CVE List - 2024 / October
Showing 1501 - 1600 of 3570 CVEs for October 2024 (Page 16 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-21270 | 2024-10-15 | Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21271 | 2024-10-15 | Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-21272 | 2024-10-15 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network... |
| CVE-2024-21273 | 2024-10-15 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high... |
| CVE-2024-21274 | 2024-10-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-21275 | 2024-10-15 | Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2024-21276 | 2024-10-15 | Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21277 | 2024-10-15 | Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-21278 | 2024-10-15 | Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low... |
| CVE-2024-21279 | 2024-10-15 | Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via... |
| CVE-2024-21280 | 2024-10-15 | Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2024-21281 | 2024-10-15 | Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged... |
| CVE-2024-21282 | 2024-10-15 | Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2024-21283 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low... |
| CVE-2024-21284 | 2024-10-15 | Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged... |
| CVE-2024-21285 | 2024-10-15 | Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged... |
| CVE-2024-21286 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low... |
| CVE-2024-9954 | 2024-10-15 | Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-9955 | 2024-10-15 | Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-9956 | 2024-10-15 | Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-9957 | 2024-10-15 | Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit... |
| CVE-2024-9958 | 2024-10-15 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-9959 | 2024-10-15 | Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome... |
| CVE-2024-9960 | 2024-10-15 | Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-9961 | 2024-10-15 | Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit... |
| CVE-2024-9962 | 2024-10-15 | Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-9963 | 2024-10-15 | Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2024-9964 | 2024-10-15 | Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-9965 | 2024-10-15 | Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary... |
| CVE-2024-9966 | 2024-10-15 | Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-9486 | 2024-10-15 | VM images built with Image Builder and Proxmox provider use default credentials |
| CVE-2024-9594 | 2024-10-15 | VM images built with Image Builder with some providers use default credentials during builds |
| CVE-2024-45085 | 2024-10-15 | IBM WebSphere Application Server denial of service |
| CVE-2024-10004 | 2024-10-15 | Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing... |
| CVE-2024-38139 | 2024-10-15 | Microsoft Dataverse Elevation of Privilege Vulnerability |
| CVE-2024-38204 | 2024-10-15 | Imagine Cup site Information Disclosure Vulnerability |
| CVE-2024-38190 | 2024-10-15 | Power Platform Information Disclosure Vulnerability |
| CVE-2024-49340 | 2024-10-15 | IBM Watson Studio Local cross-site request forgery |
| CVE-2024-44762 | 2024-10-16 | A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. |
| CVE-2024-46212 | 2024-10-16 | An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. |
| CVE-2024-46213 | 2024-10-16 | REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. |
| CVE-2024-46605 | 2024-10-16 | A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. |
| CVE-2024-46606 | 2024-10-16 | A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. |
| CVE-2024-48180 | 2024-10-16 | ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. |
| CVE-2024-48744 | 2024-10-16 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST... |
| CVE-2024-48758 | 2024-10-16 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code |
| CVE-2024-9521 | 2024-10-16 | SEO Manager <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta |
| CVE-2024-8541 | 2024-10-16 | Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting |
| CVE-2024-8787 | 2024-10-16 | Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting |
| CVE-2024-9104 | 2024-10-16 | UltimateAI <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check |
| CVE-2024-9649 | 2024-10-16 | WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion |
| CVE-2024-9305 | 2024-10-16 | AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP |
| CVE-2024-9891 | 2024-10-16 | Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation |
| CVE-2024-9652 | 2024-10-16 | Locatoraid Store Locator <= 3.9.47 - Reflected Cross-Site Scripting |
| CVE-2024-9647 | 2024-10-16 | Kama SpamBlock <= 1.8.2 - Reflected Cross-Site Scripting |
| CVE-2024-9634 | 2024-10-16 | GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution |
| CVE-2024-9105 | 2024-10-16 | UltimateAI <= 2.8.3 - Authentication Bypass |
| CVE-2024-10018 | 2024-10-16 | Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. |
| CVE-2024-9873 | 2024-10-16 | Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-9888 | 2024-10-16 | ElementInvader Addons for Elementor <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9937 | 2024-10-16 | Woo Manage Fraud Orders <= 6.1.7 - Reflected Cross-Site Scripting |
| CVE-2024-8918 | 2024-10-16 | File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload |
| CVE-2021-4443 | 2024-10-16 | WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation |
| CVE-2023-7287 | 2024-10-16 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' |
| CVE-2021-4451 | 2024-10-16 | NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization |
| CVE-2021-4449 | 2024-10-16 | ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload |
| CVE-2021-4446 | 2024-10-16 | Essential Addons for Elementor <= 4.6.4 - Missing Authorization |
| CVE-2023-7288 | 2024-10-16 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference' |
| CVE-2021-4444 | 2024-10-16 | Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization |
| CVE-2020-36834 | 2024-10-16 | Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization |
| CVE-2020-36838 | 2024-10-16 | Facebook Chat Plugin <= 1.5 - Missing Capabilities Check |
| CVE-2020-36831 | 2024-10-16 | NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization |
| CVE-2022-4974 | 2024-10-16 | Freemius SDK <= 2.4.2 - Missing Authorization Checks |
| CVE-2021-4448 | 2024-10-16 | Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization |
| CVE-2016-15040 | 2024-10-16 | Kento Post View Counter <= 2.8 - SQL Injection |
| CVE-2019-25213 | 2024-10-16 | Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read |
| CVE-2023-7286 | 2024-10-16 | ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference |
| CVE-2012-10018 | 2024-10-16 | Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting |
| CVE-2019-25217 | 2024-10-16 | SiteGround Optimizer <= 5.0.12 - Missing Authorization |
| CVE-2019-25215 | 2024-10-16 | ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions |
| CVE-2020-36836 | 2024-10-16 | WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2022-4971 | 2024-10-16 | Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting |
| CVE-2024-8746 | 2024-10-16 | File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload |
| CVE-2020-36837 | 2024-10-16 | ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset |
| CVE-2017-20192 | 2024-10-16 | Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2020-36835 | 2024-10-16 | Migration, Backup, Staging – WPvivid <= 0.9.35 - Sensitive Information Disclosure |
| CVE-2024-9582 | 2024-10-16 | Accordion Slider <= 1.9.11 - Authenticted (Contributor+) Stored Cross-Site Scripting via HTML Attribute |
| CVE-2021-4450 | 2024-10-16 | Post Grid <= 2.1.12 - Contributor+ SQL Injection |
| CVE-2020-36832 | 2024-10-16 | Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass |
| CVE-2018-25105 | 2024-10-16 | File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download |
| CVE-2022-4972 | 2024-10-16 | Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export |
| CVE-2023-7289 | 2024-10-16 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys' |
| CVE-2016-15041 | 2024-10-16 | MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting |
| CVE-2020-36833 | 2024-10-16 | Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks |
| CVE-2023-7290 | 2024-10-16 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles' |
| CVE-2022-4973 | 2024-10-16 | WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function |
| CVE-2021-4447 | 2024-10-16 | Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation |
| CVE-2021-4445 | 2024-10-16 | Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update |
| CVE-2019-25214 | 2024-10-16 | ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting |
| CVE-2023-7291 | 2024-10-16 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account' |