CVE List - 2024 / October
Showing 1301 - 1400 of 3571 CVEs for October 2024 (Page 14 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48796 | 2024-10-14 | An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker... |
| CVE-2024-48797 | 2024-10-14 | An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows... |
| CVE-2024-48798 | 2024-10-14 | An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote... |
| CVE-2024-48799 | 2024-10-14 | An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a... |
| CVE-2024-48821 | 2024-10-14 | Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7... |
| CVE-2024-48822 | 2024-10-14 | Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a... |
| CVE-2024-48823 | 2024-10-14 | Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows... |
| CVE-2024-48824 | 2024-10-14 | An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a... |
| CVE-2024-9921 | 2024-10-14 | TEAMPLUS TECHNOLOGY Team+ - SQL Injection |
| CVE-2024-9922 | 2024-10-14 | TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Read through Path Traversal |
| CVE-2024-9923 | 2024-10-14 | TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Move through Path Traversal |
| CVE-2024-9924 | 2024-10-14 | Hgiga OAKlouds - Arbitrary File Read And Delete |
| CVE-2024-38862 | 2024-10-14 | SNMP and IMPI secrets written to audit log |
| CVE-2024-38863 | 2024-10-14 | CSRF token leaked in URL parameters |
| CVE-2024-9137 | 2024-10-14 | Moxa Service Missing Authentication for Critical Function |
| CVE-2024-46911 | 2024-10-14 | Apache Roller: Weakness in CSRF protection allows privilege escalation |
| CVE-2024-43701 | 2024-10-14 | GPU DDK - PowerVR: TLB invalidate UAF of dma_buf imported into multiple GPU devices |
| CVE-2024-9139 | 2024-10-14 | OS Command Injection in Restricted Command |
| CVE-2024-8602 | 2024-10-14 | XML Eternal Entity Attack in the Software Library taxstatement.jar |
| CVE-2024-9936 | 2024-10-14 | When manipulating the selection node cache, an attacker may have... |
| CVE-2024-7847 | 2024-10-14 | RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script |
| CVE-2024-9823 | 2024-10-14 | Jetty DOS vulnerability on DosFilter |
| CVE-2024-6763 | 2024-10-14 | Jetty URI parsing of invalid authority |
| CVE-2024-6762 | 2024-10-14 | Jetty PushSessionCacheFilter can cause remote DoS attacks |
| CVE-2024-8184 | 2024-10-14 | Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks |
| CVE-2023-50780 | 2024-10-14 | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans |
| CVE-2024-45735 | 2024-10-14 | Improper Access Control for low-privileged user in Splunk Secure Gateway App |
| CVE-2024-45731 | 2024-10-14 | Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk |
| CVE-2024-45740 | 2024-10-14 | Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise |
| CVE-2024-45734 | 2024-10-14 | Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard |
| CVE-2024-45741 | 2024-10-14 | Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise |
| CVE-2024-45736 | 2024-10-14 | Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon |
| CVE-2024-45732 | 2024-10-14 | Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app |
| CVE-2024-45733 | 2024-10-14 | Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows |
| CVE-2024-45737 | 2024-10-14 | Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) |
| CVE-2024-45738 | 2024-10-14 | Sensitive information disclosure in REST_Calls logging channel |
| CVE-2024-45739 | 2024-10-14 | Sensitive information disclosure in AdminManager logging channel |
| CVE-2024-46980 | 2024-10-14 | Tuleap vulnerable to XSS in the HTML mail content of the cross reference field |
| CVE-2024-46988 | 2024-10-14 | Tuleap does not properly check permissions for email notifications in trackers |
| CVE-2024-47766 | 2024-10-14 | Permissions are incorrectly verified for project administrators in the cross tracker search widget |
| CVE-2024-47767 | 2024-10-14 | Tuleap lists trackers in the quick add actions of the backlog without any permissions check |
| CVE-2024-47826 | 2024-10-14 | eLabFTW vulnerable to HTML Injection in extended search error message |
| CVE-2024-47831 | 2024-10-14 | Next.js image optimization has Denial of Service condition |
| CVE-2024-47885 | 2024-10-14 | astro's client-side router has DOM Clobbering Gadget that leads to XSS |
| CVE-2024-48909 | 2024-10-14 | SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not |
| CVE-2024-48911 | 2024-10-14 | OpenCanary Executes Commands From Potentially Writable Config File |
| CVE-2024-6207 | 2024-10-14 | CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message... |
| CVE-2024-9953 | 2024-10-14 | Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8 |
| CVE-2024-30117 | 2024-10-14 | HCL BigFix Platform is affected by a DLL Hijack vulnerability |
| CVE-2024-9546 | 2024-10-14 | WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure |
| CVE-2024-9548 | 2024-10-14 | Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-31493 | 2024-10-15 | RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as... |
| CVE-2024-31955 | 2024-10-15 | An issue was discovered in Samsung eMMC with KLMAG2GE4A and... |
| CVE-2024-35584 | 2024-10-15 | SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php,... |
| CVE-2024-41311 | 2024-10-15 | In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif... |
| CVE-2024-41344 | 2024-10-15 | A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers... |
| CVE-2024-44337 | 2024-10-15 | The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown... |
| CVE-2024-44775 | 2024-10-15 | An issue in kmqtt v0.2.7 allows attackers to cause a... |
| CVE-2024-48278 | 2024-10-15 | Phpgurukul User Registration & Login and User Management System 3.2... |
| CVE-2024-48279 | 2024-10-15 | A HTML Injection vulnerability was found in /search-result.php of PHPGurukul... |
| CVE-2024-48280 | 2024-10-15 | A SQL Injection vulnerability was found in /search-result.php of PHPGurukul... |
| CVE-2024-48282 | 2024-10-15 | A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul... |
| CVE-2024-48283 | 2024-10-15 | Phpgurukul User Registration & Login and User Management System 3.2... |
| CVE-2024-48411 | 2024-10-15 | itsourcecode Online Tours and Travels Management System v1.0 is vulnerable... |
| CVE-2024-48622 | 2024-10-15 | A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows... |
| CVE-2024-48623 | 2024-10-15 | In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id... |
| CVE-2024-48624 | 2024-10-15 | In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in... |
| CVE-2024-48710 | 2024-10-15 | In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter... |
| CVE-2024-48712 | 2024-10-15 | In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter... |
| CVE-2024-48713 | 2024-10-15 | In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter... |
| CVE-2024-48714 | 2024-10-15 | In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter... |
| CVE-2024-48779 | 2024-10-15 | An issue in Wanxing Technology's Yitu project Management Software 3.2.2... |
| CVE-2024-48781 | 2024-10-15 | An issue in Wanxing Technology Yitu Project Management Kirin Edition... |
| CVE-2024-48782 | 2024-10-15 | File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a... |
| CVE-2024-48783 | 2024-10-15 | An issue in Ruijie NBR3000D-E Gateway allows a remote attacker... |
| CVE-2024-48948 | 2024-10-15 | The Elliptic package 6.5.7 for Node.js, in its for ECDSA... |
| CVE-2024-49195 | 2024-10-15 | Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer... |
| CVE-2024-9952 | 2024-10-15 | SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting |
| CVE-2024-9687 | 2024-10-15 | WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass |
| CVE-2024-6757 | 2024-10-15 | Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function |
| CVE-2024-9820 | 2024-10-15 | WP 2FA with Telegram <= 3.0 - Two-Factor Authentication Bypass |
| CVE-2024-9968 | 2024-10-15 | NewType WebEIP v3.0 - SQL injection |
| CVE-2024-9969 | 2024-10-15 | NewType WebEIP v3.0 - Reflected XSS |
| CVE-2024-9970 | 2024-10-15 | NewType FlowMaster BPM Plus - Privilege Escalation |
| CVE-2024-9971 | 2024-10-15 | NewType FlowMaster BPM Plus - SQL Injection |
| CVE-2024-21535 | 2024-10-15 | Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to... |
| CVE-2024-9944 | 2024-10-15 | WooCommerce <= 9.0.2 - Unauthenticated HTML Injection |
| CVE-2024-0129 | 2024-10-15 | NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user... |
| CVE-2024-46898 | 2024-10-15 | SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly,... |
| CVE-2024-9972 | 2024-10-15 | ChanGate Property Management System - SQL Injection |
| CVE-2024-9837 | 2024-10-15 | AADMY – Add Auto Date Month Year Into Posts <= 2.0.1 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-9980 | 2024-10-15 | FormosaSoft ee-class - SQL Injection |
| CVE-2024-9981 | 2024-10-15 | FormosaSoft ee-class - Local File Inclusion |
| CVE-2024-9982 | 2024-10-15 | ESi Technology AIM LINE Marketing Platform - SQL Injection |
| CVE-2024-9983 | 2024-10-15 | Ragic Enterprise Cloud Database - Arbitrary File Read through Path Traversal |
| CVE-2024-9984 | 2024-10-15 | Ragic Enterprise Cloud Database - Missing Authentication |
| CVE-2024-9985 | 2024-10-15 | Ragic Enterprise Cloud Database - Arbitrary File Upload |
| CVE-2024-9895 | 2024-10-15 | Smart Online Order for Clover <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode |
| CVE-2024-9925 | 2024-10-15 | SQL injection in QPLANT by TAI Smart Factory |
| CVE-2024-47943 | 2024-10-15 | Improper signature verification of firmware upgrade files |