CVE List - 2024 / October
Showing 201 - 300 of 3571 CVEs for October 2024 (Page 3 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-47616 | 2024-10-02 | Pomerium's service account access token may grant unintended access to databroker API |
| CVE-2023-37822 | 2024-10-03 | The Eufy Homebase 2 before firmware version 3.3.4.1h creates a... |
| CVE-2024-34535 | 2024-10-03 | In Mastodon 4.1.6, API endpoint rate limiting can be bypassed... |
| CVE-2024-41583 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross... |
| CVE-2024-41584 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS... |
| CVE-2024-41585 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS... |
| CVE-2024-41586 | 2024-10-03 | A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through... |
| CVE-2024-41588 | 2024-10-03 | The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices... |
| CVE-2024-41589 | 2024-10-03 | DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication... |
| CVE-2024-41590 | 2024-10-03 | Several CGI endpoints are vulnerable to buffer overflows, by authenticated... |
| CVE-2024-41592 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when... |
| CVE-2024-41595 | 2024-10-03 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to... |
| CVE-2024-41596 | 2024-10-03 | Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6... |
| CVE-2024-45870 | 2024-10-03 | Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in... |
| CVE-2024-45871 | 2024-10-03 | Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting... |
| CVE-2024-45872 | 2024-10-03 | Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d.... |
| CVE-2024-46658 | 2024-10-03 | Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command... |
| CVE-2024-41587 | 2024-10-03 | Stored XSS, by authenticated users, is caused by poor sanitization... |
| CVE-2024-41591 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. |
| CVE-2024-41593 | 2024-10-03 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to... |
| CVE-2024-41594 | 2024-10-03 | An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an... |
| CVE-2024-47134 | 2024-10-03 | Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former... |
| CVE-2024-47135 | 2024-10-03 | Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software... |
| CVE-2024-47136 | 2024-10-03 | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former... |
| CVE-2024-8352 | 2024-10-03 | Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download |
| CVE-2024-8159 | 2024-10-03 | Deep Freeze 9.00.020.5760 - Out-of-bounds read |
| CVE-2024-42504 | 2024-10-03 | HPE IceWall Agent products, Cross-Site Request Forgery (CSRF) |
| CVE-2024-47561 | 2024-10-03 | Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK) |
| CVE-2024-9313 | 2024-10-03 | Authd PAM module before version 0.3.5 can allow broker-managed users... |
| CVE-2024-47554 | 2024-10-03 | Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader |
| CVE-2024-9100 | 2024-10-03 | Local File Inclusion |
| CVE-2024-47618 | 2024-10-03 | Sulu vulnerable to XSS via uploaded SVG |
| CVE-2024-5803 | 2024-10-03 | Local privelage escalation via COM hijacking |
| CVE-2024-47617 | 2024-10-03 | Reflected XSS Vulnerability in Sulu Media Bundle |
| CVE-2024-47614 | 2024-10-03 | async-graphql vulnerable to Directive Overload |
| CVE-2024-9460 | 2024-10-03 | Codezips Online Shopping Portal index.php sql injection |
| CVE-2024-41922 | 2024-10-03 | A directory traversal vulnerability exists in the log files download... |
| CVE-2024-39755 | 2024-10-03 | A privilege escalation vulnerability exists in the node update functionality... |
| CVE-2024-41163 | 2024-10-03 | A directory traversal vulnerability exists in the archive functionality of... |
| CVE-2024-36474 | 2024-10-03 | An integer overflow vulnerability exists in the Compound Document Binary... |
| CVE-2024-42415 | 2024-10-03 | An integer overflow vulnerability exists in the Compound Document Binary... |
| CVE-2024-25590 | 2024-10-03 | Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor |
| CVE-2024-8508 | 2024-10-03 | Unbounded name compression could lead to Denial of Service |
| CVE-2024-0123 | 2024-10-03 | NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability... |
| CVE-2024-0124 | 2024-10-03 | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability... |
| CVE-2024-0125 | 2024-10-03 | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability... |
| CVE-2024-7826 | 2024-10-03 | Unhandled exception vulnerability that can cause the WRSA.exe service to crash and generate a crash dump |
| CVE-2024-7825 | 2024-10-03 | Type confusion that can cause the WRSA.exe service to crash and generate a crash dump |
| CVE-2024-7824 | 2024-10-03 | Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump |
| CVE-2024-47762 | 2024-10-03 | Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend |
| CVE-2024-41987 | 2024-10-03 | Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter |
| CVE-2024-41988 | 2024-10-03 | Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter |
| CVE-2024-9266 | 2024-10-03 | Open Redirect |
| CVE-2024-41925 | 2024-10-03 | Optigo Networks ONS-S8 Spectra Aggregation Switch PHP Remote File Inclusion |
| CVE-2024-45367 | 2024-10-03 | Optigo Networks ONS-S8 Spectra Aggregation Switch Weak Authentication |
| CVE-2024-43699 | 2024-10-03 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2024-42417 | 2024-10-03 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2024-44204 | 2024-10-03 | A logic issue was addressed with improved validation. This issue... |
| CVE-2024-44207 | 2024-10-03 | This issue was addressed with improved checks. This issue is... |
| CVE-2023-26770 | 2024-10-04 | TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated... |
| CVE-2023-26771 | 2024-10-04 | Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There... |
| CVE-2024-37868 | 2024-10-04 | File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0... |
| CVE-2024-37869 | 2024-10-04 | File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0... |
| CVE-2024-41512 | 2024-10-04 | A SQL Injection vulnerability in "ccHandler.aspx" in all versions of... |
| CVE-2024-41513 | 2024-10-04 | A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick... |
| CVE-2024-41514 | 2024-10-04 | A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick... |
| CVE-2024-41515 | 2024-10-04 | A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick... |
| CVE-2024-41516 | 2024-10-04 | A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <=... |
| CVE-2024-44439 | 2024-10-04 | An issue in Shanghai Zhouma Network Technology CO., Ltd IMS... |
| CVE-2024-46077 | 2024-10-04 | itsourcecode Online Tours and Travels Management System v1.0 is vulnerable... |
| CVE-2024-46078 | 2024-10-04 | itsourcecode Sports Management System Project 1.0 is vulnerable to SQL... |
| CVE-2024-46409 | 2024-10-04 | A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows... |
| CVE-2024-46486 | 2024-10-04 | TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code... |
| CVE-2024-47211 | 2024-10-04 | In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3,... |
| CVE-2024-47850 | 2024-10-04 | CUPS cups-browsed before 2.5b1 will send an HTTP POST request... |
| CVE-2024-47854 | 2024-10-04 | An XSS vulnerability was discovered in Veritas Data Insight before... |
| CVE-2024-47855 | 2024-10-04 | util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. |
| CVE-2024-47910 | 2024-10-04 | An issue was discovered in SonarSource SonarQube before 9.9.5 LTA... |
| CVE-2024-47911 | 2024-10-04 | In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability... |
| CVE-2024-47913 | 2024-10-04 | An issue was discovered in the AbuseFilter extension for MediaWiki... |
| CVE-2024-41511 | 2024-10-04 | A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in... |
| CVE-2024-8802 | 2024-10-04 | Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting |
| CVE-2024-9345 | 2024-10-04 | Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting |
| CVE-2024-9353 | 2024-10-04 | Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting |
| CVE-2024-9372 | 2024-10-04 | WP Blocks Hub <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9349 | 2024-10-04 | Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.2 - Reflected Cross-Site Scripting |
| CVE-2024-9368 | 2024-10-04 | Aggregator Advanced Settings <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9421 | 2024-10-04 | Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter |
| CVE-2024-9204 | 2024-10-04 | Smart Custom 404 Error Page <= 11.4.7 - Reflected Cross-Site Scripting |
| CVE-2024-9375 | 2024-10-04 | WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting |
| CVE-2024-9445 | 2024-10-04 | Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode |
| CVE-2024-9384 | 2024-10-04 | Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting |
| CVE-2024-8520 | 2024-10-04 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change |
| CVE-2024-8519 | 2024-10-04 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9237 | 2024-10-04 | Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting |
| CVE-2024-8804 | 2024-10-04 | Code Embed <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9242 | 2024-10-04 | Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting |
| CVE-2024-6442 | 2024-10-04 | Bluetooth: ASCS Unchecked tailroom of the response buffer |
| CVE-2024-6443 | 2024-10-04 | zephyr: out-of-bound read in utf8_trunc |
| CVE-2024-6444 | 2024-10-04 | Bluetooth: ots: missing buffer length check |