CVE List - 2024 / October
Showing 2501 - 2600 of 3570 CVEs for October 2024 (Page 26 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48644 | 2024-10-22 | Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead... |
| CVE-2024-48652 | 2024-10-22 | Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. |
| CVE-2024-48656 | 2024-10-22 | Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. |
| CVE-2024-48657 | 2024-10-22 | SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. |
| CVE-2024-48707 | 2024-10-22 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. |
| CVE-2024-48708 | 2024-10-22 | Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. |
| CVE-2024-49210 | 2024-10-22 | Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a... |
| CVE-2024-49211 | 2024-10-22 | Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a... |
| CVE-2024-48706 | 2024-10-22 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. |
| CVE-2024-49208 | 2024-10-22 | Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their... |
| CVE-2024-49209 | 2024-10-22 | Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate... |
| CVE-2024-9677 | 2024-10-22 | The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain... |
| CVE-2024-10002 | 2024-10-22 | Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator |
| CVE-2024-10003 | 2024-10-22 | Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2024-8852 | 2024-10-22 | All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs |
| CVE-2024-9627 | 2024-10-22 | TeploBot - Telegram Bot for WP <= 1.3 - Telegram Bot Token Disclosure |
| CVE-2024-9588 | 2024-10-22 | Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete |
| CVE-2024-9590 | 2024-10-22 | Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2024-9591 | 2024-10-22 | Category and Taxonomy Image <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2024-9589 | 2024-10-22 | Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-9541 | 2024-10-22 | News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template |
| CVE-2023-52918 | 2024-10-22 | media: pci: cx23885: check cx23885_vdev_init() return |
| CVE-2023-52919 | 2024-10-22 | nfc: nci: fix possible NULL pointer dereference in send_acknowledge() |
| CVE-2024-9987 | 2024-10-22 | SQL Injection in CSV Module Data Collection |
| CVE-2024-35308 | 2024-10-22 | Post-auth Arbitrary File Read in the Server Plugins Section |
| CVE-2024-9231 | 2024-10-22 | WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting |
| CVE-2024-10189 | 2024-10-22 | Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode |
| CVE-2024-9050 | 2024-10-22 | Networkmanager-libreswan: local privilege escalation via leftupdown |
| CVE-2024-10234 | 2024-10-22 | Wildfly: wildfly vulnerable to cross-site scripting (xss) |
| CVE-2024-50311 | 2024-10-22 | Graphql: denial of service (dos) vulnerability via graphql batching |
| CVE-2024-50312 | 2024-10-22 | Graphql: information disclosure via graphql introspection in openshift |
| CVE-2024-26271 | 2024-10-22 | Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update... |
| CVE-2024-8980 | 2024-10-22 | The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack... |
| CVE-2024-43173 | 2024-10-22 | IBM Concert information disclosure |
| CVE-2024-26272 | 2024-10-22 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92... |
| CVE-2024-43177 | 2024-10-22 | IBM Concert improper certificate validation |
| CVE-2024-26273 | 2024-10-22 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92... |
| CVE-2024-38002 | 2024-10-22 | The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does... |
| CVE-2024-47819 | 2024-10-22 | Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section |
| CVE-2024-48925 | 2024-10-22 | Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API |
| CVE-2024-48926 | 2024-10-22 | Umbraco CMS logout page displayed before session expiration |
| CVE-2024-48927 | 2024-10-22 | Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice |
| CVE-2024-48929 | 2024-10-22 | Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out |
| CVE-2024-49373 | 2024-10-22 | Centurion ERP user can view projects from organizations they're not apart of |
| CVE-2024-9287 | 2024-10-22 | Virtual environment (venv) activation scripts don't quote paths |
| CVE-2024-9129 | 2024-10-22 | Format String Injection in Zend Server |
| CVE-2024-10183 | 2024-10-22 | Arbitrary File Write Vulnerability in Jamf Remote Assist Leading to Privilege Escalation |
| CVE-2024-39753 | 2024-10-22 | An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the... |
| CVE-2024-41183 | 2024-10-22 | Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges. |
| CVE-2024-45334 | 2024-10-22 | Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. |
| CVE-2024-45335 | 2024-10-22 | Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a... |
| CVE-2024-46902 | 2024-10-22 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain... |
| CVE-2024-46903 | 2024-10-22 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain... |
| CVE-2024-48903 | 2024-10-22 | An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2024-48904 | 2024-10-22 | An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to... |
| CVE-2024-48919 | 2024-10-22 | RCE via Prompt Injection Into Cursor's Terminal Cmd-K |
| CVE-2024-41717 | 2024-10-22 | Kieback&Peter DDC4000 Series Path Traversal |
| CVE-2024-43812 | 2024-10-22 | Kieback&Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials |
| CVE-2024-43698 | 2024-10-22 | Kieback&Peter DDC4000 Series Use of Weak Credentials |
| CVE-2024-10229 | 2024-10-22 | Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) |
| CVE-2024-10230 | 2024-10-22 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-10231 | 2024-10-22 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7587 | 2024-10-22 | Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64 |
| CVE-2024-40431 | 2024-10-23 | A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to... |
| CVE-2024-40432 | 2024-10-23 | A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SFFDISK_DEVICE_COMMAND control of the SD card reader driver allows a privileged attacker... |
| CVE-2024-48213 | 2024-10-23 | RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php. |
| CVE-2024-50382 | 2024-10-23 | Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry.... |
| CVE-2024-50383 | 2024-10-23 | Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a... |
| CVE-2024-31880 | 2024-10-23 | IBM Db2 denial of service |
| CVE-2024-9927 | 2024-10-23 | WooCommerce Order Proposal <= 2.0.5 - Authenticated (Shop Manager+) Privilege Escalation via Order Proposal |
| CVE-2024-50066 | 2024-10-23 | mm/mremap: fix move_normal_pmd/retract_page_tables race |
| CVE-2024-9829 | 2024-10-23 | Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download |
| CVE-2024-9583 | 2024-10-23 | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization |
| CVE-2024-9947 | 2024-10-23 | ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2024-43924 | 2024-10-23 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability |
| CVE-2024-10045 | 2024-10-23 | Transients Manager <= 2.0.6 - Cross-Site Request Forgery |
| CVE-2024-9530 | 2024-10-23 | Qi Addons For Elementor <= 1.8.0 - Sensitive Information Exposure |
| CVE-2023-50310 | 2024-10-23 | IBM CICS Transaction Gateway for Multiplatforms information disclosure |
| CVE-2024-10276 | 2024-10-23 | Telestream Sentry Reports Page page cross site scripting |
| CVE-2024-8500 | 2024-10-23 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-10277 | 2024-10-23 | ESAFENET CDG UsbKeyAjax.java sql injection |
| CVE-2024-10286 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10287 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10288 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10289 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10278 | 2024-10-23 | ESAFENET CDG ReUserOrganiseService.java sql injection |
| CVE-2024-10279 | 2024-10-23 | ESAFENET CDG PrintPolicyService.java sql injection |
| CVE-2024-10280 | 2024-10-23 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference |
| CVE-2024-50050 | 2024-10-23 | Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead. |
| CVE-2024-10041 | 2024-10-23 | Pam: libpam: libpam vulnerable to read hashed password |
| CVE-2024-10250 | 2024-10-23 | Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s |
| CVE-2024-10281 | 2024-10-23 | Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow |
| CVE-2024-47901 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled... |
| CVE-2024-47902 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled... |
| CVE-2024-47903 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled... |
| CVE-2024-47904 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled... |
| CVE-2024-10282 | 2024-10-23 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow |
| CVE-2024-5764 | 2024-10-23 | Nexus Repository 3 - Static hard-coded encryption passphrase used by default |
| CVE-2024-30122 | 2024-10-23 | HCL Sametime is impacted by misconfigured security related HTTP headers |
| CVE-2024-10283 | 2024-10-23 | Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow |