VULNMAP - Security Vulnerabilities

CVE List - 2024 / October

Showing 1601 - 1700 of 3571 CVEs for October 2024 (Page 17 of 36)

CVE ID Date Title
CVE-2023-7291 2024-10-16 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account'
CVE-2019-25216 2024-10-16 Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting
CVE-2024-8507 2024-10-16 File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2020-36839 2024-10-16 WP Lead Plus X <= 0.99 - Cross-Site Request Forgery
CVE-2023-7292 2024-10-16 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'
CVE-2023-7293 2024-10-16 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details'
CVE-2023-7294 2024-10-16 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'
CVE-2024-45710 2024-10-16 SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2024-45715 2024-10-16 SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability
CVE-2024-45714 2024-10-16 SolarWinds Serv-U Stored XSS Vulnerability
CVE-2024-45711 2024-10-16 SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
CVE-2024-9061 2024-10-16 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add
CVE-2016-15042 2024-10-16 Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
CVE-2023-7296 2024-10-16 BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2020-36840 2024-10-16 Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization
CVE-2017-20193 2024-10-16 Product Vendors <= 2.0.35 - Reflected Cross Site Scripting
CVE-2021-4452 2024-10-16 Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting
CVE-2024-9540 2024-10-16 Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template
CVE-2017-20194 2024-10-16 Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
CVE-2023-7295 2024-10-16 Video Grid <= 1.21 - Reflected Cross-Site Scripting
CVE-2020-36842 2024-10-16 Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2023-22649 2024-10-16 Rancher 'Audit Log' leaks sensitive information
CVE-2024-45216 2024-10-16 Apache Solr: Authentication bypass possible using a fake URL Path ending
CVE-2024-45217 2024-10-16 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly
CVE-2024-45693 2024-10-16 Apache CloudStack: Request origin validation bypass makes account takeover possible
CVE-2024-45462 2024-10-16 Apache CloudStack: Incomplete session invalidation on web interface logout
CVE-2024-45461 2024-10-16 Apache CloudStack Quota plugin: Access checks not enforced in Quota
CVE-2024-45219 2024-10-16 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
CVE-2023-22650 2024-10-16 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
CVE-2023-32188 2024-10-16 JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
CVE-2024-9858 2024-10-16 Insecure user permissions in Google Cloud Migrate to Containers for Windows
CVE-2024-9444 2024-10-16 ElementsReady Addons for Elementor <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-8921 2024-10-16 Zita Elementor Site Library <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-6380 2024-10-16 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2024-8040 2024-10-16 Authorization Bypass Through User-Controlled Key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x
CVE-2024-10021 2024-10-16 code-projects Pharmacy Management System manage_purchase.php sql injection
CVE-2024-10022 2024-10-16 code-projects Pharmacy Management System manage_supplier.php sql injection
CVE-2023-32190 2024-10-16 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable
CVE-2023-32191 2024-10-16 rke's credentials are stored in the RKE1 Cluster state ConfigMap
CVE-2023-32192 2024-10-16 Rancher API Server Cross-site Scripting Vulnerability
CVE-2023-32193 2024-10-16 Norman API Cross-site Scripting Vulnerability
CVE-2024-49247 2024-10-16 WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability
CVE-2020-36841 2024-10-16 WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation
CVE-2024-49271 2024-10-16 WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability
CVE-2023-32194 2024-10-16 Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
CVE-2024-49257 2024-10-16 WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability
CVE-2024-48042 2024-10-16 WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability
CVE-2024-10023 2024-10-16 code-projects Pharmacy Management System add_new_medicine.php sql injection
CVE-2024-10024 2024-10-16 code-projects Pharmacy Management System manage_medicine_stock.php sql injection
CVE-2023-32196 2024-10-16 Rancher's External RoleTemplates can lead to privilege escalation
CVE-2024-48035 2024-10-16 WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability
CVE-2024-48027 2024-10-16 WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability
CVE-2024-47649 2024-10-16 WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
CVE-2024-49253 2024-10-16 WordPress Analyse Uploads plugin <= 0.5 - Arbitrary File Deletion vulnerability
CVE-2024-47637 2024-10-16 WordPress LiteSpeed Cache plugin <= 6.4.1 - Path Traversal vulnerability
CVE-2024-49254 2024-10-16 WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
CVE-2024-49227 2024-10-16 WordPress Free Stock Photos Foter plugin <= 1.5.4 - PHP Object Injection vulnerability
CVE-2024-49226 2024-10-16 WordPress TAKETIN To WP Membership plugin <= 2.8.0 - PHP Object Injection vulnerability
CVE-2024-22029 2024-10-16 tomcat packaging allows for escalation to root from tomcat user
CVE-2024-49218 2024-10-16 WordPress Recently plugin <= 1.1 - PHP Object Injection vulnerability
CVE-2024-48030 2024-10-16 WordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerability
CVE-2024-48028 2024-10-16 WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability
CVE-2024-22030 2024-10-16 Rancher agents can be hijacked by taking over the Rancher Server URL
CVE-2024-48026 2024-10-16 WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability
CVE-2024-22032 2024-10-16 Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
CVE-2024-49251 2024-10-16 WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability
CVE-2024-48029 2024-10-16 WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability
CVE-2024-47645 2024-10-16 WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability
CVE-2024-47351 2024-10-16 WordPress MaxSlider plugin <= 1.2.3 - Local File Inclusion vulnerability
CVE-2024-49260 2024-10-16 WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
CVE-2024-49242 2024-10-16 WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability
CVE-2024-49216 2024-10-16 WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability
CVE-2024-22033 2024-10-16 obs-service-download_url is vulnerable to argument injection
CVE-2024-48034 2024-10-16 WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability
CVE-2024-49258 2024-10-16 WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability
CVE-2024-22034 2024-10-16 Crafted projects can overwrite special files in the .osc config directory
CVE-2024-49245 2024-10-16 WordPress Ahime Image Printer plugin <= 1.0.0 - Arbitrary File Download vulnerability
CVE-2024-49252 2024-10-16 WordPress leyka plugin <= 3.31.6 - Broken Access Control vulnerability
CVE-2023-32189 2024-10-16 Insecure handling SSH key in SUSE Manager when bootstrapping new clients
CVE-2024-49270 2024-10-16 WordPress Smart Blocks plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-9893 2024-10-16 Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider
CVE-2024-47139 2024-10-16 F5 BIG-IQ Vulnerability
CVE-2024-45844 2024-10-16 BIG-IP monitors vulnerability
CVE-2024-49268 2024-10-16 WordPress disconnected theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49267 2024-10-16 WordPress Unlimited Addon For Elementor plugin <=2.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49266 2024-10-16 WordPress WP-Spreadplugin plugin <= 4.8.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-9348 2024-10-16 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
CVE-2024-49265 2024-10-16 WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-29155 2024-10-16 Denial of service on Microchip RN4870 devices
CVE-2024-45072 2024-10-16 IBM WebSphere Application Server XML external entity injection
CVE-2024-20280 2024-10-16 Cisco UCS Central Software Configuration Backup Static Key Vulnerability
CVE-2024-20420 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability
CVE-2024-20421 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability
CVE-2024-20458 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
CVE-2024-20459 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Command Injection Vulnerability
CVE-2024-20460 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability
CVE-2024-20461 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection Vulnerability
CVE-2024-20462 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability
CVE-2024-20463 2024-10-16 Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability
CVE-2024-20512 2024-10-16 Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability