CVE List - 2024 / October
Showing 1 - 100 of 3571 CVEs for October 2024 (Page 1 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-37577 | 2024-10-01 | Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple... |
| CVE-2024-25658 | 2024-10-01 | Cleartext storage of passwords in Infinera TNMS (Transcend Network Management... |
| CVE-2024-25659 | 2024-10-01 | In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure... |
| CVE-2024-25661 | 2024-10-01 | In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage... |
| CVE-2024-31835 | 2024-10-01 | Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows... |
| CVE-2024-41276 | 2024-10-01 | A vulnerability in Kaiten version 57.131.12 and earlier allows attackers... |
| CVE-2024-42514 | 2024-10-01 | A vulnerability in the legacy chat component of Mitel MiContact... |
| CVE-2024-44610 | 2024-10-01 | PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0... |
| CVE-2024-44744 | 2024-10-01 | An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to... |
| CVE-2024-45967 | 2024-10-01 | Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2024-45999 | 2024-10-01 | A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically... |
| CVE-2024-46079 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting... |
| CVE-2024-46080 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution... |
| CVE-2024-46081 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting... |
| CVE-2024-46082 | 2024-10-01 | Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting... |
| CVE-2024-46083 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting... |
| CVE-2024-46084 | 2024-10-01 | Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution... |
| CVE-2024-25660 | 2024-10-01 | The WebDAV service in Infinera TNMS (Transcend Network Management System)... |
| CVE-2024-46258 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-46259 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-46261 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-46263 | 2024-10-01 | cute_png v1.05 was discovered to contain a stack overflow via... |
| CVE-2024-46264 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-46267 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-46274 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-46276 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow... |
| CVE-2024-9358 | 2024-10-01 | ThingsBoard HTTP RPC API resource consumption |
| CVE-2024-47560 | 2024-10-01 | RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization... |
| CVE-2024-47396 | 2024-10-01 | WordPress Move Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9359 | 2024-10-01 | code-projects Restaurant Reservation System addcompany.php sql injection |
| CVE-2024-8981 | 2024-10-01 | Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting |
| CVE-2024-9360 | 2024-10-01 | code-projects Restaurant Reservation System updatebal.php sql injection |
| CVE-2024-47295 | 2024-10-01 | Insecure initial password configuration issue in SEIKO EPSON Web Config... |
| CVE-2024-0116 | 2024-10-01 | NVIDIA Triton Inference Server contains a vulnerability where a user... |
| CVE-2024-21489 | 2024-10-01 | Versions of the package uplot before 1.6.31 are vulnerable to... |
| CVE-2024-21531 | 2024-10-01 | All versions of the package git-shallow-clone are vulnerable to Command... |
| CVE-2024-8107 | 2024-10-01 | Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9145 | 2024-10-01 | Local command injection in Wiz Code Visual Studio Code extension |
| CVE-2024-9108 | 2024-10-01 | Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9119 | 2024-10-01 | SVG Complete <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9269 | 2024-10-01 | Relogo <= 0.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-7432 | 2024-10-01 | Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-9106 | 2024-10-01 | Wechat Social login <= 1.3.0 - Authentication Bypass |
| CVE-2024-7869 | 2024-10-01 | 123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-9274 | 2024-10-01 | Elastik Page Builder <= 0.27.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-7433 | 2024-10-01 | Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-8718 | 2024-10-01 | Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting |
| CVE-2024-8720 | 2024-10-01 | RumbleTalk Live Group Chat – HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9272 | 2024-10-01 | R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8548 | 2024-10-01 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions |
| CVE-2024-8632 | 2024-10-01 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure |
| CVE-2024-8990 | 2024-10-01 | Geo Mashup <= 1.13.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode |
| CVE-2024-9304 | 2024-10-01 | LocateAndFilter <= 1.6.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8675 | 2024-10-01 | Soumettre.fr <= 2.1.2 - Missing Authorization |
| CVE-2024-8989 | 2024-10-01 | Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode |
| CVE-2024-9267 | 2024-10-01 | Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-7434 | 2024-10-01 | UltraPress <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-8727 | 2024-10-01 | DK PDF <= 1.9.6 - Reflected Cross-Site Scripting |
| CVE-2024-8728 | 2024-10-01 | Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting |
| CVE-2024-9241 | 2024-10-01 | PDF Image Generator <= 1.5.6 - Reflected Cross-Site Scripting |
| CVE-2024-9209 | 2024-10-01 | WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting |
| CVE-2024-9224 | 2024-10-01 | Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-8799 | 2024-10-01 | Custom Banners <= 3.3 - Reflected Cross-Site Scripting |
| CVE-2024-9228 | 2024-10-01 | Loggedin – Limit Active Logins <= 1.3.1 - Reflected Cross-Site Scripting |
| CVE-2024-8288 | 2024-10-01 | Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2024-8793 | 2024-10-01 | Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More <= 2.7.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-9220 | 2024-10-01 | LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting |
| CVE-2024-9018 | 2024-10-01 | WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter |
| CVE-2024-8786 | 2024-10-01 | Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting |
| CVE-2024-8324 | 2024-10-01 | XO Slider <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9265 | 2024-10-01 | Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation |
| CVE-2024-8430 | 2024-10-01 | Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import |
| CVE-2024-9289 | 2024-10-01 | WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation |
| CVE-2024-9118 | 2024-10-01 | QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9060 | 2024-10-01 | AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2023-3441 | 2024-10-01 | Exposure of Sensitive Information Due to Incompatible Policies in GitLab |
| CVE-2024-9405 | 2024-10-01 | An incorrect limitation of a path to a restricted directory... |
| CVE-2024-30132 | 2024-10-01 | Missing default HTTP security headers affect HCL Nomad server on Domino |
| CVE-2023-7273 | 2024-10-01 | Cross Site Request Forgery in Kiteworks OwnCloud |
| CVE-2024-25632 | 2024-10-01 | Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances |
| CVE-2024-45408 | 2024-10-01 | eLabFTW contains a direct and indirect information disclosure |
| CVE-2024-41673 | 2024-10-01 | Decidim has a cross-site scripting vulnerability in the version control page |
| CVE-2024-9392 | 2024-10-01 | A compromised content process could have allowed for the arbitrary... |
| CVE-2024-9393 | 2024-10-01 | An attacker could, via a specially crafted multipart response, execute... |
| CVE-2024-9394 | 2024-10-01 | An attacker could, via a specially crafted multipart response, execute... |
| CVE-2024-9396 | 2024-10-01 | It is currently unknown if this issue is exploitable but... |
| CVE-2024-9397 | 2024-10-01 | A missing delay in directory upload UI could have made... |
| CVE-2024-9398 | 2024-10-01 | By checking the result of calls to `window.open` with specifically... |
| CVE-2024-9399 | 2024-10-01 | A website configured to initiate a specially crafted WebTransport session... |
| CVE-2024-9400 | 2024-10-01 | A potential memory corruption vulnerability could be triggered if an... |
| CVE-2024-9401 | 2024-10-01 | Memory safety bugs present in Firefox 130, Firefox ESR 115.15,... |
| CVE-2024-9402 | 2024-10-01 | Memory safety bugs present in Firefox 130, Firefox ESR 128.2,... |
| CVE-2024-9391 | 2024-10-01 | A user who enables full-screen mode on a specially crafted... |
| CVE-2024-9395 | 2024-10-01 | A specially crafted filename containing a large number of spaces... |
| CVE-2024-9403 | 2024-10-01 | Memory safety bugs present in Firefox 130. Some of these... |
| CVE-2024-47534 | 2024-10-01 | Incorrect delegation lookups can make go-tuf download the wrong artifact |
| CVE-2024-47604 | 2024-10-01 | XSS vulnerability in NuGetGallery HTML attributes handling |
| CVE-2024-47071 | 2024-10-01 | OSS Endpoint Manager allows unauthorized access to read system files |
| CVE-2024-47608 | 2024-10-01 | Logicytics vulnerable to shell injections |
| CVE-2024-9355 | 2024-10-01 | Golang-fips: golang fips zeroed buffer |