversal vulnerability in Revolution Pi
S
CVE-2024-8686 PAN-OS: Command Injection Vulnerability
S
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
S
CVE-2024-8688 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
S
CVE-2024-8689 ActiveMQ Content Pack: Cleartext Exposure of Credentials
S
CVE-2024-8690 Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
S
CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect Portal
S
CVE-2024-8692 TDuckCloud TDuckPro password recovery
E
CVE-2024-8693 Kaon CG3000 dhcpcd Command cross site scripting
E
CVE-2024-8694 JFinalCMS com.cms.controller.admin.TemplateController update path traversal
E
CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
S
CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
S
CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
M
CVE-2024-8699 Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload
E
CVE-2024-8700 Event Calendar <= 1.0.4 - Unauthenticated Arbitrary Calendar Deletion
E
CVE-2024-8701 Event Calendar <= 1.0.4 - Admin+ Stored XSS
E
CVE-2024-8702 Backup Database <= 4.9 - Admin+ Stored XSS
E
CVE-2024-8703 Z-Downloads < 1.11.6 - Unauthenticated Stored XSS
E
CVE-2024-8704 Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale
S
CVE-2024-8705 Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System UCCGSrv.asmx GetDataKindByType sql injection
E
CVE-2024-8706 JFinalCMS com.cms.util.TemplateUtils update path traversal
E
CVE-2024-8707 云课网络科技有限公司 Yunke Online School System Appadmin.php downfile path traversal
E
CVE-2024-8708 SourceCodester Best House Rental Management System categories.php cross site scripting
CVE-2024-8709 SourceCodester Best House Rental Management System admin_class.php save_user sql injection
E
CVE-2024-8710 code-projects Inventory Management Products Table Page viewProduct.php sql injection
E
CVE-2024-8711 SourceCodester Food Ordering Management System includes exposure of information through directory listing
E
CVE-2024-8712 GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting
S
CVE-2024-8713 Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting
CVE-2024-8714 WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting
S
CVE-2024-8715 Simple LDAP Login <= 1.6.0 - Reflected Cross-Site Scripting
S
CVE-2024-8716 XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting
S
CVE-2024-8717 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting
CVE-2024-8718 Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting
CVE-2024-8719 Flexmls® IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting
CVE-2024-8720 RumbleTalk Live Group Chat – HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8721 Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8723 012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8724 Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting
S
CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload
S
CVE-2024-8726 MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting
S
CVE-2024-8727 DK PDF <= 1.9.6 - Reflected Cross-Site Scripting
CVE-2024-8728 Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting
CVE-2024-8729 Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting
CVE-2024-8730 Exit Notifier <= 1.9.1 - Reflected Cross-Site Scripting
CVE-2024-8731 Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting
CVE-2024-8732 Roles & Capabilities <= 1.1.9 - Reflected Cross-Site Scripting
CVE-2024-8733 HP One Agent Software – Potential Privilege Escalation
CVE-2024-8734 Lucas String Replace <= 2.0.5 - Reflected Cross-Site Scripting
CVE-2024-8735 MailMunch – Grow your Email List <= 3.1.8 - Reflected Cross-Site Scripting
S
CVE-2024-8736 Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui
E
CVE-2024-8737 PDF Thumbnail Generator <= 1.3 - Reflected Cross-Site Scripting
S
CVE-2024-8738 Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting
S
CVE-2024-8739 ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting
S
CVE-2024-8740 GetResponse Forms by Optin Cat <= 2.5.6 - Reflected Cross-Site Scripting
CVE-2024-8741 Beam me up Scotty – Back to Top Button <= 1.0.21 - Reflected Cross-Site Scripting
S
CVE-2024-8742 Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget
S
CVE-2024-8743 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload
CVE-2024-8746 File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
CVE-2024-8747 Email Obfuscate Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8748 A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel...
CVE-2024-8749 SQL Injection vulnerability in Idoit pro
S
CVE-2024-8750 Cross-site Scripting vulnerability in Idoit pro
S
CVE-2024-8751 Vulnerability in SICK MSC800
S
CVE-2024-8752 WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability
E
CVE-2024-8753 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-8754 External Control of Critical State Data in GitLab
S
CVE-2024-8755 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
CVE-2024-8756 Quform - WordPress Form Builder <= 2.20.0 - Unauthenticated Sensitive Information Exposure
CVE-2024-8757 Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection
CVE-2024-8758 Quiz and Survey Master (QSM) < 9.1.3 - Author+ Stored XSS
E
CVE-2024-8759 Nested Pages <= 3.2.8 - Editor+ Stored XSS
E
CVE-2024-8760 Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection
CVE-2024-8761 Share This Image <= 2.03 - Open Redirect via link Parameter
S
CVE-2024-8762 code-projects Crud Operation System updatedata.php sql injection
E
CVE-2024-8763 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
CVE-2024-8764 Improper Authorization in lunary-ai/lunary
CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary
CVE-2024-8766 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ...
CVE-2024-8767 Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following p...
CVE-2024-8768 Vllm: a completions api request with an empty prompt will crash the vllm api server.
M
CVE-2024-8769 Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim
E
CVE-2024-8770 A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitH...
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
CVE-2024-8772 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages...
CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP
CVE-2024-8774 Privilege Escalation in SIMPLE.ERP
CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
M
CVE-2024-8776 INTUMIT SmartRobot - Cross-site Scripting
S
CVE-2024-8777 The SYSCOM Group OMFLOW - Information Leakage
S
CVE-2024-8778 The SYSCOM Group OMFLOW - Arbitrary File Read
S
CVE-2024-8779 The SYSCOM Group OMFLOW - Broken Access Control
S
CVE-2024-8780 The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function
S
CVE-2024-8781 Container Escape Vulnerability in TR7's Application Security Platform (ASP)
CVE-2024-8782 JFinalCMS edit delete path traversal
E
CVE-2024-8783 OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting
E S
CVE-2024-8784 QDocs Smart School Management System Chat mynewuser sql injection
E S
CVE-2024-8785 WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
CVE-2024-8786 Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting
CVE-2024-8787 Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting
S
CVE-2024-8788 EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting
S
CVE-2024-8789 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
CVE-2024-8790 Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting
CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation
S
CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting
S
CVE-2024-8793 Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More <= 2.7.2.1 - Reflected Cross-Site Scripting
CVE-2024-8794 BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset
S
CVE-2024-8795 BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover
S
CVE-2024-8796 Insufficient Default OTP Shared Secret Length
S
CVE-2024-8797 WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting
S
CVE-2024-8798 Bluetooth: classic: avdtp: missing buffer length check
S
CVE-2024-8799 Custom Banners <= 3.3 - Reflected Cross-Site Scripting
CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting
S
CVE-2024-8801 Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
S
CVE-2024-8802 Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting
CVE-2024-8803 Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting
S
CVE-2024-8804 Code Embed <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-8805 BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability
CVE-2024-8806 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability
CVE-2024-8807 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability
CVE-2024-8808 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability
CVE-2024-8809 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability
CVE-2024-8810 Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access
CVE-2024-8811 WinZip Mark-of-the-Web Bypass Vulnerability
CVE-2024-8812 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8813 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-8814 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8815 PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-8816 PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2024-8817 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-8818 PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-8819 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8820 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8821 PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2024-8822 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8823 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8824 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8825 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8826 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8827 PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-8828 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8829 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8830 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-8831 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8832 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8833 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8834 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8835 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8836 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8837 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8838 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8839 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8840 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8841 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8842 PDF-XChange Editor RTF File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2024-8843 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8844 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8845 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8846 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8847 PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-8848 PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8849 PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting
S
CVE-2024-8851 Polls CP <= 1.0.75 - Admin+ Stored Cross-Site Scripting
E
CVE-2024-8852 All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs
S
CVE-2024-8853 Webo-facto <= 1.40 - Unauthenticated Privilege Escalation
S
CVE-2024-8854 Polls CP <= 1.0.75 - Admin+ Stored XSS via Custom Styles
E
CVE-2024-8855 WordPress Auction <= 3.7 - Editor+ SQL Injection
E
CVE-2024-8856 Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
CVE-2024-8857 WordPress Auction <= 3.7 - Editor+ Stored XSS
E
CVE-2024-8858 Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter
S
CVE-2024-8859 Path Traversal in mlflow/mlflow
CVE-2024-8861 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-8862 h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization
E
CVE-2024-8863 aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting
E
CVE-2024-8864 composiohq composio calculator.py Calculator code injection
E
CVE-2024-8865 composiohq composio api.py path path traversal
E
CVE-2024-8866 AutoCMS robot.php cross site scripting
E
CVE-2024-8867 Perfex CRM Parameter Clients.php cross site scripting
E M
CVE-2024-8868 code-projects Crud Operation System savedata.php sql injection
E
CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection
CVE-2024-8870 Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.6 - Reflected Cross-Site Scripting
CVE-2024-8871 Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting
CVE-2024-8872 Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting
S
CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting
CVE-2024-8874 AJAX Login and Registration modal popup + inline form <= 2.24 - Reflected Cross-Site Scripting
CVE-2024-8875 vedees wcms finder.php path traversal
E
CVE-2024-8876 xiaohe4966 TpMeCMS lang path traversal
E
CVE-2024-8877 SQL Injection
E
CVE-2024-8878 Unauthenticated Password Reset
E
CVE-2024-8880 playSMS Template index.php code injection
E
CVE-2024-8881 A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 swit...
CVE-2024-8882 A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2...
CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec
M
CVE-2024-8884 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could ...
CVE-2024-8885 A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Enc...
CVE-2024-8887 Authentication bypass vulnerability on CIRCUTOR Q-SMT
S
CVE-2024-8888 Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT
S
CVE-2024-8889 Improper Input Validation vulnerability on CIRCUTOR TCP2RS+
S
CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT
S
CVE-2024-8891 Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT
S
CVE-2024-8892 Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+
S
CVE-2024-8893 Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone...
CVE-2024-8894 Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10
CVE-2024-8896 Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability
CVE-2024-8897 Under certain conditions, an attacker with the ability to redirect users to a malicious site via an ...
CVE-2024-8898 Path Traversal in parisneo/lollms-webui
E S
CVE-2024-8899 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template
S
CVE-2024-8900 An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain se...
CVE-2024-8901 Lack of JWT issuer and signer validation
CVE-2024-8902 Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections
S
CVE-2024-8903 Local active protection service settings manipulation due to unnecessary privileges assignment. The ...
CVE-2024-8904 Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentiall...
E
CVE-2024-8905 Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker...
E
CVE-2024-8906 Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker...
CVE-2024-8907 Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a...
CVE-2024-8908 Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote at...
CVE-2024-8909 Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote a...
CVE-2024-8910 HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id
S
CVE-2024-8911 LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection
CVE-2024-8912 HTTP Request Smuggling in Looker
CVE-2024-8913 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template
CVE-2024-8914 Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-8915 Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8916 Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8917 AnWP Football Leagues <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-8918 File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload
CVE-2024-8919 Confetti Fall Animation <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode
CVE-2024-8920 Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8921 Zita Elementor Site Library <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8922 Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php
S
CVE-2024-8923 Sandbox Escape in Now Platform
CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform
CVE-2024-8925 Erroneous parsing of multipart form data
E
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
E
CVE-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd
CVE-2024-8932 OOB access in ldap_escape
CVE-2024-8933 CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vu...
CVE-2024-8934 Beckhoff: Local command injection via TwinCAT Package Manager
CVE-2024-8935 CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service...
CVE-2024-8936 CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of...
CVE-2024-8937 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exist...
CVE-2024-8938 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exist...
CVE-2024-8939 Vllm: denials of service in vllm json web api
M
CVE-2024-8940 Unrestricted Upload of File with Dangerous Type vulnerability on Scriptcase
S
CVE-2024-8941 Path Traversal vulnerability on Scriptcase
S
CVE-2024-8942 Cross-site Scripting vulnerability on Scriptcase
S
CVE-2024-8943 LatePoint <= 5.0.12 - Authentication Bypass
CVE-2024-8944 code-projects Hospital Management System check_availability.php sql injection
E S
CVE-2024-8945 CodeCanyon RISE Ultimate Project Manager save sql injection
E
CVE-2024-8946 MicroPython VFS Unmount vfs.c mp_vfs_umount heap-based overflow
E S
CVE-2024-8947 MicroPython objarray.c use after free
E S
CVE-2024-8948 MicroPython objint.c mpz_as_bytes heap-based overflow
E S
CVE-2024-8949 SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management
E
CVE-2024-8950 SQLi in Arne Informatics' Piramit Automation
CVE-2024-8951 SourceCodester Resort Reservation System manage_fee.php cross site scripting
E
CVE-2024-8952 SSRF in composiohq/composio
E
CVE-2024-8953 Unsafe eval usage in composiohq/composio
E
CVE-2024-8954 Authentication Bypass in composiohq/composio
CVE-2024-8955 SSRF in composiohq/composio
CVE-2024-8956 PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication
KEV
CVE-2024-8957 PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
KEV
CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio
E
CVE-2024-8959 WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8960 Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8961 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8962 WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-8963 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to ac...
KEV
CVE-2024-8964 Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8965 Absolute Reviews <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name
S
CVE-2024-8966 Denial of Service in gradio-app/gradio
E
CVE-2024-8967 PWA — easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-8968 MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color
E
CVE-2024-8969 The SYSCOM Group OMFLOW - Exposure of Sensitive Data
S
CVE-2024-8970 Incorrect Authorization in GitLab
E S
CVE-2024-8972 SQLi in Mobil365 Informatics' Saha365 App
CVE-2024-8973 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-8974 Incorrect Provision of Specified Functionality in GitLab
S
CVE-2024-8975 Grafana Alloy on Windows Unquoted service path
S
CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab
E S
CVE-2024-8978 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure
CVE-2024-8979 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation
CVE-2024-8980 The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023...
CVE-2024-8981 Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting
CVE-2024-8982 Local File Inclusion in bentoml/openllm
CVE-2024-8983 Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS
E
CVE-2024-8984 Denial of Service (DoS) in berriai/litellm
CVE-2024-8985 Social Proof (Testimonials) Slider <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via spslider-block Shortcode
CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go
CVE-2024-8987 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode
CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download
CVE-2024-8989 Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode
CVE-2024-8990 Geo Mashup <= 1.13.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode
CVE-2024-8991 OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes
S
CVE-2024-8992 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-8993 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-8994 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-8996 Grafana Agent Flow on Windows Unquoted service path
S
CVE-2024-8997 SQLi in Vestel's EVC04 Configuration Interface
CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
E S
CVE-2024-8999 Improper Access Control in lunary-ai/lunary
E S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.