CVE List - 2024 / October
Showing 2501 - 2600 of 3571 CVEs for October 2024 (Page 26 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48570 | 2024-10-22 | Client Management System 1.0 was discovered to contain a SQL... |
| CVE-2024-48605 | 2024-10-22 | An issue in Helakuru Desktop Application v1.1 allows a local... |
| CVE-2024-48644 | 2024-10-22 | Accounts enumeration vulnerability in the Login Component of Reolink Duo... |
| CVE-2024-48652 | 2024-10-22 | Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker... |
| CVE-2024-48656 | 2024-10-22 | Cross Site Scripting vulnerability in student management system in php... |
| CVE-2024-48657 | 2024-10-22 | SQL Injection vulnerability in hospital management system in php with... |
| CVE-2024-48707 | 2024-10-22 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the... |
| CVE-2024-48708 | 2024-10-22 | Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the... |
| CVE-2024-49210 | 2024-10-22 | Reflected XSS was discovered in an iView List Archer Platform... |
| CVE-2024-49211 | 2024-10-22 | Reflected XSS was discovered in a Dashboard Listing Archer Platform... |
| CVE-2024-48706 | 2024-10-22 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the... |
| CVE-2024-49208 | 2024-10-22 | Archer Platform 2024.03 before version 2024.08 is affected by an... |
| CVE-2024-49209 | 2024-10-22 | Archer Platform 2024.03 before version 2024.09 is affected by an... |
| CVE-2024-9677 | 2024-10-22 | The insufficiently protected credentials vulnerability in the CLI command of... |
| CVE-2024-10002 | 2024-10-22 | Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator |
| CVE-2024-10003 | 2024-10-22 | Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2024-8852 | 2024-10-22 | All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs |
| CVE-2024-9627 | 2024-10-22 | TeploBot - Telegram Bot for WP <= 1.3 - Telegram Bot Token Disclosure |
| CVE-2024-9588 | 2024-10-22 | Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete |
| CVE-2024-9590 | 2024-10-22 | Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2024-9591 | 2024-10-22 | Category and Taxonomy Image <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2024-9589 | 2024-10-22 | Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-9541 | 2024-10-22 | News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template |
| CVE-2023-52918 | 2024-10-22 | media: pci: cx23885: check cx23885_vdev_init() return |
| CVE-2023-52919 | 2024-10-22 | nfc: nci: fix possible NULL pointer dereference in send_acknowledge() |
| CVE-2024-9987 | 2024-10-22 | SQL Injection in CSV Module Data Collection |
| CVE-2024-35308 | 2024-10-22 | Post-auth Arbitrary File Read in the Server Plugins Section |
| CVE-2024-9231 | 2024-10-22 | WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting |
| CVE-2024-10189 | 2024-10-22 | Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode |
| CVE-2024-9050 | 2024-10-22 | Networkmanager-libreswan: local privilege escalation via leftupdown |
| CVE-2024-10234 | 2024-10-22 | Wildfly: wildfly vulnerable to cross-site scripting (xss) |
| CVE-2024-50311 | 2024-10-22 | Graphql: denial of service (dos) vulnerability via graphql batching |
| CVE-2024-50312 | 2024-10-22 | Graphql: information disclosure via graphql introspection in openshift |
| CVE-2024-26271 | 2024-10-22 | Cross-site request forgery (CSRF) vulnerability in the My Account widget... |
| CVE-2024-8980 | 2024-10-22 | The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and... |
| CVE-2024-43173 | 2024-10-22 | IBM Concert information disclosure |
| CVE-2024-26272 | 2024-10-22 | Cross-site request forgery (CSRF) vulnerability in the content page editor... |
| CVE-2024-43177 | 2024-10-22 | IBM Concert improper certificate validation |
| CVE-2024-26273 | 2024-10-22 | Cross-site request forgery (CSRF) vulnerability in the content page editor... |
| CVE-2024-38002 | 2024-10-22 | The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and... |
| CVE-2024-47819 | 2024-10-22 | Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section |
| CVE-2024-48925 | 2024-10-22 | Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API |
| CVE-2024-48926 | 2024-10-22 | Umbraco CMS logout page displayed before session expiration |
| CVE-2024-48927 | 2024-10-22 | Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice |
| CVE-2024-48929 | 2024-10-22 | Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out |
| CVE-2024-49373 | 2024-10-22 | Centurion ERP user can view projects from organizations they're not apart of |
| CVE-2024-9287 | 2024-10-22 | Virtual environment (venv) activation scripts don't quote paths |
| CVE-2024-9129 | 2024-10-22 | Format String Injection in Zend Server |
| CVE-2024-10183 | 2024-10-22 | Arbitrary File Write Vulnerability in Jamf Remote Assist Leading to Privilege Escalation |
| CVE-2024-39753 | 2024-10-22 | An modOSCE SQL Injection vulnerability in Trend Micro Apex One... |
| CVE-2024-41183 | 2024-10-22 | Trend Micro VPN, version 5.8.1012 and below is vulnerable to... |
| CVE-2024-45334 | 2024-10-22 | Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is... |
| CVE-2024-45335 | 2024-10-22 | Trend Micro Antivirus One, version 3.10.4 and below contains a... |
| CVE-2024-46902 | 2024-10-22 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions... |
| CVE-2024-46903 | 2024-10-22 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions... |
| CVE-2024-48903 | 2024-10-22 | An improper access control vulnerability in Trend Micro Deep Security... |
| CVE-2024-48904 | 2024-10-22 | An command injection vulnerability in Trend Micro Cloud Edge could... |
| CVE-2024-48919 | 2024-10-22 | RCE via Prompt Injection Into Cursor's Terminal Cmd-K |
| CVE-2024-41717 | 2024-10-22 | Kieback&Peter DDC4000 Series Path Traversal |
| CVE-2024-43812 | 2024-10-22 | Kieback&Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials |
| CVE-2024-43698 | 2024-10-22 | Kieback&Peter DDC4000 Series Use of Weak Credentials |
| CVE-2024-10229 | 2024-10-22 | Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69... |
| CVE-2024-10230 | 2024-10-22 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69... |
| CVE-2024-10231 | 2024-10-22 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69... |
| CVE-2024-7587 | 2024-10-22 | Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64 |
| CVE-2024-40431 | 2024-10-23 | A lack of input validation in Realtek SD card reader... |
| CVE-2024-40432 | 2024-10-23 | A lack of input validation in Realtek SD card reader... |
| CVE-2024-48213 | 2024-10-23 | RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php. |
| CVE-2024-50382 | 2024-10-23 | Botan before 3.6.0, when certain LLVM versions are used, has... |
| CVE-2024-50383 | 2024-10-23 | Botan before 3.6.0, when certain GCC versions are used, has... |
| CVE-2024-31880 | 2024-10-23 | IBM Db2 denial of service |
| CVE-2024-9927 | 2024-10-23 | WooCommerce Order Proposal <= 2.0.5 - Authenticated (Shop Manager+) Privilege Escalation via Order Proposal |
| CVE-2024-50066 | 2024-10-23 | mm/mremap: fix move_normal_pmd/retract_page_tables race |
| CVE-2024-9829 | 2024-10-23 | Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download |
| CVE-2024-9583 | 2024-10-23 | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization |
| CVE-2024-9947 | 2024-10-23 | ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2024-43924 | 2024-10-23 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability |
| CVE-2024-10045 | 2024-10-23 | Transients Manager <= 2.0.6 - Cross-Site Request Forgery |
| CVE-2024-9530 | 2024-10-23 | Qi Addons For Elementor <= 1.8.0 - Sensitive Information Exposure |
| CVE-2023-50310 | 2024-10-23 | IBM CICS Transaction Gateway for Multiplatforms information disclosure |
| CVE-2024-10276 | 2024-10-23 | Telestream Sentry Reports Page page cross site scripting |
| CVE-2024-8500 | 2024-10-23 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-10277 | 2024-10-23 | ESAFENET CDG UsbKeyAjax.java sql injection |
| CVE-2024-10286 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10287 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10288 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10289 | 2024-10-23 | Cross-Site Scripting (XSS) vulnerability in LocalServer |
| CVE-2024-10278 | 2024-10-23 | ESAFENET CDG ReUserOrganiseService.java sql injection |
| CVE-2024-10279 | 2024-10-23 | ESAFENET CDG PrintPolicyService.java sql injection |
| CVE-2024-10280 | 2024-10-23 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference |
| CVE-2024-50050 | 2024-10-23 | Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a... |
| CVE-2024-10041 | 2024-10-23 | Pam: libpam: libpam vulnerable to read hashed password |
| CVE-2024-10250 | 2024-10-23 | Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s |
| CVE-2024-10281 | 2024-10-23 | Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow |
| CVE-2024-47901 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0... |
| CVE-2024-47902 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0... |
| CVE-2024-47903 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0... |
| CVE-2024-47904 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0... |
| CVE-2024-10282 | 2024-10-23 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow |
| CVE-2024-5764 | 2024-10-23 | Nexus Repository 3 - Static hard-coded encryption passphrase used by default |