CVE List - 2024 / October
Showing 101 - 200 of 3570 CVEs for October 2024 (Page 2 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9411 | 2024-10-01 | OFCMS add.json add cross site scripting |
| CVE-2024-9407 | 2024-10-01 | Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction |
| CVE-2024-47609 | 2024-10-01 | Remotely exploitable DoS in Tonic `<=v0.12.2` |
| CVE-2024-47528 | 2024-10-01 | LibreNMS Contains a Stored XSS via File Upload |
| CVE-2024-47527 | 2024-10-01 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php |
| CVE-2024-47526 | 2024-10-01 | LibreNMS has a Self-XSS ('Cross-site Scripting') in librenms/includes/html/modal/alert_template.inc.php |
| CVE-2024-47525 | 2024-10-01 | Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php |
| CVE-2024-47524 | 2024-10-01 | LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name |
| CVE-2024-47523 | 2024-10-01 | LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature |
| CVE-2024-24122 | 2024-10-02 | A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct... |
| CVE-2024-33210 | 2024-10-02 | A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. |
| CVE-2024-33662 | 2024-10-02 | Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. |
| CVE-2024-41290 | 2024-10-02 | FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. |
| CVE-2024-45186 | 2024-10-02 | FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. |
| CVE-2024-45960 | 2024-10-02 | Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a... |
| CVE-2024-45962 | 2024-10-02 | October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead... |
| CVE-2024-45964 | 2024-10-02 | Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. |
| CVE-2024-46626 | 2024-10-02 | OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. |
| CVE-2024-24116 | 2024-10-02 | An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. |
| CVE-2024-24117 | 2024-10-02 | Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. |
| CVE-2024-33209 | 2024-10-02 | FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in... |
| CVE-2024-45519 | 2024-10-02 | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. |
| CVE-2024-45965 | 2024-10-02 | Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6. |
| CVE-2024-7855 | 2024-10-02 | WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-21530 | 2024-10-02 | Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can... |
| CVE-2024-9174 | 2024-10-02 | Stored HTML Injection in Hubshare social module |
| CVE-2024-9333 | 2024-10-02 | Permission bypass in M-Files Connector for Copilot |
| CVE-2024-7315 | 2024-10-02 | Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure |
| CVE-2024-8254 | 2024-10-02 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-8967 | 2024-10-02 | PWA — easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9172 | 2024-10-02 | Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9225 | 2024-10-02 | SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-9222 | 2024-10-02 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting |
| CVE-2024-9210 | 2024-10-02 | MC4WP: Mailchimp Top Bar <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-8800 | 2024-10-02 | RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting |
| CVE-2024-9344 | 2024-10-02 | BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-9378 | 2024-10-02 | YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting |
| CVE-2024-9218 | 2024-10-02 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting |
| CVE-2024-44030 | 2024-10-02 | WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability |
| CVE-2024-44017 | 2024-10-02 | WordPress MH Board plugin <= 1.3.2.1 - Local File Inclusion vulnerability |
| CVE-2024-8282 | 2024-10-02 | Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2024-8505 | 2024-10-02 | WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter |
| CVE-2024-35293 | 2024-10-02 | Schneider Elektronik Series 700 prone to missing authentication for critical reset function |
| CVE-2024-7558 | 2024-10-02 | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract... |
| CVE-2024-35294 | 2024-10-02 | Schneider Elektronik Series 700 prone to missing authentication for traffic capture function |
| CVE-2024-8037 | 2024-10-02 | Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect... |
| CVE-2024-8038 | 2024-10-02 | Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. |
| CVE-2024-8885 | 2024-10-02 | A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. |
| CVE-2024-9429 | 2024-10-02 | code-projects Restaurant Reservation System filter2.php sql injection |
| CVE-2024-44097 | 2024-10-02 | According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows... |
| CVE-2024-47611 | 2024-10-02 | XZ Utils on Microsoft Windows platform are vulnerable to argument injection |
| CVE-2024-47612 | 2024-10-02 | XSS in Special:DataDump when displaying dump status |
| CVE-2024-44193 | 2024-10-02 | A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. |
| CVE-2024-6360 | 2024-10-02 | Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText™ Vertica. |
| CVE-2024-9423 | 2024-10-02 | Certain HP LaserJet Printers – Potential Denial of Service |
| CVE-2024-47803 | 2024-10-02 | Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. |
| CVE-2024-47804 | 2024-10-02 | If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks... |
| CVE-2024-47805 | 2024-10-02 | Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. |
| CVE-2024-47806 | 2024-10-02 | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access... |
| CVE-2024-47807 | 2024-10-02 | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access... |
| CVE-2024-20365 | 2024-10-02 | Cisco Integrated Management Controller Redfish Command Injection Vulnerability |
| CVE-2024-20385 | 2024-10-02 | Cisco Nexus Dashboard Orchestrator SSL Certificate Validation Vulnerability |
| CVE-2024-20393 | 2024-10-02 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability |
| CVE-2024-20432 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability |
| CVE-2024-20438 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability |
| CVE-2024-20441 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability |
| CVE-2024-20442 | 2024-10-02 | Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability |
| CVE-2024-20444 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability |
| CVE-2024-20448 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability |
| CVE-2024-20449 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability |
| CVE-2024-20470 | 2024-10-02 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution Vulnerability |
| CVE-2024-20477 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability |
| CVE-2024-20490 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability |
| CVE-2024-20491 | 2024-10-02 | Cisco Nexus Dashboard Insights Information Disclosure Vulnerability |
| CVE-2024-20492 | 2024-10-02 | Cisco Expressway Series Privilege Escalation Vulnerability |
| CVE-2024-20515 | 2024-10-02 | Cisco Identity Services Engine Information Disclosure Vulnerability |
| CVE-2024-20516 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20517 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20518 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20519 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20520 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20521 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20522 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20523 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20524 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20498 | 2024-10-02 | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS... |
| CVE-2024-20500 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS... |
| CVE-2024-20499 | 2024-10-02 | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS... |
| CVE-2024-20501 | 2024-10-02 | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS... |
| CVE-2024-20502 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS... |
| CVE-2024-20513 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS... |
| CVE-2024-20509 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect... |
| CVE-2024-9440 | 2024-10-02 | Slim Select 2.0 createOption "text" XSS |
| CVE-2024-9441 | 2024-10-02 | Linear eMerge e3-Series Forgot Password Command Injection |
| CVE-2024-8733 | 2024-10-02 | HP One Agent Software – Potential Privilege Escalation |
| CVE-2024-43795 | 2024-10-02 | OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`) |
| CVE-2024-46977 | 2024-10-02 | OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`) |
| CVE-2024-47529 | 2024-10-02 | OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`) |
| CVE-2024-28888 | 2024-10-02 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which... |
| CVE-2024-47616 | 2024-10-02 | Pomerium's service account access token may grant unintended access to databroker API |