CVE List - 2024 / October
Showing 1101 - 1200 of 3571 CVEs for October 2024 (Page 12 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-47867 | 2024-10-10 | Lack of integrity check on the downloaded FRP client in Gradio |
| CVE-2024-9817 | 2024-10-10 | code-projects Blood Bank System update.php sql injection |
| CVE-2024-9818 | 2024-10-10 | SourceCodester Online Veterinary Appointment System manage_category.php sql injection |
| CVE-2024-42018 | 2024-10-11 | An issue was discovered in Atos Eviden SMC xScale before... |
| CVE-2024-42640 | 2024-10-11 | angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code... |
| CVE-2024-44413 | 2024-10-11 | A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified... |
| CVE-2024-44414 | 2024-10-11 | A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified... |
| CVE-2024-44415 | 2024-10-11 | A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer... |
| CVE-2024-44729 | 2024-10-11 | Incorrect access control in the component app/src/server.js of Mirotalk before... |
| CVE-2024-44730 | 2024-10-11 | Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before... |
| CVE-2024-44731 | 2024-10-11 | Mirotalk before commit 9de226 was discovered to contain a DOM-based... |
| CVE-2024-44734 | 2024-10-11 | Incorrect access control in Mirotalk before commit 9de226 allows attackers... |
| CVE-2024-44807 | 2024-10-11 | A directory listing issue in the baserCMS plugin in D-ZERO... |
| CVE-2024-45184 | 2024-10-11 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2024-45754 | 2024-10-11 | An issue was discovered in the centreon-bi-server component in Centreon... |
| CVE-2024-46088 | 2024-10-11 | An arbitrary file upload vulnerability in the ProductAction.entphone interface of... |
| CVE-2024-46215 | 2024-10-11 | A vulnerability was discovered in KM08-708H-v1.1, There is a buffer... |
| CVE-2024-46468 | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress... |
| CVE-2024-46532 | 2024-10-11 | SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to... |
| CVE-2024-48768 | 2024-10-11 | An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote... |
| CVE-2024-48769 | 2024-10-11 | An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote... |
| CVE-2024-48770 | 2024-10-11 | An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows... |
| CVE-2024-48771 | 2024-10-11 | An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2... |
| CVE-2024-48772 | 2024-10-11 | An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker... |
| CVE-2024-48773 | 2024-10-11 | An issue in WoFit v.7.2.3 allows a remote attacker to... |
| CVE-2024-48774 | 2024-10-11 | An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6... |
| CVE-2024-48775 | 2024-10-11 | An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows... |
| CVE-2024-48776 | 2024-10-11 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker... |
| CVE-2024-48777 | 2024-10-11 | LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive... |
| CVE-2024-48778 | 2024-10-11 | An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7... |
| CVE-2024-48784 | 2024-10-11 | An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows... |
| CVE-2024-48786 | 2024-10-11 | An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a... |
| CVE-2024-48787 | 2024-10-11 | An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows... |
| CVE-2024-48788 | 2024-10-11 | An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker... |
| CVE-2024-48813 | 2024-10-11 | SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote... |
| CVE-2024-48827 | 2024-10-11 | An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker... |
| CVE-2024-35517 | 2024-10-11 | Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi... |
| CVE-2024-35522 | 2024-10-11 | Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before... |
| CVE-2024-48937 | 2024-10-11 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16... |
| CVE-2024-48938 | 2024-10-11 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16... |
| CVE-2024-48987 | 2024-10-11 | Snipe-IT before 7.0.10 allows remote code execution (associated with cookie... |
| CVE-2024-9822 | 2024-10-11 | Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator |
| CVE-2024-21534 | 2024-10-11 | All versions of the package jsonpath-plus are vulnerable to Remote... |
| CVE-2024-9543 | 2024-10-11 | Powerpress <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via skipto Shortcode |
| CVE-2024-9587 | 2024-10-11 | Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX |
| CVE-2024-9586 | 2024-10-11 | Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update |
| CVE-2024-9611 | 2024-10-11 | Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting |
| CVE-2024-9346 | 2024-10-11 | Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting |
| CVE-2024-9616 | 2024-10-11 | BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting |
| CVE-2024-9221 | 2024-10-11 | Tainacan <= 0.21.10 - Reflected Cross-Site Scripting |
| CVE-2024-9436 | 2024-10-11 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting |
| CVE-2024-9707 | 2024-10-11 | Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation |
| CVE-2024-9232 | 2024-10-11 | Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting |
| CVE-2024-9234 | 2024-10-11 | GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9610 | 2024-10-11 | Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting |
| CVE-2024-9211 | 2024-10-11 | FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting |
| CVE-2024-9507 | 2024-10-11 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read |
| CVE-2024-9051 | 2024-10-11 | WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode |
| CVE-2024-45315 | 2024-10-11 | The Improper link resolution before file access ('Link Following') vulnerability... |
| CVE-2024-45316 | 2024-10-11 | The Improper link resolution before file access ('Link Following') vulnerability... |
| CVE-2024-45317 | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware... |
| CVE-2024-7514 | 2024-10-11 | WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal |
| CVE-2024-8913 | 2024-10-11 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template |
| CVE-2024-9538 | 2024-10-11 | ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template |
| CVE-2024-9164 | 2024-10-11 | Missing Authentication for Critical Function in GitLab |
| CVE-2024-5005 | 2024-10-11 | Incorrect Provision of Specified Functionality in GitLab |
| CVE-2023-42133 | 2024-10-11 | PAX Android based POS devices allow for escalation of privilege... |
| CVE-2024-6971 | 2024-10-11 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-8970 | 2024-10-11 | Incorrect Authorization in GitLab |
| CVE-2024-9855 | 2024-10-11 | 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload |
| CVE-2024-9856 | 2024-10-11 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting |
| CVE-2024-9002 | 2024-10-11 | CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized... |
| CVE-2024-8531 | 2024-10-11 | CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could... |
| CVE-2024-6657 | 2024-10-11 | BLE peripheral DoS after few cycles of connect/disconnects |
| CVE-2024-8530 | 2024-10-11 | CWE-306: Missing Authentication for Critical Function vulnerability exists that could... |
| CVE-2024-8755 | 2024-10-11 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2024-25622 | 2024-10-11 | H2O ignores headers configuration directives |
| CVE-2024-45397 | 2024-10-11 | H2O alllows bypassing address-based access control with 0-RTT |
| CVE-2024-45403 | 2024-10-11 | H2O assertion failure when HTTP/3 requests are cancelled |
| CVE-2024-45396 | 2024-10-11 | Quicly assertion failures |
| CVE-2024-45402 | 2024-10-11 | Picotls double free |
| CVE-2024-47074 | 2024-10-11 | Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability |
| CVE-2024-47830 | 2024-10-11 | Plane allows server side request forgery via /_next/image endpoint |
| CVE-2024-47875 | 2024-10-11 | DOMPurify nesting-based mXSS |
| CVE-2024-5474 | 2024-10-11 | A potential information disclosure vulnerability was reported in Lenovo's packaging... |
| CVE-2024-4089 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Super File... |
| CVE-2024-4130 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo App Store... |
| CVE-2024-4131 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Emulator that... |
| CVE-2024-4132 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Lock Screen... |
| CVE-2024-9046 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo stARstudio that... |
| CVE-2024-33578 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Leyun that... |
| CVE-2024-39526 | 2024-10-11 | Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11/LC9600, MX304, EX9200, PTX Series: Receipt of malformed DHCP packets causes interfaces to stop processing packets |
| CVE-2024-33579 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Baiying that... |
| CVE-2024-33580 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Personal Cloud... |
| CVE-2024-39527 | 2024-10-11 | Junos OS: SRX Series: Low privileged user able to access sensitive information on file system |
| CVE-2024-33581 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo PC Manager... |
| CVE-2024-33582 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Service Framework... |
| CVE-2024-39534 | 2024-10-11 | Junos OS Evolved: Connections to the network and broadcast address accepted |
| CVE-2024-39544 | 2024-10-11 | Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files |
| CVE-2024-8376 | 2024-10-11 | Memory leak |