CVE-2024-9xxx

There are 929 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-9000 Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary
E S
CVE-2024-9001 TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection
E
CVE-2024-9002 CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, lo...
CVE-2024-9003 Jinan Chicheng Company JFlow Attachment EntityMutliFile_Load.do AttachmentUploadController access control
E
CVE-2024-9004 D-Link DAR-7000 Backup_Server_commit.php os command injection
E
CVE-2024-9005 CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely...
CVE-2024-9006 jeanmarc77 123solar config_invt1.php code injection
E S
CVE-2024-9007 jeanmarc77 123solar detailed.php cross site scripting
E S
CVE-2024-9008 SourceCodester Best Online News Portal Comment Section news-details.php sql injection
E
CVE-2024-9009 code-projects Online Quiz Site showtest.php sql injection
E
CVE-2024-9010 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9011 code-projects Crud Operation System updata.php sql injection
E
CVE-2024-9014 OAuth2 client id and secret exposed through the web browser in pgAdmin 4
CVE-2024-9015 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9016 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-9018 WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter
CVE-2024-9019 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode
CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS
E
CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS
E
CVE-2024-9022 TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.3.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter
E
CVE-2024-9023 WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode
CVE-2024-9024 Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode
CVE-2024-9025 Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title
S
CVE-2024-9026 PHP-FPM logs from children may be altered
E
CVE-2024-9027 WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode
CVE-2024-9028 WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode
CVE-2024-9029 Freeimage: heap buffer overflow in tiff_read_iptc_profile
CVE-2024-9030 CodeCanyon CRMGo SaaS note cross site scripting
E
CVE-2024-9031 CodeCanyon CRMGo SaaS show cross site scripting
E
CVE-2024-9032 SourceCodester Simple Forum-Discussion System index.php path traversal
E
CVE-2024-9033 SourceCodester Best House Rental Management System ajax.php cross site scripting
E
CVE-2024-9034 code-projects Patient Record Management System login.php sql injection
E
CVE-2024-9035 code-projects Blood Bank Management System Admin Login login.php sql injection
E
CVE-2024-9036 itsourcecode Online Bookstore admin_add.php unrestricted upload
E
CVE-2024-9037 Codezips Internal Marks Calculation index.php sql injection
E
CVE-2024-9038 Codezips Online Shopping Portal insert-product.php unrestricted upload
E
CVE-2024-9039 SourceCodester Best House Rental Management System ajax.php sql injection
E
CVE-2024-9040 code-projects Blood Bank Management System Password cleartext storage in a file or on disk
CVE-2024-9041 SourceCodester Best House Rental Management System ajax.php sql injection
E S
CVE-2024-9042 This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is ru...
CVE-2024-9043 Cellopoint Secure Email Gateway - Buffer Overflow
S
CVE-2024-9044 XML External Entity (XXE) Vulnerability in EasyTax
CVE-2024-9046 A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to ex...
S
CVE-2024-9047 WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php
S
CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting
E S
CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module
S
CVE-2024-9050 Networkmanager-libreswan: local privilege escalation via leftupdown
M
CVE-2024-9051 WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode
CVE-2024-9052 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9053 Remote Code Execution in vllm-project/vllm
E
CVE-2024-9054 Remote code Execution inTimeProvider® 4100
E M
CVE-2024-9055 DPA Countermeasures need reseeding
CVE-2024-9056 Denial of Service in bentoml/bentoml
CVE-2024-9057 Curator.io: Show all your social media posts in a beautiful feed. <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via feed_id Attribute
CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget
S
CVE-2024-9059 Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget
CVE-2024-9060 AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add
S
CVE-2024-9063 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2143 Reason: Th...
R
CVE-2024-9064 Elementor Inline SVG <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9065 WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test
CVE-2024-9066 Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9067 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion
CVE-2024-9068 OneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9069 Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9070 Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml
CVE-2024-9071 Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9072 GDPR-Extensions-com – Consent Manager <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9073 GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9074 Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting
E
CVE-2024-9076 DedeCMS article_string_mix.php os command injection
E
CVE-2024-9077 dingfangzu Order Checkout order.js cross site scripting
E
CVE-2024-9078 code-projects Student Record System course.php sql injection
E
CVE-2024-9079 code-projects Student Record System marks.php sql injection
E
CVE-2024-9080 code-projects Student Record System pincode-verification.php sql injection
E
CVE-2024-9081 SourceCodester Online Eyewear Shop view_category.php sql injection
E
CVE-2024-9082 SourceCodester Online Eyewear Shop User Creation Users.php improper authorization
E
CVE-2024-9083 SourceCodester Employee Management System add-admin.php cross site scripting
E
CVE-2024-9084 code-projects Blood Bank System bbms.php cross site scripting
E
CVE-2024-9085 code-projects Restaurant Reservation System index.php sql injection
E
CVE-2024-9086 code-projects Restaurant Reservation System filter.php sql injection
E
CVE-2024-9087 code-projects Vehicle Management edit1.php sql injection
E
CVE-2024-9088 SourceCodester Telecom Billing Management System login buffer overflow
E
CVE-2024-9089 SourceCodester Modern Loan Management System update_loan_record.php cross site scripting
E
CVE-2024-9090 SourceCodester Modern Loan Management System search_member.php sql injection
E
CVE-2024-9091 code-projects Student Record System index.php sql injection
E
CVE-2024-9092 SourceCodester Profile Registration without Reload Refresh Registration Form add.php cross site scripting
E
CVE-2024-9093 SourceCodester Profile Registration without Reload Refresh GET Parameter del.php sql injection
E
CVE-2024-9094 code-projects Blood Bank System o-.php sql injection
E
CVE-2024-9095 Improper Authorization in lunary-ai/lunary
E S
CVE-2024-9096 Improper Authorization in lunary-ai/lunary
E S
CVE-2024-9097 IDOR
CVE-2024-9098 Privilege Escalation in lunary-ai/lunary
E S
CVE-2024-9099 Exposure of Private API Keys in lunary-ai/lunary
E S
CVE-2024-9100 Local File Inclusion
CVE-2024-9101 phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
S
CVE-2024-9102 phpLDAPadmin: Improper Neutralization of Formula Elements
S
CVE-2024-9103 Persistent XSS in blocked messages
S
CVE-2024-9104 UltimateAI <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check
CVE-2024-9105 UltimateAI <= 2.8.3 - Authentication Bypass
CVE-2024-9106 Wechat Social login <= 1.3.0 - Authentication Bypass
CVE-2024-9107 Stored XSS in gaizhenbiao/chuanhuchatgpt
CVE-2024-9108 Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
CVE-2024-9109 UPS Live Rates and Access Points <= 2.3.11 - Missing Authorization to Plugin API key reset
S
CVE-2024-9110 Cross-Site Scripting In Privileged Identity
CVE-2024-9111 Product Designer <= 1.0.35 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9112 FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9113 FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9114 FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9115 Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9116 Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9117 Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9118 QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9119 SVG Complete <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9120 Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker ...
E
CVE-2024-9121 Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker...
E
CVE-2024-9122 Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform ou...
E
CVE-2024-9123 Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perfor...
CVE-2024-9124 Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability
S
CVE-2024-9125 king_IE <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9127 Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter
CVE-2024-9129 Format String Injection in Zend Server
CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter
S
CVE-2024-9131 A user with administrator privileges can perform command injection
S
CVE-2024-9132 The administrator is able to configure an insecure captive portal script
S
CVE-2024-9133 A user with administrator privileges is able to retrieve authentication tokens
S
CVE-2024-9134 Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
S
CVE-2024-9135 On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
M
CVE-2024-9136 Access permission verification vulnerability in the App Multiplier module Impact: Successful exploit...
CVE-2024-9137 Moxa Service Missing Authentication for Critical Function
S
CVE-2024-9138 Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances
S
CVE-2024-9139 OS Command Injection in Restricted Command
S
CVE-2024-9140 Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical ...
S
CVE-2024-9141 Cross-Site Scripting (XSS) vulnerability in Oct8ne
S
CVE-2024-9142 Local File Inclusion (LFI) in Olgu Computer Systems' e-Belediye
CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access
S
CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension
CVE-2024-9146 WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability
S
CVE-2024-9147 HTML Injection in Bna Informatics' PosPratik
CVE-2024-9148 Flowise Stored Cross-Site Scripting
E
CVE-2024-9149 SQLi in Wind Media's E-Commerce Website Template
CVE-2024-9150 Code Injection in Wyn Enterprise
CVE-2024-9154 Authenticated Remote Code Execution
CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files
S
CVE-2024-9156 TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQL Injection via lang parameters
E
CVE-2024-9157 Privilege Escalation Vulnerability in CxUIUSvc service
CVE-2024-9158 XSS
S
CVE-2024-9159 Incorrect Authorization in gaizhenbiao/chuanhuchatgpt
CVE-2024-9160 Security Misconfiguration in Forge module PEADM
CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete
S
CVE-2024-9162 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab
E S
CVE-2024-9164 Missing Authentication for Critical Function in GitLab
E S
CVE-2024-9165 Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9166 OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver
S
CVE-2024-9167 Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version ...
CVE-2024-9169 litespeed cache <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-9170 Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode
S
CVE-2024-9171 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-9172 Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9173 GF Custom Style <= 2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9174 Stored HTML Injection in Hubshare social module
CVE-2024-9177 Themedy Toolbox <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
S
CVE-2024-9178 XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges
CVE-2024-9181 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9182 Maspik - Advanced Spam protection < 2.1.3 - Admin+ Stored XSS
E
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-9185 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9186 Automation By Autonami < 3.3.0 - Unauthenticated SQLi
E
CVE-2024-9187 Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion
CVE-2024-9188 Specially constructed queries cause cross platform scripting leaking administrator tokens
S
CVE-2024-9189 EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization
S
CVE-2024-9191 The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to t...
S
CVE-2024-9192 WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
CVE-2024-9193 WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update
CVE-2024-9194 SQL Injection in the Octopus Server REST API
CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
CVE-2024-9196 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9197 A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in ...
CVE-2024-9198 Stored Cross-Site Scripting vulnerability in Clibo Manager
S
CVE-2024-9199 Rate limit vulnerability in Clibo Manager
S
CVE-2024-9200 A post-authentication command injection vulnerability in the "host" parameter of the diagnostic func...
CVE-2024-9201 SQL injection vulnerability in SEUR plugin
S
CVE-2024-9202 EDC DataSetResolver policy filtering missing
S
CVE-2024-9203 Enpass Password Manager sensitive information in memory
S
CVE-2024-9204 Smart Custom 404 Error Page <= 11.4.7 - Reflected Cross-Site Scripting
S
CVE-2024-9205 Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting
S
CVE-2024-9206 MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting
S
CVE-2024-9207 BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting
CVE-2024-9208 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting
CVE-2024-9209 WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting
CVE-2024-9210 MC4WP: Mailchimp Top Bar <= 1.6.0 - Reflected Cross-Site Scripting
CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting
CVE-2024-9212 SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting
CVE-2024-9213 Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting
CVE-2024-9214 Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-9215 Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover
CVE-2024-9216 Authentication Bypass in gaizhenbiao/ChuanhuChatGPT
CVE-2024-9217 Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting
CVE-2024-9218 Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting
S
CVE-2024-9219 WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting
S
CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting
CVE-2024-9221 Tainacan <= 0.21.10 - Reflected Cross-Site Scripting
S
CVE-2024-9222 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting
S
CVE-2024-9223 WPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
CVE-2024-9224 Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read
CVE-2024-9225 SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting
S
CVE-2024-9226 Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.6 - Reflected Cross-Site Scripting
CVE-2024-9227 PowerPress Podcasting < 11.9.18 - Author+ XSS
E
CVE-2024-9228 Loggedin – Limit Active Logins <= 1.3.1 - Reflected Cross-Site Scripting
CVE-2024-9229 Denial of Service (DoS) via Multipart Boundary in stangirard/quivr
CVE-2024-9230 PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL
E
CVE-2024-9231 WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting
S
CVE-2024-9232 Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting
CVE-2024-9233 GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery
E
CVE-2024-9234 GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload
CVE-2024-9235 Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update
S
CVE-2024-9236 Team Members Showcase < 4.4.2 - Editor+ Stored XSS
E
CVE-2024-9237 Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting
S
CVE-2024-9238 AVIF & SVG Uploader <= 1.1.0 - Author+ Stored XSS via SVG Uplaod
E
CVE-2024-9239 Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting
S
CVE-2024-9240 ReDi Restaurant Reservation <= 24.0902 - Reflected Cross-Site Scripting
CVE-2024-9241 PDF Image Generator <= 1.5.6 - Reflected Cross-Site Scripting
CVE-2024-9242 Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting
S
CVE-2024-9243 Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9244 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-9245 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-9246 Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9247 Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9248 Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9249 Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9250 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9251 Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
CVE-2024-9252 Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability
CVE-2024-9253 Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9254 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9255 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9256 Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9257 Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability
CVE-2024-9258 IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
CVE-2024-9259 IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9260 IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9261 IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9262 User Meta – User Profile Builder and User management plugin <= 3.1 - Insecure Direct Object Reference to Sensitive Information Exposure
CVE-2024-9263 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover
CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
CVE-2024-9265 Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation
CVE-2024-9266 Open Redirect
CVE-2024-9267 Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter
CVE-2024-9268 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-9269 Relogo <= 0.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9270 Lenxel Core for Lenxel(LNX) LMS <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9271 Re:WP <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9272 R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9273 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-9274 Elastik Page Builder <= 0.27.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9275 jeanmarc77 123solar admin_invt2.php file inclusion
E
CVE-2024-9276 TMsoft MyAuth Gateway index.php cross site scripting
CVE-2024-9277 Langflow HTTP POST Request utils.py redos
E
CVE-2024-9278 HuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload
E
CVE-2024-9279 funnyzpc Mee-Admin User Center index cross site scripting
E
CVE-2024-9280 kalvinGit kvf-admin FileUploadKit.java fileUpload unrestricted upload
E
CVE-2024-9281 bg5sbk MiniCMS post-edit.php cross-site request forgery
E
CVE-2024-9282 bg5sbk MiniCMS page-edit.php cross-site request forgery
E
CVE-2024-9283 RelaxedJS ReLaXed Pug to PDF Converter cross site scripting
E
CVE-2024-9284 TP-LINK TL-WR841ND popupSiteSurveyRpm.htm stack-based overflow
E
CVE-2024-9285 Tu Yafeng Via Browser Javascript Bridge cross site scripting
E
CVE-2024-9286 SQLi in TRtek Software's Distant Education Platform
CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths
S
CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation
CVE-2024-9290 Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload
CVE-2024-9291 kalvinGit kvf-admin XML File cross site scripting
E
CVE-2024-9292 Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-9293 skyselang yylAdmin Backend File.php list sql injection
E
CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection
E
CVE-2024-9295 SourceCodester Advocate Office Management System login.php sql injection
E
CVE-2024-9296 SourceCodester Advocate Office Management System forgot_pass.php sql injection
E
CVE-2024-9297 SourceCodester Online Railway Reservation System admin improper authorization
E
CVE-2024-9298 SourceCodester Online Railway Reservation System Ticket ?page=tickets access control
E
CVE-2024-9299 SourceCodester Online Railway Reservation System ?page=reserve cross site scripting
E
CVE-2024-9300 SourceCodester Online Railway Reservation System Message Us Form contact_us.php cross site scripting
E
CVE-2024-9301 A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a...
CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP
S
CVE-2024-9304 LocateAndFilter <= 1.6.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9305 AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP
S
CVE-2024-9306 WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-9307 mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files
CVE-2024-9308 Open Redirect in haotian-liu/llava
CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava
CVE-2024-9310 Traffic Alert and Collision Avoidance System (TCAS) II has a Reliance on Untrusted Inputs in a Security Decision vulnerability
M
CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava
E
CVE-2024-9312 Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local...
CVE-2024-9313 Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user m...
CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection
S
CVE-2024-9315 SourceCodester Employee and Visitor Gate Pass Logging System manage_department.php sql injection
E
CVE-2024-9316 code-projects Blood Bank Management System B+.php sql injection
E
CVE-2024-9317 SourceCodester Online Eyewear Shop Master.php delete_category sql injection
E
CVE-2024-9318 SourceCodester Advocate Office Management System activate.php sql injection
E
CVE-2024-9319 SourceCodester Online Timesheet App delete-timesheet.php sql injection
E
CVE-2024-9320 SourceCodester Online Timesheet App Add Timesheet Form add-timesheet.php cross site scripting
E
CVE-2024-9321 SourceCodester Online Railway Reservation System view_details.php access control
E
CVE-2024-9322 code-projects Supply Chain Management edit_manufacturer.php sql injection
E
CVE-2024-9323 SourceCodester Inventory Management System add_staff.php cross site scripting
E
CVE-2024-9324 Intelbras InControl Relatório de Operadores Page operador code injection
E S
CVE-2024-9325 Intelbras InControl incontrol-service-watchdog.exe unquoted search path
E S
CVE-2024-9326 PHPGurukul Online Shopping Portal Admin Panel index.php sql injection
E
CVE-2024-9327 code-projects Blood Bank System forgot.php sql injection
E
CVE-2024-9328 SourceCodester Advocate Office Management System edit_client.php sql injection
E
CVE-2024-9329 Glassfish redirect to untrusted site
E S
CVE-2024-9333 Permission bypass in M-Files Connector for Copilot
CVE-2024-9334 Information Disclosure in E-Kent's Pallium Vehicle Tracking
CVE-2024-9340 Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml
CVE-2024-9341 Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
M
CVE-2024-9344 BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting
S
CVE-2024-9345 Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting
S
CVE-2024-9346 Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting
CVE-2024-9347 The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting
CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
S
CVE-2024-9349 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.2 - Reflected Cross-Site Scripting
S
CVE-2024-9350 DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting
CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation
S
CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation
S
CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting
S
CVE-2024-9354 Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting
CVE-2024-9355 Golang-fips: golang fips zeroed buffer
M
CVE-2024-9356 Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.8 - Reflected Cross-Site Scripting
CVE-2024-9357 xili-tidy-tags <= 1.12.04 - Reflected Cross-Site Scripting
CVE-2024-9358 ThingsBoard HTTP RPC API resource consumption
E
CVE-2024-9359 code-projects Restaurant Reservation System addcompany.php sql injection
E
CVE-2024-9360 code-projects Restaurant Reservation System updatebal.php sql injection
E
CVE-2024-9361 Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
CVE-2024-9362 Directory Traversal in polyaxon/polyaxon
CVE-2024-9363 Unauthorized File Deletion in polyaxon/polyaxon
CVE-2024-9364 SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion
CVE-2024-9365 Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon
CVE-2024-9366 Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9367 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-9368 Aggregator Advanced Settings <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9369 Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attack...
CVE-2024-9371 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting
CVE-2024-9372 WP Blocks Hub <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9373 Elemenda <= 0.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9374 Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting
CVE-2024-9375 WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting
CVE-2024-9376 Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9377 Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting
S
CVE-2024-9378 YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting
S
CVE-2024-9379 SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authentica...
KEV
CVE-2024-9380 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 al...
KEV
CVE-2024-9381 Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin ...
CVE-2024-9382 Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting
CVE-2024-9383 Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting
CVE-2024-9384 Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting
S
CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting
S
CVE-2024-9386 Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9387 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
E S
CVE-2024-9388 Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9390 RegistrationMagic < 6.0.2.1 - Stored XSS
E
CVE-2024-9391 A user who enables full-screen mode on a specially crafted web page could potentially be prevented f...
CVE-2024-9392 A compromised content process could have allowed for the arbitrary loading of cross-origin pages. Th...
CVE-2024-9393 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under th...
CVE-2024-9394 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under th...
CVE-2024-9395 A specially crafted filename containing a large number of spaces could obscure the file's extension ...
CVE-2024-9396 It is currently unknown if this issue is exploitable but a condition may arise where the structured ...
CVE-2024-9397 A missing delay in directory upload UI could have made it possible for an attacker to trick a user i...
CVE-2024-9398 By checking the result of calls to `window.open` with specifically set protocol handlers, an attacke...
CVE-2024-9399 A website configured to initiate a specially crafted WebTransport session could crash the Firefox pr...
CVE-2024-9400 A potential memory corruption vulnerability could be triggered if an attacker had the ability to tri...
CVE-2024-9401 Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 12...
CVE-2024-9402 Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these b...
CVE-2024-9403 Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption a...
CVE-2024-9404 Denial-of-Service Vulnerability
S
CVE-2024-9405 An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pl...
CVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction
M
CVE-2024-9409 CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to be...
S
CVE-2024-9410 Ada.cx SSRF via Sentry Misconfiguration
E
CVE-2024-9411 OFCMS add.json add cross site scripting
E
CVE-2024-9412 Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager
S
CVE-2024-9413 The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not prope...
CVE-2024-9414 Cross-site Scripting vulnerability in LCDS LAquis SCADA
S
CVE-2024-9415 Path Traversal in transformeroptimus/superagi
CVE-2024-9416 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library
CVE-2024-9417 Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload
S
CVE-2024-9418 Insufficiently Protected Credentials in transformeroptimus/superagi
CVE-2024-9419 Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver
CVE-2024-9420 A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy S...
CVE-2024-9421 Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
CVE-2024-9422 GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
E
CVE-2024-9423 Certain HP LaserJet Printers – Potential Denial of Service
CVE-2024-9425 Advanced Category and Custom Taxonomy Image <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode
S
CVE-2024-9426 Aqua SVG Sprite <= 3.0.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9427 Koji: escape html tag characters in the query string
CVE-2024-9428 Popup Builder < 4.3.5 - Admin+ Stored XSS
E
CVE-2024-9429 code-projects Restaurant Reservation System filter2.php sql injection
E
CVE-2024-9430 Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download
CVE-2024-9431 Improper Privilege Management in transformeroptimus/superagi
CVE-2024-9434 WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-9435 ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting
S
CVE-2024-9436 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting
CVE-2024-9437 Unauthenticated Denial of Service in transformeroptimus/superagi
CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
CVE-2024-9439 Remote Code Execution in transformeroptimus/superagi
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
E
CVE-2024-9441 Linear eMerge e3-Series Forgot Password Command Injection
E
CVE-2024-9442 F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9443 Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9444 ElementsReady Addons for Elementor <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9445 Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode
CVE-2024-9446 WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode
CVE-2024-9447 Exposure of Sensitive Information in transformeroptimus/superagi
CVE-2024-9448 On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp
S
CVE-2024-9449 Auto iFrame <= 1.7 - Authenticated (Author+) Stored Cross-Site Scripting via tag Parameter
CVE-2024-9450 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update
E
CVE-2024-9451 Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height and width Parameters
CVE-2024-9452 Branding <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9454 PriPre <= 0.4.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9455 WP Cleanup and Basic Functions <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9456 WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9457 WP Builder <= 3.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9458 Reservit Hotel < 3.0 - Admin+ Stored XSS
E
CVE-2024-9459 SQL Injection
CVE-2024-9460 Codezips Online Shopping Portal index.php sql injection
E
CVE-2024-9461 Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings
CVE-2024-9462 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings
CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure
KEV S
CVE-2024-9464 Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure
E S
CVE-2024-9465 Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure
KEV E S
CVE-2024-9466 Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure
E S
CVE-2024-9467 Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure
S
CVE-2024-9468 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
S
CVE-2024-9469 Cortex XDR Agent: Local Windows User Can Disable the Agent
S
CVE-2024-9470 Cortex XSOAR: Information Disclosure Vulnerability
S
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
S
CVE-2024-9472 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
S
CVE-2024-9473 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
E S
CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
KEV E S
CVE-2024-9475 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) SQL Injection via Order_by Parameter
CVE-2024-9476 Privilege escalation vulnerability for Organizations in Grafana
CVE-2024-9477 XSS in AirTies' Air4443 Firmware
CVE-2024-9478 Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access ...
CVE-2024-9479 Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access ...
CVE-2024-9481 Out of Bounds write on scan of malformed eml file may crash the application
S
CVE-2024-9482 Out of Bounds write on scan of malformed Mach-O file may crash the application
S
CVE-2024-9483 Uninitialized variable in digital signiture verification may crash the application
S
CVE-2024-9484 An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released ...
S
CVE-2024-9486 VM images built with Image Builder and Proxmox provider use default credentials
S
CVE-2024-9487 An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled
CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider
S
CVE-2024-9489 Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability
CVE-2024-9490 Uncontrolled search path can lead to DLL hijacking in Silicon Labs IDE installer
CVE-2024-9491 Uncontrolled search path can lead to DLL hijacking in Configuration Wizard 2 installer
CVE-2024-9492 Uncontrolled search path can lead to DLL hijacking in Flash Programming Utility installer
CVE-2024-9493 Uncontrolled search path can lead to DLL hijacking in ToolStick installer
CVE-2024-9494 Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer
CVE-2024-9495 Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer
CVE-2024-9496 Uncontrolled search path can lead to DLL hijacking in USBXpress Dev Kit installer
CVE-2024-9497 Uncontrolled search path can lead to DLL hijacking in USBXpress 4 SDK installer
CVE-2024-9498 Uncontrolled search path can lead to DLL hijacking in USBXpress SDK installer
CVE-2024-9499 Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer
CVE-2024-9500 Autodesk ADP Desktop SDK Privilege Escalation Vulnerability
CVE-2024-9501 Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider
CVE-2024-9502 Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module
CVE-2024-9503 Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update
CVE-2024-9504 Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9505 Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget
S
CVE-2024-9506 Regular Expression Denial of Service (ReDoS)
CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read
CVE-2024-9508 Horner Automation Cscape Out-of-bounds Read
S
CVE-2024-9511 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection
CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure
E
CVE-2024-9514 D-Link DIR-605L formSetDomainFilter buffer overflow
E
CVE-2024-9515 D-Link DIR-605L formSetQoS buffer overflow
E
CVE-2024-9518 UserPlus <= 2.0 - Unauthenticated Privilege Escalation
CVE-2024-9519 UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation
CVE-2024-9520 UserPlus <= 2.0 - Missing Authorization via Multiple Functions
CVE-2024-9521 SEO Manager <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
CVE-2024-9522 WP Users Masquerade <= 2.0.0 - Authentication Bypass
CVE-2024-9524 Privilege Escalation Vulnerability in Avira Prime Version 1.1.96.2
S
CVE-2024-9526 Stored XSS in Kubeflow Pipeline View
CVE-2024-9528 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting
S
CVE-2024-9529 Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
E
CVE-2024-9530 Qi Addons For Elementor <= 1.8.0 - Sensitive Information Exposure
S
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending
CVE-2024-9532 D-Link DIR-605L formAdvanceSetup buffer overflow
E
CVE-2024-9533 D-Link DIR-605L formDeviceReboot buffer overflow
E
CVE-2024-9534 D-Link DIR-605L formEasySetPassword buffer overflow
E
CVE-2024-9535 D-Link DIR-605L formEasySetupWWConfig buffer overflow
E
CVE-2024-9536 ESAFENET CDG MultiServerBackService sql injection
E
CVE-2024-9537 ScienceLogic SL1 unspecified vulnerability
KEV
CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template
CVE-2024-9539 An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uplo...
CVE-2024-9540 Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template
S
CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template
S
CVE-2024-9542 Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template
S
CVE-2024-9543 Powerpress <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via skipto Shortcode
CVE-2024-9544 MapSVG - All Kinds of Maps and Store Locator for WordPress <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes
CVE-2024-9546 WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure
CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2024-9549 D-Link DIR-605L formEasySetupWizard formEasySetupWizard2 buffer overflow
E
CVE-2024-9550 D-Link DIR-605L formLogDnsquery buffer overflow
E
CVE-2024-9551 D-Link DIR-605L formSetWanL2TP buffer overflow
E
CVE-2024-9552 D-Link DIR-605L formSetWanNonLogin buffer overflow
E
CVE-2024-9553 D-Link DIR-605L formdumpeasysetup buffer overflow
E
CVE-2024-9554 Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization
CVE-2024-9555 D-Link DIR-605L formSetEasy_Wizard buffer overflow
E
CVE-2024-9556 D-Link DIR-605L formSetEnableWizard buffer overflow
E
CVE-2024-9557 D-Link DIR-605L formSetWanPPPoE buffer overflow
E
CVE-2024-9558 D-Link DIR-605L formSetWanPPTP buffer overflow
E
CVE-2024-9559 D-Link DIR-605L formWlanSetup buffer overflow
E
CVE-2024-9560 ESAFENET CDG Catelogs;logindojojs delCatelogs sql injection
E
CVE-2024-9561 D-Link DIR-605L formSetWAN_Wizard52 buffer overflow
E
CVE-2024-9562 D-Link DIR-605L formSetWizard2 buffer overflow
E
CVE-2024-9563 D-Link DIR-605L formWlanSetup_Wizard buffer overflow
E
CVE-2024-9564 D-Link DIR-605L formWlanWizardSetup buffer overflow
E
CVE-2024-9565 D-Link DIR-605L formSetPassword buffer overflow
E
CVE-2024-9566 D-Link DIR-619L B1 formDeviceReboot buffer overflow
E
CVE-2024-9567 D-Link DIR-619L B1 formAdvFirewall buffer overflow
E
CVE-2024-9568 D-Link DIR-619L B1 formAdvNetwork buffer overflow
E
CVE-2024-9569 D-Link DIR-619L B1 formEasySetPassword buffer overflow
E
CVE-2024-9570 D-Link DIR-619L B1 formEasySetTimezone buffer overflow
E
CVE-2024-9571 Cross-Site Scripting vulnerability in SOPlanning
S
CVE-2024-9572 Cross-Site Scripting vulnerability in SOPlanning
S
CVE-2024-9573 SQL Injection vulnerability in SOPlanning
S
CVE-2024-9574 SQL Injection vulnerability in SOPlanning
S
CVE-2024-9575 Local File Inclusion in pretix-widget WordPress plugin
CVE-2024-9576 Improper access control in Linux Workbooth Distro
CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution
CVE-2024-9579 Certain Poly Video Conference Devices – Potential Remote Code Execution
CVE-2024-9580 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9581 Shortcodes AnyWhere <= 1.0.1 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-9582 Accordion Slider <= 1.9.11 - Authenticted (Contributor+) Stored Cross-Site Scripting via HTML Attribute
CVE-2024-9583 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization
S
CVE-2024-9584 Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete
CVE-2024-9585 Image Map Pro <= 6.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-9586 Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update
CVE-2024-9587 Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX
CVE-2024-9588 Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete
CVE-2024-9589 Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-9590 Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting
CVE-2024-9591 Category and Taxonomy Image <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting
CVE-2024-9592 Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options
CVE-2024-9593 Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
CVE-2024-9594 VM images built with Image Builder with some providers use default credentials during builds
S
CVE-2024-9595 TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2024-9596 Inclusion of Sensitive Information in Source Code in GitLab
S
CVE-2024-9597 Path Traversal in parisneo/lollms
CVE-2024-9598 AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation
S
CVE-2024-9599 Popup Box < 4.7.8 - Admin+ Stored XSS
E
CVE-2024-9600 Ditty < 3.1.47 - Author+ Stored XSS
E
CVE-2024-9601 Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID'
S
CVE-2024-9602 Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform a...
E
CVE-2024-9603 Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potential...
CVE-2024-9606 Improper Output Neutralization for Logs in berriai/litellm
E S
CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting
CVE-2024-9608 MyParcel <= 4.24.1 - Reflected Cross-Site Scripting
CVE-2024-9609 LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting
S
CVE-2024-9610 Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting
CVE-2024-9611 Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting
CVE-2024-9612 Unauthorized Access in danswer-ai/danswer
E
CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting
CVE-2024-9614 Constant Contact Forms by MailMunch <= 2.1.2 - Reflected Cross-Site Scripting
CVE-2024-9615 BulkPress <= 0.3.5 - Reflected Cross-Site Scripting
CVE-2024-9616 BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting
CVE-2024-9617 IDOR in danswer-ai/danswer
CVE-2024-9618 Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2024-9619 WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9620 Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption
CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
M
CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4
CVE-2024-9623 Incorrect Authorization in GitLab
S
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
CVE-2024-9625 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9626 Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image
CVE-2024-9627 TeploBot - Telegram Bot for WP <= 1.3 - Telegram Bot Token Disclosure
CVE-2024-9628 WPS Telegram Chat <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
CVE-2024-9629 Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse
CVE-2024-9630 WPS Telegram Chat <= 4.5.4 - Missing Authorization to Information Exposure
CVE-2024-9631 Inefficient Algorithmic Complexity in GitLab
E S
CVE-2024-9632 Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
M
CVE-2024-9633 Incorrect Ownership Assignment in GitLab
E S
CVE-2024-9634 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution
S
CVE-2024-9635 Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting
CVE-2024-9636 Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation
CVE-2024-9637 School Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation
CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS
E
CVE-2024-9639 Authenticated Remote Code Execution
CVE-2024-9641 LuckyWP Table of Contents < 2.1.7 - Admin+ Stored XSS
E
CVE-2024-9642 Editor Custom Color Palette <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials
E
CVE-2024-9644 Four-Faith F3x36 bapply.cgi Auth Bypass
CVE-2024-9645 Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS
E
CVE-2024-9647 Kama SpamBlock <= 1.8.2 - Reflected Cross-Site Scripting
CVE-2024-9649 WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion
S
CVE-2024-9650 WP Recipe Maker <= 9.6.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'tooltip'
S
CVE-2024-9651 Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS
E
CVE-2024-9652 Locatoraid Store Locator <= 3.9.47 - Reflected Cross-Site Scripting
CVE-2024-9653 Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.2 - Reflected Cross-Site Scripting
S
CVE-2024-9654 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass
S
CVE-2024-9655 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget
S
CVE-2024-9656 Mynx Page Builder <= 0.27.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2024-9658 School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation
CVE-2024-9659 School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload
CVE-2024-9660 School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload
CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion
CVE-2024-9662 CYAN Backup < 2.5.3 - Admin+ Stored XSS via General Settings
E
CVE-2024-9663 CYAN Backup < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings
E
CVE-2024-9664 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) PHP Object Injection via Import File
CVE-2024-9665 Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
CVE-2024-9666 Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability
CVE-2024-9667 Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter
S
CVE-2024-9668 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion
S
CVE-2024-9670 2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter
CVE-2024-9671 System: pdf invoices of the developer users can be seen if the url is known
CVE-2024-9672 Reflected XSS in PaperCut MF
CVE-2024-9673 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-22333. Reason: ...
R
CVE-2024-9674 Debrandify · Remove or Replace WordPress Branding <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2024-9675 Buildah: buildah allows arbitrary directory mount
M
CVE-2024-9676 Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
M
CVE-2024-9677 The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series u...
CVE-2024-9678 An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an att...
CVE-2024-9679 A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the dec...
CVE-2024-9680 An attacker was able to achieve code execution in the content process by exploiting a use-after-free...
KEV S
CVE-2024-9681 HSTS subdomain overwrites parent cache entry
E S
CVE-2024-9682 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget
CVE-2024-9683 Quay: quay allows successful authentication with trucated version of the password
CVE-2024-9685 Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message
S
CVE-2024-9686 Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message
CVE-2024-9687 WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass
CVE-2024-9688 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9689 Post From Frontend <= 1.0.0 - Post Deletion via CSRF
E
CVE-2024-9692 Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus
M
CVE-2024-9693 Incorrect Authorization in GitLab
S
CVE-2024-9694 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-9696 Rescue Shortcodes <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-9697 Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update
CVE-2024-9698 Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files
CVE-2024-9699 Cross-Site Scripting (XSS) in flatpressblog/flatpress
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
S
CVE-2024-9701 Remote Code Execution in kedro-org/kedro
CVE-2024-9702 Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-9703 Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-9704 Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-9705 Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update
CVE-2024-9706 Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation
CVE-2024-9707 Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
S
CVE-2024-9708 Easy SVG Upload <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9709 EKC Tournament Manager < 2.2.2 - Create Tournaments/Teams via CSRF
E
CVE-2024-9710 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
S
CVE-2024-9711 EKC Tournament Manager < 2.2.2 - Delete Tournaments via CSRF
E
CVE-2024-9712 Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9713 Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9714 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9715 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9716 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9717 Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2024-9718 Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9719 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9720 Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9721 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9722 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9723 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9724 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9725 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9726 Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9727 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9728 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9729 Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9730 Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-9731 Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-9732 Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9733 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9734 Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9735 Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9736 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9737 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9738 Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-9739 Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-9740 Tungsten Automation Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9741 Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9742 Tungsten Automation Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9743 Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9744 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9745 Tungsten Automation Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-9746 Tungsten Automation Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9747 Tungsten Automation Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-9748 Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9749 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9750 Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9751 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9752 Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9753 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9754 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9755 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9756 Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload
S
CVE-2024-9757 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9758 Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9759 Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9760 Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9761 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9762 Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9763 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-9764 Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2024-9765 EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability
E
CVE-2024-9766 Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
CVE-2024-9767 IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-9768 Formidable Forms < 6.14.1 - Admin+ Stored XSS
E
CVE-2024-9769 Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-9770 WP-Recall < 16.26.12 - Admin+ SQL Injection
E
CVE-2024-9771 WP-Recall < 16.26.12 - Admin+ Stored XSS
E
CVE-2024-9772 Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-9773 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
E S
CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression
CVE-2024-9775 Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-9776 ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
S
CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter
S
CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update
S
CVE-2024-9779 Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens
CVE-2024-9780 Missing Initialization of a Variable in Wireshark
E S
CVE-2024-9781 Improper Handling of Missing Values in Wireshark
S
CVE-2024-9782 D-Link DIR-619L B1 formEasySetupWWConfig buffer overflow
E
CVE-2024-9783 D-Link DIR-619L B1 formLogDnsquery buffer overflow
E
CVE-2024-9784 D-Link DIR-619L B1 formResetStatistic buffer overflow
E
CVE-2024-9785 D-Link DIR-619L B1 formSetDDNS buffer overflow
E
CVE-2024-9786 D-Link DIR-619L B1 formSetLog buffer overflow
E
CVE-2024-9787 Contemporary Control System BASrouter BACnet BASRT-B UDP Packet denial of service
E
CVE-2024-9788 LyLme_spage tag.php sql injection
E
CVE-2024-9789 LyLme_spage apply.php sql injection
E
CVE-2024-9790 LyLme_spage sou.php sql injection
E
CVE-2024-9792 D-Link DSL-2750U Port Forwarding Page cross site scripting
CVE-2024-9793 Tenda AC1206 ate ate_ifconfig_set command injection
E
CVE-2024-9794 Codezips Online Shopping Portal update-image1.php unrestricted upload
E
CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection
E
CVE-2024-9797 code-projects Blood Bank System register.php sql injection
E
CVE-2024-9798 Health endpoint offers list of onboarded services to unauthenticated users
S
CVE-2024-9799 SourceCodester Profile Registration without Reload Refresh add.php cross site scripting
E
CVE-2024-9802 Conformance validation endpoint discloses detail about service to unauthenticated users
S
CVE-2024-9803 code-projects Blood Bank Management System blooddetails.php cross site scripting
E
CVE-2024-9804 code-projects Blood Bank System campsdetails.php sql injection
E
CVE-2024-9805 code-projects Blood Bank System campsdetails.php cross site scripting
E
CVE-2024-9806 Craig Rodway Classroombookings Room Page fields cross site scripting
E
CVE-2024-9807 Craig Rodway Classroombookings Session Page sessions cross site scripting
E
CVE-2024-9808 SourceCodester Online Eyewear Shop sql injection
E
CVE-2024-9809 SourceCodester Online Eyewear Shop Master.php delete_product sql injection
E
CVE-2024-9810 SourceCodester Record Management System sort2_user.php cross site scripting
E
CVE-2024-9811 code-projects Restaurant Reservation System filter3.php sql injection
E
CVE-2024-9812 code-projects Crud Operation System delete.php sql injection
E
CVE-2024-9813 Codezips Pharmacy Management System register.php sql injection
E
CVE-2024-9814 Codezips Pharmacy Management System update.php sql injection
E
CVE-2024-9815 Codezips Tourist Management System create-package.php unrestricted upload
E
CVE-2024-9816 Codezips Tourist Management System change-image.php unrestricted upload
E
CVE-2024-9817 code-projects Blood Bank System update.php sql injection
E S
CVE-2024-9818 SourceCodester Online Veterinary Appointment System manage_category.php sql injection
E
CVE-2024-9819 IDOR in NextGEO's NG Analyser
CVE-2024-9820 WP 2FA with Telegram <= 3.0 - Two-Factor Authentication Bypass
CVE-2024-9821 Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass
CVE-2024-9822 Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator
CVE-2024-9823 Jetty DOS vulnerability on DosFilter
M
CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update
CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token
CVE-2024-9826 Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability
CVE-2024-9827 Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability
CVE-2024-9828 Taskbuilder < 3.0.5 - Admin+ SQL Injection
E
CVE-2024-9829 Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download
S
CVE-2024-9830 Bard <= 2.216 - Reflected Cross-Site Scripting via add_query_arg Parameter
CVE-2024-9831 Taskbuilder < 3.0.9 - Admin+ SQL Injection
E
CVE-2024-9832 No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator
CVE-2024-9834 Improper data protection on Life2000 ventilator serial interface
CVE-2024-9835 RSS Feed Widget < 3.0.1 - Reflected XSS
E
CVE-2024-9836 RSS Feed Widget < 3.0.0 - Contributor+ Stored XSS
E
CVE-2024-9837 AADMY – Add Auto Date Month Year Into Posts <= 2.0.1 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-9838 Auto Affiliate Links < 6.4.7 - Admin+ SQL Injection
E
CVE-2024-9839 Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-9840 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-9841 OpenText ArcSight Management Center and ArcSight Platform Stored XSS
CVE-2024-9842 Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authentica...
CVE-2024-9843 A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attac...
CVE-2024-9844 Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before vers...
CVE-2024-9845 Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 al...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-9847 Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress
CVE-2024-9848 Product Customizer Light <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9849 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 4.6 - Authenticated (Author+) Arbitrary File Upload
CVE-2024-9850 SVG Case Study <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9851 LSX Tour Operator <= 1.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9852 Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
CVE-2024-9853 ID-SK Toolkit <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload
E
CVE-2024-9856 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting
E
CVE-2024-9858 Insecure user permissions in Google Cloud Migrate to Containers for Windows
CVE-2024-9859 Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to ...
CVE-2024-9860 Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import
CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass
S
CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change
S
CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value
CVE-2024-9864 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2024-9865 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log
S
CVE-2024-9866 Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+ Stored Cross-Site Scripting via Open Map Widget
S
CVE-2024-9868 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
S
CVE-2024-9869 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2024-9870 Unintended Proxy or Intermediary ('Confused Deputy') in GitLab
E S
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-9873 Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2024-9874 WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection
E
CVE-2024-9875 Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege esc...
S
CVE-2024-9876 Application is vulnerable to Privilege escalation
CVE-2024-9877 Sensitive information submitted using GET method
CVE-2024-9878 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
E S
CVE-2024-9879 Website File Changes < 2.1.1 - Authenticated SQL Injection
E
CVE-2024-9880 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-9881 LearnPress < 4.2.7.2 - Admin+ Stored XSS
E
CVE-2024-9882 Salon Booking System < 10.9.4 - Admin+ Stored XSS
E
CVE-2024-9883 Pods < 3.2.7.1 - Admin+ Stored XSS
E
CVE-2024-9884 T(-) Countdown <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-9885 Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-9886 WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-9887 Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection
CVE-2024-9888 ElementInvader Addons for Elementor <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2024-9889 ElementInvader Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Information Exposure
S
CVE-2024-9890 User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass
CVE-2024-9891 Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation
CVE-2024-9892 Add Widget After Content <= 2.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-9893 Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider
CVE-2024-9894 code-projects Blood Bank System reset.php sql injection
E
CVE-2024-9895 Smart Online Order for Clover <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode
S
CVE-2024-9896 BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter
S
CVE-2024-9897 StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode
S
CVE-2024-9898 Parallax Image <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode
CVE-2024-9899 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2143. Reason: T...
R
CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai
E S
CVE-2024-9901 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ...
R
CVE-2024-9902 Ansible-core: ansible-core user may read/write unauthorized content
M
CVE-2024-9903 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload
E
CVE-2024-9904 07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload
E
CVE-2024-9905 SourceCodester Online Eyewear Shop sql injection
E
CVE-2024-9906 SourceCodester Online Eyewear Shop cross site scripting
E
CVE-2024-9907 QileCMS Verification Code Forget.php sendEmail password recovery
E
CVE-2024-9908 D-Link DIR-619L B1 formSetMACFilter buffer overflow
E
CVE-2024-9909 D-Link DIR-619L B1 formSetMuti buffer overflow
E
CVE-2024-9910 D-Link DIR-619L B1 formSetPassword buffer overflow
E
CVE-2024-9911 D-Link DIR-619L B1 formSetPortTr buffer overflow
E
CVE-2024-9912 D-Link DIR-619L B1 formSetQoS buffer overflow
E
CVE-2024-9913 D-Link DIR-619L B1 formSetRoute buffer overflow
E
CVE-2024-9914 D-Link DIR-619L B1 formSetWizardSelectMode buffer overflow
E
CVE-2024-9915 D-Link DIR-619L B1 formVirtualServ buffer overflow
E
CVE-2024-9916 HuangDou UTCMS cli.php os command injection
E
CVE-2024-9917 HuangDou UTCMS template_creat.php deserialization
E
CVE-2024-9918 HuangDou UTCMS sql.php RunSql sql injection
E
CVE-2024-9919 Missing Authentication Check in parisneo/lollms-webui
CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui
E
CVE-2024-9921 TEAMPLUS TECHNOLOGY Team+ - SQL Injection
S
CVE-2024-9922 TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Read through Path Traversal
S
CVE-2024-9923 TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Move through Path Traversal
S
CVE-2024-9924 Hgiga OAKlouds - Arbitrary File Read And Delete
S
CVE-2024-9925 SQL injection in QPLANT by TAI Smart Factory
S
CVE-2024-9926 Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access
E
CVE-2024-9927 WooCommerce Order Proposal <= 2.0.5 - Authenticated (Shop Manager+) Privilege Escalation via Order Proposal
CVE-2024-9928 A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempt...
CVE-2024-9929 A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclo...
CVE-2024-9930 Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass
CVE-2024-9931 Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator
CVE-2024-9932 Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload
CVE-2024-9933 WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check
CVE-2024-9934 Wp-ImageZoom <= 1.1.0 - Reflected XSS
E
CVE-2024-9935 PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
CVE-2024-9936 When manipulating the selection node cache, an attacker may have been able to cause unexpected behav...
CVE-2024-9937 Woo Manage Fraud Orders <= 6.1.7 - Reflected Cross-Site Scripting
CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting
CVE-2024-9939 WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php
S
CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection
CVE-2024-9941 WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE-2024-9942 WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload
CVE-2024-9943 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates
CVE-2024-9944 WooCommerce <= 9.0.2 - Unauthenticated HTML Injection
S
CVE-2024-9945 Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0
S
CVE-2024-9946 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider
S
CVE-2024-9947 ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider
CVE-2024-9949 Denial of Service in Forescout SecureConnector
CVE-2024-9950 Abuse of Unauthenticated Compliance Recheck in SecureConnector
CVE-2024-9951 Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting
CVE-2024-9952 SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting
E
CVE-2024-9953 Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8
S
CVE-2024-9954 Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentiall...
CVE-2024-9955 Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacke...
CVE-2024-9956 Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58...
CVE-2024-9957 Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who co...
E
CVE-2024-9958 Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a r...
CVE-2024-9959 Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had...
CVE-2024-9960 Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentia...
E
CVE-2024-9961 Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote att...
E
CVE-2024-9962 Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote...
CVE-2024-9963 Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote a...
CVE-2024-9964 Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote at...
CVE-2024-9965 Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed ...
CVE-2024-9966 Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote...
CVE-2024-9967 WP show more <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_more Shortcode
CVE-2024-9968 NewType WebEIP v3.0 - SQL injection
S
CVE-2024-9969 NewType WebEIP v3.0 - Reflected XSS
S
CVE-2024-9970 NewType FlowMaster BPM Plus - Privilege Escalation
S
CVE-2024-9971 NewType FlowMaster BPM Plus - SQL Injection
S
CVE-2024-9972 ChanGate Property Management System - SQL Injection
S
CVE-2024-9973 SourceCodester Online Eyewear Shop Report Viewing Page page sql injection
E
CVE-2024-9974 SourceCodester Online Eyewear Shop POST Request Master.php sql injection
E
CVE-2024-9975 SourceCodester Drag and Drop Image Upload upload.php unrestricted upload
E
CVE-2024-9976 code-projects Pharmacy Management System manage_customer.php sql injection
E
CVE-2024-9977 MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection
E
CVE-2024-9978 Liteos_a has an out-of-bounds read vulnerability
CVE-2024-9979 Pyo3: risk of use-after-free in `borrowed` reads from python weak references
M
CVE-2024-9980 FormosaSoft ee-class - SQL Injection
S
CVE-2024-9981 FormosaSoft ee-class - Local File Inclusion
S
CVE-2024-9982 ESi Technology AIM LINE Marketing Platform - SQL Injection
S
CVE-2024-9983 Ragic Enterprise Cloud Database - Arbitrary File Read through Path Traversal
S
CVE-2024-9984 Ragic Enterprise Cloud Database - Missing Authentication
S
CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload
S
CVE-2024-9986 code-projects Blood Bank Management System member_register.php sql injection
E
CVE-2024-9987 SQL Injection in CSV Module Data Collection
S
CVE-2024-9988 Crypto <= 2.15 - Authentication Bypass via register
CVE-2024-9989 Crypto <= 2.15 - Authentication Bypass via log_in
CVE-2024-9990 Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass
CVE-2024-9991 Cleartext Storage of Sensitive Information Vulnerability in Philips Lighting Devices
S
CVE-2024-9996 Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability
CVE-2024-9997 Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability
CVE-2024-9998 Rejected reason: The vulnerability has no impact, so it has been deprecated....
R
CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.