CVE List - 2024 / October
Showing 3401 - 3500 of 3571 CVEs for October 2024 (Page 35 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-7992 | 2024-10-29 | Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-10487 | 2024-10-29 | Out of bounds write in Dawn in Google Chrome prior... |
| CVE-2024-10488 | 2024-10-29 | Use after free in WebRTC in Google Chrome prior to... |
| CVE-2024-50348 | 2024-10-29 | InstantCMS has a Cross Site Scripting Vulnerability |
| CVE-2023-52066 | 2024-10-30 | http.zig commit 76cf5 was discovered to contain a CRLF injection... |
| CVE-2024-31972 | 2024-10-30 | EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct... |
| CVE-2024-31973 | 2024-10-30 | Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within... |
| CVE-2024-31975 | 2024-10-30 | EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to... |
| CVE-2024-36060 | 2024-10-30 | EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection... |
| CVE-2024-37573 | 2024-10-30 | The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed... |
| CVE-2024-42041 | 2024-10-30 | The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for... |
| CVE-2024-43382 | 2024-10-30 | Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have... |
| CVE-2024-46531 | 2024-10-30 | phpgurukul Vehicle Record Management System v1.0 was discovered to contain... |
| CVE-2024-48093 | 2024-10-30 | Unrestricted File Upload in the Discussions tab in Operately v.0.1.0... |
| CVE-2024-48112 | 2024-10-30 | A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3... |
| CVE-2024-48202 | 2024-10-30 | icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. |
| CVE-2024-48214 | 2024-10-30 | KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command... |
| CVE-2024-48241 | 2024-10-30 | An issue in radare2 v5.8.0 through v5.9.4 allows a local... |
| CVE-2024-48271 | 2024-10-30 | D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials... |
| CVE-2024-48272 | 2024-10-30 | D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default... |
| CVE-2024-48346 | 2024-10-30 | xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability... |
| CVE-2024-48569 | 2024-10-30 | Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site... |
| CVE-2024-48646 | 2024-10-30 | An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0,... |
| CVE-2024-48647 | 2024-10-30 | A file disclosure vulnerability exists in Sage 1000 v7.0.0. This... |
| CVE-2024-48648 | 2024-10-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage... |
| CVE-2024-48733 | 2024-10-30 | SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows... |
| CVE-2024-48734 | 2024-10-30 | Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows... |
| CVE-2024-48735 | 2024-10-30 | Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote... |
| CVE-2024-48807 | 2024-10-30 | Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System... |
| CVE-2024-51242 | 2024-10-30 | A Server-Side Request Forgery (SSRF) vulnerability has been identified in... |
| CVE-2024-51243 | 2024-10-30 | The eladmin v2.7 and before contains a remote code execution... |
| CVE-2024-51257 | 2024-10-30 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-51258 | 2024-10-30 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-51296 | 2024-10-30 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51299 | 2024-10-30 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51300 | 2024-10-30 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51301 | 2024-10-30 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51304 | 2024-10-30 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51419 | 2024-10-30 | Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology... |
| CVE-2024-51424 | 2024-10-30 | An issue in the PepeGxng smart contract (which can be... |
| CVE-2024-51425 | 2024-10-30 | An issue in the WaterToken smart contract (which can be... |
| CVE-2024-51426 | 2024-10-30 | An issue in the PepeGxng smart contract (which can be... |
| CVE-2024-51427 | 2024-10-30 | An issue in the PepeGxng smart contract (which can be... |
| CVE-2024-51298 | 2024-10-30 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-10500 | 2024-10-30 | ESAFENET CDG HookWhiteListService.java sql injection |
| CVE-2024-10501 | 2024-10-30 | ESAFENET CDG ExamCDGDocService.java findById sql injection |
| CVE-2024-10502 | 2024-10-30 | ESAFENET CDG FileDirectoryService.java getOneFileDirectory sql injection |
| CVE-2024-10503 | 2024-10-30 | Klokan MapTiler tileserver-gl URL cross site scripting |
| CVE-2024-10505 | 2024-10-30 | wuzhicms block.php edit code injection |
| CVE-2024-10506 | 2024-10-30 | code-projects Blood Bank System B-.php sql injection |
| CVE-2024-9884 | 2024-10-30 | T(-) Countdown <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2023-5816 | 2024-10-30 | Code Explorer <= 1.4.5 - Authenticated (Admin+) External File Reading |
| CVE-2024-9886 | 2024-10-30 | WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-9846 | 2024-10-30 | Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-10507 | 2024-10-30 | Codezips Free Exam Hall Seating Management System login.php sql injection |
| CVE-2024-10509 | 2024-10-30 | Codezips Online Institute Management System login.php sql injection |
| CVE-2024-9885 | 2024-10-30 | Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-8627 | 2024-10-30 | Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8792 | 2024-10-30 | Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting |
| CVE-2024-10399 | 2024-10-30 | Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-8871 | 2024-10-30 | Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting |
| CVE-2024-8444 | 2024-10-30 | Download Manager < 3.3.00 - Contributor+ Stored XSS |
| CVE-2024-10223 | 2024-10-30 | HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode |
| CVE-2024-10108 | 2024-10-30 | WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode |
| CVE-2024-50503 | 2024-10-30 | WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability |
| CVE-2024-50509 | 2024-10-30 | WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-50512 | 2024-10-30 | WordPress Posti Shipping plugin <= 3.10.2 - Full Path Disclosure (FPD) vulnerability |
| CVE-2024-9632 | 2024-10-30 | Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability |
| CVE-2024-50507 | 2024-10-30 | WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability |
| CVE-2024-50511 | 2024-10-30 | WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability |
| CVE-2024-50510 | 2024-10-30 | WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability |
| CVE-2024-50508 | 2024-10-30 | WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Download vulnerability |
| CVE-2024-50506 | 2024-10-30 | WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability |
| CVE-2024-50504 | 2024-10-30 | WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability |
| CVE-2024-8512 | 2024-10-30 | W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution |
| CVE-2024-9388 | 2024-10-30 | Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10525 | 2024-10-30 | Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback |
| CVE-2024-3935 | 2024-10-30 | Eclipse Mosquito: Double free vulnerability |
| CVE-2024-33623 | 2024-10-30 | A denial of service vulnerability exists in the Web Application... |
| CVE-2024-33700 | 2024-10-30 | The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input... |
| CVE-2024-28052 | 2024-10-30 | The WBR-6012 is a wireless SOHO router. It is a... |
| CVE-2024-23309 | 2024-10-30 | The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication... |
| CVE-2024-33626 | 2024-10-30 | The LevelOne WBR-6012 router contains a vulnerability within its web... |
| CVE-2024-33603 | 2024-10-30 | The LevelOne WBR-6012 router has an information disclosure vulnerability in... |
| CVE-2024-33699 | 2024-10-30 | The LevelOne WBR-6012 router's web application has a vulnerability in... |
| CVE-2024-32946 | 2024-10-30 | A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6... |
| CVE-2024-31152 | 2024-10-30 | The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to... |
| CVE-2024-24777 | 2024-10-30 | A cross-site request forgery (CSRF) vulnerability exists in the Web... |
| CVE-2024-28875 | 2024-10-30 | A security flaw involving hard-coded credentials in LevelOne WBR-6012's web... |
| CVE-2024-31151 | 2024-10-30 | A security flaw involving hard-coded credentials in LevelOne WBR-6012's web... |
| CVE-2024-50353 | 2024-10-30 | ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected |
| CVE-2024-50419 | 2024-10-30 | WordPress Greenshift plugin <= 9.7 - Broken Access Control vulnerability |
| CVE-2024-50344 | 2024-10-30 | I, Librarian has a Stored XSS vulnerability in Supplemental Files |
| CVE-2024-9110 | 2024-10-30 | Cross-Site Scripting In Privileged Identity |
| CVE-2024-9419 | 2024-10-30 | Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver |
| CVE-2024-10456 | 2024-10-30 | Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data |
| CVE-2024-10546 | 2024-10-30 | open-scratch Teaching 在线教学平台 URL getDictItemsByTable sql injection |
| CVE-2024-10005 | 2024-10-30 | Consul L7 Intentions Vulnerable To URL Path Bypass |
| CVE-2024-10006 | 2024-10-30 | Consul L7 Intentions Vulnerable To Headers Bypass |
| CVE-2024-10086 | 2024-10-30 | Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation |