CVE List - 2024 / October
Showing 1001 - 1100 of 3571 CVEs for October 2024 (Page 11 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9377 | 2024-10-10 | Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting |
| CVE-2024-9581 | 2024-10-10 | Shortcodes AnyWhere <= 1.0.1 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-9057 | 2024-10-10 | Curator.io: Show all your social media posts in a beautiful feed. <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via feed_id Attribute |
| CVE-2024-9685 | 2024-10-10 | Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message |
| CVE-2024-8729 | 2024-10-10 | Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting |
| CVE-2024-9022 | 2024-10-10 | TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.3.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter |
| CVE-2024-8477 | 2024-10-10 | Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery |
| CVE-2024-9067 | 2024-10-10 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion |
| CVE-2024-9520 | 2024-10-10 | UserPlus <= 2.0 - Missing Authorization via Multiple Functions |
| CVE-2024-9074 | 2024-10-10 | Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9156 | 2024-10-10 | TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQL Injection via lang parameters |
| CVE-2024-9780 | 2024-10-10 | Missing Initialization of a Variable in Wireshark |
| CVE-2024-9781 | 2024-10-10 | Improper Handling of Missing Values in Wireshark |
| CVE-2024-7049 | 2024-10-10 | Exposure of Token in open-webui/open-webui |
| CVE-2024-9798 | 2024-10-10 | Health endpoint offers list of onboarded services to unauthenticated users |
| CVE-2024-9796 | 2024-10-10 | WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection |
| CVE-2024-9802 | 2024-10-10 | Conformance validation endpoint discloses detail about service to unauthenticated users |
| CVE-2024-6747 | 2024-10-10 | Information leak in mknotifyd |
| CVE-2024-22068 | 2024-10-10 | Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router |
| CVE-2024-9623 | 2024-10-10 | Incorrect Authorization in GitLab |
| CVE-2024-45125 | 2024-10-10 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2024-45149 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45118 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45129 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45134 | 2024-10-10 | Adobe Commerce | Information Exposure (CWE-200) |
| CVE-2024-45148 | 2024-10-10 | Adobe Commerce | Improper Authentication (CWE-287) |
| CVE-2024-45131 | 2024-10-10 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2024-45132 | 2024-10-10 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2024-45130 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45120 | 2024-10-10 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) |
| CVE-2024-45135 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45122 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45119 | 2024-10-10 | Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) |
| CVE-2024-45116 | 2024-10-10 | Adobe Commerce | Cross-site Scripting (XSS) (CWE-79) |
| CVE-2024-45117 | 2024-10-10 | Adobe Commerce | Improper Input Validation (CWE-20) |
| CVE-2024-45115 | 2024-10-10 | Adobe Commerce | Improper Authentication (CWE-287) |
| CVE-2024-45121 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45123 | 2024-10-10 | Adobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2024-45124 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45133 | 2024-10-10 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-45128 | 2024-10-10 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2024-45127 | 2024-10-10 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-9596 | 2024-10-10 | Inclusion of Sensitive Information in Source Code in GitLab |
| CVE-2024-8977 | 2024-10-10 | Server-Side Request Forgery (SSRF) in GitLab |
| CVE-2024-9201 | 2024-10-10 | SQL injection vulnerability in SEUR plugin |
| CVE-2024-48902 | 2024-10-10 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users... |
| CVE-2024-9782 | 2024-10-10 | D-Link DIR-619L B1 formEasySetupWWConfig buffer overflow |
| CVE-2024-9783 | 2024-10-10 | D-Link DIR-619L B1 formLogDnsquery buffer overflow |
| CVE-2024-9784 | 2024-10-10 | D-Link DIR-619L B1 formResetStatistic buffer overflow |
| CVE-2024-6530 | 2024-10-10 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-6157 | 2024-10-10 | An attacker who successfully exploited these vulnerabilities could cause the... |
| CVE-2024-9785 | 2024-10-10 | D-Link DIR-619L B1 formSetDDNS buffer overflow |
| CVE-2024-9786 | 2024-10-10 | D-Link DIR-619L B1 formSetLog buffer overflow |
| CVE-2024-9787 | 2024-10-10 | Contemporary Control System BASrouter BACnet BASRT-B UDP Packet denial of service |
| CVE-2024-4658 | 2024-10-10 | SQLi in TE Informatics' Nova CMS |
| CVE-2024-9312 | 2024-10-10 | Authd, through version 0.3.6, did not sufficiently randomize user IDs... |
| CVE-2024-9788 | 2024-10-10 | LyLme_spage tag.php sql injection |
| CVE-2024-9789 | 2024-10-10 | LyLme_spage apply.php sql injection |
| CVE-2024-9790 | 2024-10-10 | LyLme_spage sou.php sql injection |
| CVE-2024-9792 | 2024-10-10 | D-Link DSL-2750U Port Forwarding Page cross site scripting |
| CVE-2024-9793 | 2024-10-10 | Tenda AC1206 ate ate_ifconfig_set command injection |
| CVE-2023-25581 | 2024-10-10 | Deserialization of untrusted data in InternalAttributeHandler in pac4j |
| CVE-2024-9794 | 2024-10-10 | Codezips Online Shopping Portal update-image1.php unrestricted upload |
| CVE-2024-9797 | 2024-10-10 | code-projects Blood Bank System register.php sql injection |
| CVE-2024-9799 | 2024-10-10 | SourceCodester Profile Registration without Reload Refresh add.php cross site scripting |
| CVE-2024-9803 | 2024-10-10 | code-projects Blood Bank Management System blooddetails.php cross site scripting |
| CVE-2024-47962 | 2024-10-10 | Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2 |
| CVE-2024-47963 | 2024-10-10 | Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2 |
| CVE-2024-47964 | 2024-10-10 | Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2 |
| CVE-2024-47965 | 2024-10-10 | Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2 |
| CVE-2024-47966 | 2024-10-10 | Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2 |
| CVE-2024-9804 | 2024-10-10 | code-projects Blood Bank System campsdetails.php sql injection |
| CVE-2024-9805 | 2024-10-10 | code-projects Blood Bank System campsdetails.php cross site scripting |
| CVE-2024-47636 | 2024-10-10 | WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability |
| CVE-2024-47648 | 2024-10-10 | WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability |
| CVE-2024-47354 | 2024-10-10 | WordPress Simple Membership After Login Redirection plugin <= 1.6 - Open Redirection vulnerability |
| CVE-2024-9806 | 2024-10-10 | Craig Rodway Classroombookings Room Page fields cross site scripting |
| CVE-2024-9807 | 2024-10-10 | Craig Rodway Classroombookings Session Page sessions cross site scripting |
| CVE-2024-9808 | 2024-10-10 | SourceCodester Online Eyewear Shop sql injection |
| CVE-2024-9809 | 2024-10-10 | SourceCodester Online Eyewear Shop Master.php delete_product sql injection |
| CVE-2024-9810 | 2024-10-10 | SourceCodester Record Management System sort2_user.php cross site scripting |
| CVE-2024-9811 | 2024-10-10 | code-projects Restaurant Reservation System filter3.php sql injection |
| CVE-2024-9180 | 2024-10-10 | Vault Operators in Root Namespace May Elevate Their Privileges |
| CVE-2024-9812 | 2024-10-10 | code-projects Crud Operation System delete.php sql injection |
| CVE-2024-9813 | 2024-10-10 | Codezips Pharmacy Management System register.php sql injection |
| CVE-2024-9487 | 2024-10-10 | An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled |
| CVE-2024-9814 | 2024-10-10 | Codezips Pharmacy Management System update.php sql injection |
| CVE-2024-9815 | 2024-10-10 | Codezips Tourist Management System create-package.php unrestricted upload |
| CVE-2024-47168 | 2024-10-10 | The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio |
| CVE-2024-47167 | 2024-10-10 | SSRF in the path parameter of /queue/join in Gradio |
| CVE-2024-47166 | 2024-10-10 | One-level read path traversal in `/custom_component` in Gradio |
| CVE-2024-47165 | 2024-10-10 | CORS origin validation accepts the null origin in Gradio |
| CVE-2024-47164 | 2024-10-10 | The `is_in_or_equal` function may be bypassed in Gradio |
| CVE-2024-47084 | 2024-10-10 | CORS origin validation is not performed when the request has a cookie in Gradio |
| CVE-2024-9816 | 2024-10-10 | Codezips Tourist Management System change-image.php unrestricted upload |
| CVE-2024-47872 | 2024-10-10 | Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files |
| CVE-2024-47871 | 2024-10-10 | Insecure communication between the FRP client and server in Gradio |
| CVE-2024-47870 | 2024-10-10 | Race condition in update_root_in_config may redirect user traffic in Gradio |
| CVE-2024-47869 | 2024-10-10 | Non-constant-time comparison when comparing hashes in Gradio |
| CVE-2024-47868 | 2024-10-10 | Several components’ post-process steps may allow arbitrary file leaks in Gradio |