CVE List - 2024 / October
Showing 101 - 200 of 3571 CVEs for October 2024 (Page 2 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9341 | 2024-10-01 | Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library |
| CVE-2024-9411 | 2024-10-01 | OFCMS add.json add cross site scripting |
| CVE-2024-9407 | 2024-10-01 | Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction |
| CVE-2024-47609 | 2024-10-01 | Remotely exploitable DoS in Tonic `<=v0.12.2` |
| CVE-2024-47528 | 2024-10-01 | LibreNMS Contains a Stored XSS via File Upload |
| CVE-2024-47527 | 2024-10-01 | LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php |
| CVE-2024-47526 | 2024-10-01 | LibreNMS has a Self-XSS ('Cross-site Scripting') in librenms/includes/html/modal/alert_template.inc.php |
| CVE-2024-47525 | 2024-10-01 | Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php |
| CVE-2024-47524 | 2024-10-01 | LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name |
| CVE-2024-47523 | 2024-10-01 | LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature |
| CVE-2024-24122 | 2024-10-02 | A remote code execution vulnerability in the project management of... |
| CVE-2024-33210 | 2024-10-02 | A cross-site scripting (XSS) vulnerability has been identified in Flatpress... |
| CVE-2024-33662 | 2024-10-02 | Portainer before 2.20.2 improperly uses an encryption algorithm in the... |
| CVE-2024-41290 | 2024-10-02 | FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods... |
| CVE-2024-45186 | 2024-10-02 | FileSender before 2.49 allows server-side template injection (SSTI) for retrieving... |
| CVE-2024-45519 | 2024-10-02 | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch... |
| CVE-2024-45960 | 2024-10-02 | Zenario 9.7.61188 allows authenticated admin users to upload PDF files... |
| CVE-2024-45962 | 2024-10-02 | October 3.6.30 allows an authenticated admin account to upload a... |
| CVE-2024-45964 | 2024-10-02 | Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2024-46626 | 2024-10-02 | OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection... |
| CVE-2024-24116 | 2024-10-02 | An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a... |
| CVE-2024-24117 | 2024-10-02 | Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736)... |
| CVE-2024-33209 | 2024-10-02 | FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An... |
| CVE-2024-45965 | 2024-10-02 | Contao before 5.5.6 allows XSS via an SVG document. This... |
| CVE-2024-7855 | 2024-10-02 | WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-21530 | 2024-10-02 | Versions of the package cocoon before 0.4.0 are vulnerable to... |
| CVE-2024-9174 | 2024-10-02 | Stored HTML Injection in Hubshare social module |
| CVE-2024-9333 | 2024-10-02 | Permission bypass in M-Files Connector for Copilot |
| CVE-2024-7315 | 2024-10-02 | Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure |
| CVE-2024-8254 | 2024-10-02 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-8967 | 2024-10-02 | PWA — easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9172 | 2024-10-02 | Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9225 | 2024-10-02 | SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-9222 | 2024-10-02 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting |
| CVE-2024-9210 | 2024-10-02 | MC4WP: Mailchimp Top Bar <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-8800 | 2024-10-02 | RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting |
| CVE-2024-9344 | 2024-10-02 | BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-9378 | 2024-10-02 | YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting |
| CVE-2024-9218 | 2024-10-02 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting |
| CVE-2024-44030 | 2024-10-02 | WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability |
| CVE-2024-44017 | 2024-10-02 | WordPress MH Board plugin <= 1.3.2.1 - Local File Inclusion vulnerability |
| CVE-2024-8282 | 2024-10-02 | Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2024-8505 | 2024-10-02 | WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter |
| CVE-2024-35293 | 2024-10-02 | Schneider Elektronik Series 700 prone to missing authentication for critical reset function |
| CVE-2024-7558 | 2024-10-02 | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine... |
| CVE-2024-35294 | 2024-10-02 | Schneider Elektronik Series 700 prone to missing authentication for traffic capture function |
| CVE-2024-8037 | 2024-10-02 | Vulnerable juju hook tool abstract UNIX domain socket. When combined... |
| CVE-2024-8038 | 2024-10-02 | Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX... |
| CVE-2024-8885 | 2024-10-02 | A local privilege escalation vulnerability in Sophos Intercept X for... |
| CVE-2024-9429 | 2024-10-02 | code-projects Restaurant Reservation System filter2.php sql injection |
| CVE-2024-44097 | 2024-10-02 | According to the researcher: "The TLS connections are encrypted against... |
| CVE-2024-47611 | 2024-10-02 | XZ Utils on Microsoft Windows platform are vulnerable to argument injection |
| CVE-2024-47612 | 2024-10-02 | XSS in Special:DataDump when displaying dump status |
| CVE-2024-44193 | 2024-10-02 | A logic issue was addressed with improved restrictions. This issue... |
| CVE-2024-6360 | 2024-10-02 | Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText™ Vertica. |
| CVE-2024-9423 | 2024-10-02 | Certain HP LaserJet Printers – Potential Denial of Service |
| CVE-2024-47803 | 2024-10-02 | Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not... |
| CVE-2024-47804 | 2024-10-02 | If an attempt is made to create an item of... |
| CVE-2024-47805 | 2024-10-02 | Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not... |
| CVE-2024-47806 | 2024-10-02 | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not... |
| CVE-2024-47807 | 2024-10-02 | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not... |
| CVE-2024-20365 | 2024-10-02 | Cisco Integrated Management Controller Redfish Command Injection Vulnerability |
| CVE-2024-20385 | 2024-10-02 | Cisco Nexus Dashboard Orchestrator SSL Certificate Validation Vulnerability |
| CVE-2024-20393 | 2024-10-02 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability |
| CVE-2024-20432 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability |
| CVE-2024-20438 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability |
| CVE-2024-20441 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability |
| CVE-2024-20442 | 2024-10-02 | Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability |
| CVE-2024-20444 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability |
| CVE-2024-20448 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability |
| CVE-2024-20449 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability |
| CVE-2024-20470 | 2024-10-02 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution Vulnerability |
| CVE-2024-20477 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability |
| CVE-2024-20490 | 2024-10-02 | Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability |
| CVE-2024-20491 | 2024-10-02 | Cisco Nexus Dashboard Insights Information Disclosure Vulnerability |
| CVE-2024-20492 | 2024-10-02 | Cisco Expressway Series Privilege Escalation Vulnerability |
| CVE-2024-20515 | 2024-10-02 | Cisco Identity Services Engine Information Disclosure Vulnerability |
| CVE-2024-20516 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20517 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20518 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20519 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20520 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20521 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities |
| CVE-2024-20522 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20523 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20524 | 2024-10-02 | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20498 | 2024-10-02 | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-20500 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-20499 | 2024-10-02 | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-20501 | 2024-10-02 | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-20502 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-20513 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-20509 | 2024-10-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2024-9440 | 2024-10-02 | Slim Select 2.0 createOption "text" XSS |
| CVE-2024-9441 | 2024-10-02 | Linear eMerge e3-Series Forgot Password Command Injection |
| CVE-2024-8733 | 2024-10-02 | HP One Agent Software – Potential Privilege Escalation |
| CVE-2024-43795 | 2024-10-02 | OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`) |
| CVE-2024-46977 | 2024-10-02 | OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`) |
| CVE-2024-47529 | 2024-10-02 | OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`) |
| CVE-2024-28888 | 2024-10-02 | A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997... |