CVE List - 2024 / October
Showing 2601 - 2700 of 3570 CVEs for October 2024 (Page 27 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-10290 | 2024-10-23 | ZZCMS inc.php information disclosure |
| CVE-2024-47575 | 2024-10-23 | A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet... |
| CVE-2024-49370 | 2024-10-23 | Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing |
| CVE-2024-49675 | 2024-10-23 | WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability |
| CVE-2024-49657 | 2024-10-23 | WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-49684 | 2024-10-23 | WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - PHP Object Injection vulnerability |
| CVE-2024-49701 | 2024-10-23 | WordPress Mags theme <= 1.1.6 - Local File Inclusion vulnerability |
| CVE-2024-49690 | 2024-10-23 | WordPress Qi Blocks plugin <= 1.3.2 - Local File Inclusion vulnerability |
| CVE-2024-30124 | 2024-10-23 | HCL Sametime is impacted by insecure services |
| CVE-2024-10291 | 2024-10-23 | ZZCMS phome.php Ebak_DotranExecutSQL sql injection |
| CVE-2024-10292 | 2024-10-23 | ZZCMS ChangeTable.php unrestricted upload |
| CVE-2024-49676 | 2024-10-23 | WordPress Custom Icons for Elementor plugin <= 0.3.3 - Arbitrary File Upload vulnerability |
| CVE-2024-49671 | 2024-10-23 | WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability |
| CVE-2024-49669 | 2024-10-23 | WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability |
| CVE-2024-49668 | 2024-10-23 | WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49658 | 2024-10-23 | WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49653 | 2024-10-23 | WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability |
| CVE-2024-49652 | 2024-10-23 | WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability |
| CVE-2024-49751 | 2024-10-23 | Frappe Press possible HTML injection through SaaS Signup inputs |
| CVE-2024-10293 | 2024-10-23 | ZZCMS functions.php Ebak_SetGotoPak unrestricted upload |
| CVE-2024-10296 | 2024-10-23 | PHPGurukul Medical Card Generation System Report of Medical Card Page card-bwdates-reports-details.php sql injection |
| CVE-2024-49756 | 2024-10-23 | AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. |
| CVE-2024-20264 | 2024-10-23 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
| CVE-2024-20268 | 2024-10-23 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability |
| CVE-2024-20269 | 2024-10-23 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
| CVE-2024-20260 | 2024-10-23 | Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability |
| CVE-2024-20273 | 2024-10-23 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
| CVE-2024-20274 | 2024-10-23 | Cisco Secure Firewall Management Center HTML Injection Vulnerability |
| CVE-2024-20275 | 2024-10-23 | Cisco Secure Firewall Management Center Software Backup Cluster Command Injection Vulnerability |
| CVE-2024-20297 | 2024-10-23 | Cisco Adaptive Security Appliance and Firepower Threat Defense AnyConnect Access Control List Bypass Vulnerability |
| CVE-2024-20298 | 2024-10-23 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
| CVE-2024-20299 | 2024-10-23 | Cisco Adaptive Security Appliance and Firepower Threat Defense AnyConnect Access Control List Bypass Vulnerability |
| CVE-2024-20300 | 2024-10-23 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
| CVE-2024-20329 | 2024-10-23 | Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability |
| CVE-2024-20330 | 2024-10-23 | Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series TCP UDP Snort 2 and Snort 2 Denial of Service Vulnerability |
| CVE-2024-20331 | 2024-10-23 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Authentication DoS Vulnerability |
| CVE-2024-20339 | 2024-10-23 | Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability |
| CVE-2024-20340 | 2024-10-23 | Cisco Secure Firewall Management Center SQL Injection Vulnerability |
| CVE-2024-20341 | 2024-10-23 | Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability |
| CVE-2024-20342 | 2024-10-23 | Cisco Firepower Threat Defense Software Rate Filter Bypass Vulnerability |
| CVE-2024-20351 | 2024-10-23 | Cisco Firepower Threat Defense Software Snort Firewall Denial of Service Vulnerability |
| CVE-2024-20364 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2024-20370 | 2024-10-23 | A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated,... |
| CVE-2024-20372 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2024-20374 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to... |
| CVE-2024-20377 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user... |
| CVE-2024-20379 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files... |
| CVE-2024-10297 | 2024-10-23 | PHPGurukul Medical Card Generation System Managecard Edit Image Page changeimage.php sql injection |
| CVE-2024-20382 | 2024-10-23 | A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to... |
| CVE-2024-20384 | 2024-10-23 | A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to... |
| CVE-2024-20386 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2024-20387 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due... |
| CVE-2024-20388 | 2024-10-23 | A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This... |
| CVE-2024-20402 | 2024-10-23 | A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an... |
| CVE-2024-20403 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2024-20407 | 2024-10-23 | A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to... |
| CVE-2024-20408 | 2024-10-23 | A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to... |
| CVE-2024-9949 | 2024-10-23 | Denial of Service in Forescout SecureConnector |
| CVE-2024-20409 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2024-20410 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2024-20412 | 2024-10-23 | A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using... |
| CVE-2024-20415 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2024-20424 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands... |
| CVE-2024-20426 | 2024-10-23 | A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow... |
| CVE-2024-20431 | 2024-10-23 | A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is... |
| CVE-2024-20471 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.... |
| CVE-2024-20474 | 2024-10-23 | A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco... |
| CVE-2024-20472 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.... |
| CVE-2024-20473 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.... |
| CVE-2024-20481 | 2024-10-23 | A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to... |
| CVE-2024-20482 | 2024-10-23 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on... |
| CVE-2024-20485 | 2024-10-23 | A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary... |
| CVE-2024-20493 | 2024-10-23 | A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow... |
| CVE-2024-20494 | 2024-10-23 | A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the... |
| CVE-2024-20495 | 2024-10-23 | A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause... |
| CVE-2024-20526 | 2024-10-23 | A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH... |
| CVE-2024-48964 | 2024-10-23 | The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted... |
| CVE-2024-48963 | 2024-10-23 | The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted... |
| CVE-2024-10298 | 2024-10-23 | PHPGurukul Medical Card Generation System Managecard Edit Card Detail Page edit-card-detail.php sql injection |
| CVE-2024-10299 | 2024-10-23 | PHPGurukul Medical Card Generation System Managecard View Detail Page view-card-detail.php sql injection |
| CVE-2024-10300 | 2024-10-23 | PHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injection |
| CVE-2024-10301 | 2024-10-23 | PHPGurukul Medical Card Generation System Search search-medicalcard.php sql injection |
| CVE-2023-50355 | 2024-10-23 | HCL Sametime is impacted by generation of error messages containing sensitive information |
| CVE-2024-40595 | 2024-10-24 | An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to... |
| CVE-2024-41617 | 2024-10-24 | Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an... |
| CVE-2024-41618 | 2024-10-24 | Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which... |
| CVE-2024-45242 | 2024-10-24 | EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates... |
| CVE-2024-45259 | 2024-10-24 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface,... |
| CVE-2024-45260 | 2024-10-24 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby... |
| CVE-2024-45261 | 2024-10-24 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself,... |
| CVE-2024-45262 | 2024-10-24 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to... |
| CVE-2024-45263 | 2024-10-24 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the... |
| CVE-2024-46478 | 2024-10-24 | HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. |
| CVE-2024-48139 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant... |
| CVE-2024-48140 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat... |
| CVE-2024-48141 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI... |
| CVE-2024-48142 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the... |
| CVE-2024-48143 | 2024-10-24 | A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive... |
| CVE-2024-48144 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between... |
| CVE-2024-48145 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and... |