CVE List - 2024 / October
Showing 1801 - 1900 of 3571 CVEs for October 2024 (Page 19 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9414 | 2024-10-17 | Cross-site Scripting vulnerability in LCDS LAquis SCADA |
| CVE-2024-10071 | 2024-10-17 | ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection |
| CVE-2024-49396 | 2024-10-17 | Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100 |
| CVE-2024-49397 | 2024-10-17 | Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100 |
| CVE-2024-49398 | 2024-10-17 | Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100 |
| CVE-2024-49399 | 2024-10-17 | Missing Authentication for Critical Function in Elvaco M-Bus Metering Gateway CMe3100 |
| CVE-2024-10072 | 2024-10-17 | ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection |
| CVE-2024-10073 | 2024-10-17 | flairNLP flair Mode File Loader clustering.py ClusteringModel code injection |
| CVE-2024-49312 | 2024-10-17 | WordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-49318 | 2024-10-17 | WordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerability |
| CVE-2024-49317 | 2024-10-17 | WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability |
| CVE-2024-49400 | 2024-10-17 | Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex... |
| CVE-2024-49287 | 2024-10-17 | WordPress PDF-Rechnungsverwaltung plugin <= 0.0.1 - Local File Inclusion vulnerability |
| CVE-2024-49285 | 2024-10-17 | WordPress SSV MailChimp plugin <= 3.1.5 - Local File Inclusion vulnerability |
| CVE-2024-49314 | 2024-10-17 | WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability |
| CVE-2024-49291 | 2024-10-17 | WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-49284 | 2024-10-17 | WordPress WP SendFox plugin <= 1.3.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-49235 | 2024-10-17 | WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability |
| CVE-2024-49305 | 2024-10-17 | WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability |
| CVE-2024-49299 | 2024-10-17 | WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability |
| CVE-2024-49297 | 2024-10-17 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.9.0 - SQL Injection vulnerability |
| CVE-2024-49246 | 2024-10-17 | WordPress Ajax Rating with Custom Login plugin <= 1.1 - SQL Injection vulnerability |
| CVE-2024-49244 | 2024-10-17 | WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 - SQL Injection vulnerability |
| CVE-2024-47312 | 2024-10-17 | WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability |
| CVE-2024-47304 | 2024-10-17 | WordPress Fluent Support plugin <= 1.8.0 - SQL Injection vulnerability |
| CVE-2024-49322 | 2024-10-17 | WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability |
| CVE-2024-49219 | 2024-10-17 | WordPress RS-Members plugin <= 1.0.3 - Privilege Escalation vulnerability |
| CVE-2024-49217 | 2024-10-17 | WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability |
| CVE-2024-49313 | 2024-10-17 | WordPress VKontakte Wall Post plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49304 | 2024-10-17 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49237 | 2024-10-17 | WordPress Ahmeti Wp Timeline plugin <= 5.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49229 | 2024-10-17 | WordPress Better Author Bio plugin <= 2.7.10.11 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49223 | 2024-10-17 | WordPress CJ Change Howdy plugin <= 3.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49221 | 2024-10-17 | WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-49220 | 2024-10-17 | WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-43997 | 2024-10-17 | WordPress easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg plugin <= 2.4.14 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10100 | 2024-10-17 | Path Traversal in binary-husky/gpt_academic |
| CVE-2024-10101 | 2024-10-17 | Stored XSS in binary-husky/gpt_academic |
| CVE-2024-7755 | 2024-10-17 | HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials |
| CVE-2024-10099 | 2024-10-17 | Stored XSS in comfyanonymous/comfyui |
| CVE-2024-49319 | 2024-10-17 | WordPress Awesome Contact Form7 for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49316 | 2024-10-17 | WordPress Akismet htaccess writer plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49311 | 2024-10-17 | WordPress Edwiser Bridge plugin <= 3.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49310 | 2024-10-17 | WordPress Themesflat Addons For Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49309 | 2024-10-17 | WordPress Digitally theme <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49308 | 2024-10-17 | WordPress Animator – Scroll Triggered Animations plugin <= 3.0.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49307 | 2024-10-17 | WordPress Admin Management Xtended plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49302 | 2024-10-17 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49301 | 2024-10-17 | WordPress G Meta Keywords plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49298 | 2024-10-17 | WordPress PeproDev Ultimate Invoice plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49296 | 2024-10-17 | WordPress Custom Add to Cart Button Label and Link plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49295 | 2024-10-17 | WordPress Simple Testimonials Showcase plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49292 | 2024-10-17 | WordPress Exclusive Addons for Elementor plugin <= 2.7.1 - Cross-Site Scripting vulnerability |
| CVE-2024-49289 | 2024-10-17 | WordPress Cooked Pro plugin < 1.8.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49288 | 2024-10-17 | WordPress Email Template Customizer for WooCommerce plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49283 | 2024-10-17 | WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49282 | 2024-10-17 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49281 | 2024-10-17 | WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49280 | 2024-10-17 | WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49279 | 2024-10-17 | WordPress Hyperlink Group Block plugin <= 1.17.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49278 | 2024-10-17 | WordPress Omnipress plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49277 | 2024-10-17 | WordPress UltraAddons – Elementor Addons plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49276 | 2024-10-17 | WordPress Clio Grow plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49264 | 2024-10-17 | WordPress Events Addon for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49263 | 2024-10-17 | WordPress My Favorites plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49262 | 2024-10-17 | WordPress Country Flags for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49261 | 2024-10-17 | WordPress Arkhe Blocks plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49259 | 2024-10-17 | WordPress Primary Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49255 | 2024-10-17 | WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49248 | 2024-10-17 | WordPress Ad Inserter plugin <= 2.7.37 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-48924 | 2024-10-17 | MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow |
| CVE-2024-7316 | 2024-10-17 | Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series |
| CVE-2024-10093 | 2024-10-17 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path |
| CVE-2024-43566 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43595 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43580 | 2024-10-17 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-43587 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43578 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43596 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43579 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-49023 | 2024-10-17 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-45944 | 2024-10-18 | In J2eeFAST <=2.7, the backend function has unsafe filtering, which... |
| CVE-2024-9264 | 2024-10-18 | Grafana SQL Expressions allow for remote code execution |
| CVE-2024-10118 | 2024-10-18 | SECOM WRTR-304GN-304TW-UPSC - OS Command Injection |
| CVE-2024-10119 | 2024-10-18 | SECOM WRTM326 - OS Command Injection |
| CVE-2024-9848 | 2024-10-18 | Product Customizer Light <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8916 | 2024-10-18 | Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8790 | 2024-10-18 | Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting |
| CVE-2024-10049 | 2024-10-18 | Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page |
| CVE-2024-10040 | 2024-10-18 | Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2024-9373 | 2024-10-18 | Elemenda <= 0.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8740 | 2024-10-18 | GetResponse Forms by Optin Cat <= 2.5.6 - Reflected Cross-Site Scripting |
| CVE-2024-9350 | 2024-10-18 | DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting |
| CVE-2024-9452 | 2024-10-18 | Branding <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9383 | 2024-10-18 | Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting |
| CVE-2024-9361 | 2024-10-18 | Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update |
| CVE-2024-9364 | 2024-10-18 | SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion |
| CVE-2024-9382 | 2024-10-18 | Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting |
| CVE-2024-9892 | 2024-10-18 | Add Widget After Content <= 2.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-10014 | 2024-10-18 | Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode |