CVE List - 2024 / October
Showing 2701 - 2800 of 3571 CVEs for October 2024 (Page 28 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48144 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Fusion Chat... |
| CVE-2024-48145 | 2024-10-24 | A prompt injection vulnerability in the chatbox of Netangular Technologies... |
| CVE-2024-48208 | 2024-10-24 | pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is... |
| CVE-2024-48423 | 2024-10-24 | An issue in assimp v.5.4.3 allows a local attacker to... |
| CVE-2024-48424 | 2024-10-24 | A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function... |
| CVE-2024-48425 | 2024-10-24 | A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function... |
| CVE-2024-48426 | 2024-10-24 | A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function... |
| CVE-2024-48427 | 2024-10-24 | A SQL injection vulnerability in Sourcecodester Packers and Movers Management... |
| CVE-2024-48440 | 2024-10-24 | Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18... |
| CVE-2024-48441 | 2024-10-24 | Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4... |
| CVE-2024-48442 | 2024-10-24 | Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G... |
| CVE-2024-48454 | 2024-10-24 | An issue in SourceCodester Purchase Order Management System v1.0 allows... |
| CVE-2024-48514 | 2024-10-24 | php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in... |
| CVE-2024-48538 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48539 | 2024-10-24 | Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key... |
| CVE-2024-48540 | 2024-10-24 | Incorrect access control in XIAO HE Smart 4.3.1 allows attackers... |
| CVE-2024-48541 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48542 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48544 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48545 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48546 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48547 | 2024-10-24 | Incorrect access control in the firmware update and download processes... |
| CVE-2024-48548 | 2024-10-24 | The APK file in Cloud Smart Lock v2.0.1 has a... |
| CVE-2024-9374 | 2024-10-24 | Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting |
| CVE-2024-9865 | 2024-10-24 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log |
| CVE-2024-9864 | 2024-10-24 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-9531 | 2024-10-24 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending |
| CVE-2024-8667 | 2024-10-24 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Publication |
| CVE-2024-9943 | 2024-10-24 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates |
| CVE-2024-6049 | 2024-10-24 | Unauthenticated Path Traversal |
| CVE-2024-10050 | 2024-10-24 | Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode |
| CVE-2024-8717 | 2024-10-24 | PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting |
| CVE-2024-8312 | 2024-10-24 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-6826 | 2024-10-24 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-10331 | 2024-10-24 | PHPGurukul Vehicle Record System search-vehicle.php sql injection |
| CVE-2024-9650 | 2024-10-24 | WP Recipe Maker <= 9.6.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'tooltip' |
| CVE-2024-9214 | 2024-10-24 | Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-10176 | 2024-10-24 | Compact WP Audio Player <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode |
| CVE-2024-8959 | 2024-10-24 | WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-49682 | 2024-10-24 | WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability |
| CVE-2024-49683 | 2024-10-24 | WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability |
| CVE-2024-5608 | 2024-10-24 | SQL Injection |
| CVE-2024-49691 | 2024-10-24 | WordPress Product Filter by WBW plugin <= 2.7.0 - SQL Injection vulnerability |
| CVE-2024-49681 | 2024-10-24 | WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.9 - SQL Injection vulnerability |
| CVE-2024-49703 | 2024-10-24 | WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10332 | 2024-10-24 | A Cross-Site Scripting vulnerability has been found in Janto v4.3r11... |
| CVE-2024-49702 | 2024-10-24 | WordPress myCred Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49696 | 2024-10-24 | WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.21 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10180 | 2024-10-24 | Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode |
| CVE-2024-49695 | 2024-10-24 | WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49693 | 2024-10-24 | WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45031 | 2024-10-24 | Apache Syncope: Stored XSS in Console and Enduser |
| CVE-2024-9692 | 2024-10-24 | Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus |
| CVE-2024-10335 | 2024-10-24 | SourceCodester Garbage Collection Management System login.php sql injection |
| CVE-2024-10336 | 2024-10-24 | SourceCodeHero Clothes Recommendation System Admin Login Page index.php sql injection |
| CVE-2024-44185 | 2024-10-24 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-40810 | 2024-10-24 | An out-of-bounds write issue was addressed with improved input validation.... |
| CVE-2024-44141 | 2024-10-24 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-44205 | 2024-10-24 | A privacy issue was addressed with improved private data redaction... |
| CVE-2024-44206 | 2024-10-24 | An issue in the handling of URL protocols was addressed... |
| CVE-2024-38314 | 2024-10-24 | IBM Maximo Application Suite - Monitor Component information disclosure |
| CVE-2024-10313 | 2024-10-24 | iniNet Solutions SpiderControl SCADA PC HMI Editor Path Traversal |
| CVE-2024-10295 | 2024-10-24 | Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request |
| CVE-2024-10337 | 2024-10-24 | SourceCodeHero Clothes Recommendation System home.php sql injection |
| CVE-2024-10338 | 2024-10-24 | SourceCodeHero Clothes Recommendation System home.php sql injection |
| CVE-2024-46994 | 2024-10-24 | baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature |
| CVE-2024-46995 | 2024-10-24 | baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request |
| CVE-2024-46996 | 2024-10-24 | baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature |
| CVE-2024-46998 | 2024-10-24 | baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature |
| CVE-2024-47173 | 2024-10-24 | Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups |
| CVE-2024-47878 | 2024-10-24 | Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) |
| CVE-2024-7763 | 2024-10-24 | WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability |
| CVE-2024-47879 | 2024-10-24 | OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) |
| CVE-2024-10327 | 2024-10-24 | A vulnerability in Okta Verify for iOS versions 9.25.1 (beta)... |
| CVE-2024-47880 | 2024-10-24 | OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand |
| CVE-2024-47881 | 2024-10-24 | OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE) |
| CVE-2024-47882 | 2024-10-24 | OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project |
| CVE-2024-47883 | 2024-10-24 | Butterfly has path/URL confusion in resource handling leading to multiple weaknesses |
| CVE-2024-48931 | 2024-10-24 | ZimaOS Arbitrary File Read via Parameter Manipulation |
| CVE-2024-48932 | 2024-10-24 | ZimaOS Unauthenticated API Discloses Usernames |
| CVE-2024-49357 | 2024-10-24 | ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak |
| CVE-2024-49358 | 2024-10-24 | ZimaOS vulnerable to Username Enumeration via API Responses |
| CVE-2024-49359 | 2024-10-24 | ZimaOS vulnerable to Directory Listing via Parameter Manipulation |
| CVE-2024-49760 | 2024-10-24 | OpenRefine has a path traversal in LoadLanguageCommand |
| CVE-2024-49762 | 2024-10-24 | Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled |
| CVE-2024-10348 | 2024-10-24 | SourceCodester Best House Rental Management System Manage Tenant Details index.php cross site scripting |
| CVE-2024-10349 | 2024-10-24 | SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection |
| CVE-2024-49750 | 2024-10-24 | Snowflake Connector for Python has sensitive data in logs |
| CVE-2024-10350 | 2024-10-24 | code-projects Hospital Management System add-doctor.php sql injection |
| CVE-2024-10351 | 2024-10-24 | Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow |
| CVE-2024-10353 | 2024-10-24 | SourceCodester Online Exam System admin-dashboard access control |
| CVE-2022-30355 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover... |
| CVE-2022-30356 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation... |
| CVE-2022-30357 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover... |
| CVE-2022-30358 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover... |
| CVE-2022-30359 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data... |
| CVE-2022-30360 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS... |
| CVE-2022-30361 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data... |
| CVE-2023-26248 | 2024-10-25 | The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS... |
| CVE-2024-37844 | 2024-10-25 | A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0... |