CVE List - 2024 / October
Showing 2801 - 2900 of 3571 CVEs for October 2024 (Page 29 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-37845 | 2024-10-25 | MangoOS before 5.2.0 was discovered to contain an authenticated remote... |
| CVE-2024-37846 | 2024-10-25 | MangoOS before 5.2.0 was discovered to contain a Client-Side Template... |
| CVE-2024-37847 | 2024-10-25 | An arbitrary file upload vulnerability in MangoOS before 5.1.4 and... |
| CVE-2024-48204 | 2024-10-25 | SQL injection vulnerability in Hanzhou Haobo network management system 1.0... |
| CVE-2024-48218 | 2024-10-25 | Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. |
| CVE-2024-48222 | 2024-10-25 | Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. |
| CVE-2024-48223 | 2024-10-25 | Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. |
| CVE-2024-48224 | 2024-10-25 | Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. |
| CVE-2024-48225 | 2024-10-25 | Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. |
| CVE-2024-48226 | 2024-10-25 | Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. |
| CVE-2024-48227 | 2024-10-25 | Funadmin 5.0.2 has a logical flaw in the Curd one... |
| CVE-2024-48228 | 2024-10-25 | An issue was found in funadmin 5.0.2. The selectfiles method... |
| CVE-2024-48229 | 2024-10-25 | funadmin 5.0.2 has a SQL injection vulnerability in the Curd... |
| CVE-2024-48230 | 2024-10-25 | funadmin 5.0.2 is vulnerable to SQL Injection via the parentField... |
| CVE-2024-48232 | 2024-10-25 | An issue was found in mipjz 5.0.5. In the mipPost... |
| CVE-2024-48233 | 2024-10-25 | mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2024-48234 | 2024-10-25 | An issue was discovered in mipjz 5.0.5. In the push... |
| CVE-2024-48235 | 2024-10-25 | An issue in ofcms 1.1.2 allows a remote attacker to... |
| CVE-2024-48236 | 2024-10-25 | An issue in ofcms 1.1.2 allows a remote attacker to... |
| CVE-2024-48237 | 2024-10-25 | WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php. |
| CVE-2024-48238 | 2024-10-25 | WTCMS 1.0 is vulnerable to SQL Injection in the edit_post... |
| CVE-2024-48239 | 2024-10-25 | An issue was discovered in WTCMS 1.0. In the plupload... |
| CVE-2024-48343 | 2024-10-25 | A SQL Injection vulnerability in ESAFENET CDG 5 and earlier... |
| CVE-2024-48396 | 2024-10-25 | AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross... |
| CVE-2024-48448 | 2024-10-25 | An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows... |
| CVE-2024-48450 | 2024-10-25 | An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows... |
| CVE-2024-48459 | 2024-10-25 | A command execution vulnerability exists in the AX2 Pro home... |
| CVE-2024-48579 | 2024-10-25 | SQL Injection vulnerability in Best House rental management system project... |
| CVE-2024-48580 | 2024-10-25 | SQL Injection vulnerability in Best courier management system in php... |
| CVE-2024-48581 | 2024-10-25 | File Upload vulnerability in Best courier management system in php... |
| CVE-2024-48654 | 2024-10-25 | Cross Site Scripting vulnerability in Blood Bank v.1 allows a... |
| CVE-2024-48655 | 2024-10-25 | An issue in Total.js CMS v.1.0 allows a remote attacker... |
| CVE-2024-48700 | 2024-10-25 | Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers... |
| CVE-2024-48743 | 2024-10-25 | Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote... |
| CVE-2022-30354 | 2024-10-25 | OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data... |
| CVE-2024-48428 | 2024-10-25 | An issue in Olive VLE allows an attacker to obtain... |
| CVE-2024-10354 | 2024-10-25 | SourceCodester Petrol Pump Management Software print.php sql injection |
| CVE-2024-10355 | 2024-10-25 | SourceCodester Petrol Pump Management Software invoice.php sql injection |
| CVE-2024-10368 | 2024-10-25 | Codezips Sales Management System addstock.php sql injection |
| CVE-2024-10369 | 2024-10-25 | Codezips Sales Management System addcustcom.php sql injection |
| CVE-2024-10370 | 2024-10-25 | Codezips Sales Management System addcustind.php sql injection |
| CVE-2024-10371 | 2024-10-25 | SourceCodester Payroll Management System main login buffer overflow |
| CVE-2024-10372 | 2024-10-25 | chidiwilliams buzz model_loader.py download_model temp file |
| CVE-2024-9686 | 2024-10-25 | Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message |
| CVE-2024-9109 | 2024-10-25 | UPS Live Rates and Access Points <= 2.3.11 - Missing Authorization to Plugin API key reset |
| CVE-2024-9488 | 2024-10-25 | Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2024-42420 | 2024-10-25 | Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities,... |
| CVE-2024-43424 | 2024-10-25 | Sharp and Toshiba Tec MFPs improperly process HTTP request headers,... |
| CVE-2024-45829 | 2024-10-25 | Sharp and Toshiba Tec MFPs provide the web page to... |
| CVE-2024-45842 | 2024-10-25 | Sharp and Toshiba Tec MFPs improperly process URI data in... |
| CVE-2024-47005 | 2024-10-25 | Sharp and Toshiba Tec MFPs provide configuration related APIs. They... |
| CVE-2024-47406 | 2024-10-25 | Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests,... |
| CVE-2024-47549 | 2024-10-25 | Sharp and Toshiba Tec MFPs improperly process query parameters in... |
| CVE-2024-47801 | 2024-10-25 | Sharp and Toshiba Tec MFPs improperly process query parameters in... |
| CVE-2024-48870 | 2024-10-25 | Sharp and Toshiba Tec MFPs improperly validate input data in... |
| CVE-2024-9302 | 2024-10-25 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP |
| CVE-2024-10011 | 2024-10-25 | BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal |
| CVE-2024-10148 | 2024-10-25 | Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode |
| CVE-2024-9235 | 2024-10-25 | Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update |
| CVE-2024-9607 | 2024-10-25 | 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting |
| CVE-2024-50583 | 2024-10-25 | Whale browser Installer before 3.1.0.0 allows an attacker to execute... |
| CVE-2024-10341 | 2024-10-25 | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode |
| CVE-2024-10342 | 2024-10-25 | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-10150 | 2024-10-25 | Bamazoo – Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgs Shortcode |
| CVE-2024-9598 | 2024-10-25 | AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation |
| CVE-2024-9630 | 2024-10-25 | WPS Telegram Chat <= 4.5.4 - Missing Authorization to Information Exposure |
| CVE-2024-9628 | 2024-10-25 | WPS Telegram Chat <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API |
| CVE-2024-45785 | 2024-10-25 | MUSASI version 3 contains an issue with use of client-side... |
| CVE-2024-47158 | 2024-10-25 | N-LINE 2.0.6 and prior versions contain a code injection vulnerability.... |
| CVE-2024-10016 | 2024-10-25 | File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10343 | 2024-10-25 | Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-10112 | 2024-10-25 | Simple News <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode |
| CVE-2024-8666 | 2024-10-25 | Shoutcast Icecast HTML5 Radio Player <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-44098 | 2024-10-25 | In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation... |
| CVE-2024-44099 | 2024-10-25 | There is a possible Local bypass of user interaction due... |
| CVE-2024-44100 | 2024-10-25 | Android before 2024-10-05 on Google Pixel devices allows information disclosure... |
| CVE-2024-44101 | 2024-10-25 | there is a possible Null Pointer Dereference (modem crash) due... |
| CVE-2024-47012 | 2024-10-25 | In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of... |
| CVE-2024-47013 | 2024-10-25 | In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write... |
| CVE-2024-47014 | 2024-10-25 | Android before 2024-10-05 on Google Pixel devices allows privilege escalation... |
| CVE-2024-47015 | 2024-10-25 | In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read... |
| CVE-2024-47016 | 2024-10-25 | there is a possible privilege escalation due to an insecure... |
| CVE-2024-47017 | 2024-10-25 | In ufshc_scsi_cmd of ufs.c, there is a possible stack variable... |
| CVE-2024-47018 | 2024-10-25 | In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of... |
| CVE-2024-47019 | 2024-10-25 | In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of... |
| CVE-2024-47020 | 2024-10-25 | Android before 2024-10-05 on Google Pixel devices allows information disclosure... |
| CVE-2024-47021 | 2024-10-25 | In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of... |
| CVE-2024-47022 | 2024-10-25 | Android before 2024-10-05 on Google Pixel devices allows information disclosure... |
| CVE-2024-47023 | 2024-10-25 | there is a possible man-in-the-middle attack due to a logic... |
| CVE-2024-47024 | 2024-10-25 | In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of... |
| CVE-2024-47025 | 2024-10-25 | In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure... |
| CVE-2024-47026 | 2024-10-25 | In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of... |
| CVE-2024-47027 | 2024-10-25 | In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical... |
| CVE-2024-47028 | 2024-10-25 | In ffu_flash_pack of ffu.c, there is a possible out of... |
| CVE-2024-47029 | 2024-10-25 | In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of... |
| CVE-2024-47030 | 2024-10-25 | Android before 2024-10-05 on Google Pixel devices allows information disclosure... |
| CVE-2024-47031 | 2024-10-25 | Android before 2024-10-05 on Google Pixel devices allows privilege escalation... |
| CVE-2024-47033 | 2024-10-25 | In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption... |
| CVE-2024-47034 | 2024-10-25 | there is a possible out of bounds read due to... |
| CVE-2024-47035 | 2024-10-25 | In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of... |