CVE List - 2024 / October
Showing 2901 - 3000 of 3570 CVEs for October 2024 (Page 30 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-47483 | 2024-10-25 | Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially... |
| CVE-2024-10376 | 2024-10-25 | ESAFENET CDG AutoSignService.java actionPassOrNotAutoSign sql injection |
| CVE-2024-10377 | 2024-10-25 | ESAFENET CDG DecryptApplicationService.java actionPassDecryptApplication1 sql injection |
| CVE-2024-10374 | 2024-10-25 | WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode |
| CVE-2024-10378 | 2024-10-25 | ESAFENET CDG CDGRenewApplicationService.java actionViewCDGRenewFile sql injection |
| CVE-2024-10379 | 2024-10-25 | ESAFENET CDG DecryptApplicationService.java actionViewDecyptFile path traversal |
| CVE-2024-9991 | 2024-10-25 | Cleartext Storage of Sensitive Information Vulnerability in Philips Lighting Devices |
| CVE-2024-10381 | 2024-10-25 | Authentication Bypass Vulnerability in Matrix Door Controller |
| CVE-2024-49376 | 2024-10-25 | Autolab Has Misconfigured Reset Password Permissions |
| CVE-2024-49378 | 2024-10-25 | smartUp Cross-site Scripting vulnerability |
| CVE-2024-10380 | 2024-10-25 | SourceCodester Petrol Pump Management Software ajax_product.php sql injection |
| CVE-2024-49380 | 2024-10-25 | Plenti arbitrary file write vulnerability |
| CVE-2024-49381 | 2024-10-25 | Plenti arbitrary file deletion vulnerability |
| CVE-2024-49753 | 2024-10-25 | Denied Host Validation Bypass in Zitadel Actions |
| CVE-2024-49757 | 2024-10-25 | Zitadel User Registration Bypass Vulnerability |
| CVE-2024-8036 | 2024-10-25 | Unauthorized Modifications of Firmware and Configuration |
| CVE-2024-10386 | 2024-10-25 | Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability |
| CVE-2024-10387 | 2024-10-25 | Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability |
| CVE-2024-9585 | 2024-10-25 | Image Map Pro <= 6.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9584 | 2024-10-25 | Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete |
| CVE-2024-49766 | 2024-10-25 | Werkzeug safe_join not safe on Windows |
| CVE-2024-49767 | 2024-10-25 | Werkzeug possible resource exhaustion when parsing file data in forms |
| CVE-2024-47821 | 2024-10-25 | pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API |
| CVE-2024-9931 | 2024-10-26 | Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator |
| CVE-2024-9933 | 2024-10-26 | WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check |
| CVE-2024-9890 | 2024-10-26 | User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass |
| CVE-2024-9626 | 2024-10-26 | Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image |
| CVE-2024-9475 | 2024-10-26 | Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) SQL Injection via Order_by Parameter |
| CVE-2024-9462 | 2024-10-26 | Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings |
| CVE-2024-9932 | 2024-10-26 | Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9930 | 2024-10-26 | Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass |
| CVE-2024-10091 | 2024-10-26 | ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget |
| CVE-2024-9454 | 2024-10-26 | PriPre <= 0.4.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9613 | 2024-10-26 | FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting |
| CVE-2024-8870 | 2024-10-26 | Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.6 - Reflected Cross-Site Scripting |
| CVE-2024-9456 | 2024-10-26 | WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10092 | 2024-10-26 | Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation |
| CVE-2024-0126 | 2024-10-26 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code... |
| CVE-2024-0117 | 2024-10-26 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability... |
| CVE-2024-0118 | 2024-10-26 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability... |
| CVE-2024-0119 | 2024-10-26 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability... |
| CVE-2024-0120 | 2024-10-26 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability... |
| CVE-2024-0121 | 2024-10-26 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability... |
| CVE-2024-0127 | 2024-10-26 | NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper... |
| CVE-2024-0128 | 2024-10-26 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might... |
| CVE-2024-9853 | 2024-10-26 | ID-SK Toolkit <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9967 | 2024-10-26 | WP show more <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_more Shortcode |
| CVE-2024-9637 | 2024-10-26 | School Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation |
| CVE-2024-8392 | 2024-10-26 | WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.2 - Authenticated (Admin+) Local File Inclusion |
| CVE-2024-9642 | 2024-10-26 | Editor Custom Color Palette <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9772 | 2024-10-26 | Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-9116 | 2024-10-26 | Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10357 | 2024-10-26 | Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-10117 | 2024-10-26 | WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode |
| CVE-2024-10402 | 2024-10-26 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation |
| CVE-2024-9501 | 2024-10-26 | Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2020-26303 | 2024-10-26 | GHSL-2020-289: Regular Expression Denial of Service (ReDoS) in insane |
| CVE-2020-26304 | 2024-10-26 | GHSL-2020-290: Regular Expression Denial of Service (ReDoS) in foundation-sites |
| CVE-2020-26305 | 2024-10-26 | GHSL-2020-291: Regular Expression Denial of Service (ReDoS) in CommonRegexJS |
| CVE-2020-26306 | 2024-10-26 | GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js |
| CVE-2020-26307 | 2024-10-26 | GHSL-2020-301: Regular Expression Denial of Service (ReDoS) in HTML2Markdown |
| CVE-2020-26308 | 2024-10-26 | GHSL-2020-302: Regular Expression Denial of Service (ReDoS) in validate.js |
| CVE-2020-26309 | 2024-10-26 | GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator |
| CVE-2020-26310 | 2024-10-26 | GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser |
| CVE-2020-26311 | 2024-10-26 | GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent |
| CVE-2024-10406 | 2024-10-26 | SourceCodester Petrol Pump Management Software edit_fuel.php sql injection |
| CVE-2024-10407 | 2024-10-26 | SourceCodester Petrol Pump Management Software edit_customer.php sql injection |
| CVE-2024-50610 | 2024-10-27 | GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs. |
| CVE-2024-50611 | 2024-10-27 | CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for... |
| CVE-2024-50612 | 2024-10-27 | libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. |
| CVE-2024-50613 | 2024-10-27 | libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. |
| CVE-2024-50614 | 2024-10-27 | TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef. |
| CVE-2024-50615 | 2024-10-27 | TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef. |
| CVE-2024-50616 | 2024-10-27 | Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information. |
| CVE-2024-50602 | 2024-10-27 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. |
| CVE-2024-50623 | 2024-10-27 | In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. |
| CVE-2024-50624 | 2024-10-27 | ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig... |
| CVE-2024-10408 | 2024-10-27 | code-projects Blood Bank Management abs.php sql injection |
| CVE-2024-10409 | 2024-10-27 | code-projects Blood Bank Management accept.php sql injection |
| CVE-2024-10410 | 2024-10-27 | SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload |
| CVE-2024-10411 | 2024-10-27 | SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection |
| CVE-2024-10412 | 2024-10-27 | Poco-z Guns-Medical File Upload upload cross site scripting |
| CVE-2024-10413 | 2024-10-27 | SourceCodester Online Hotel Reservation System update.php upload unrestricted upload |
| CVE-2024-10414 | 2024-10-27 | PHPGurukul Vehicle Record System edit-brand.php cross site scripting |
| CVE-2024-10415 | 2024-10-27 | code-projects Blood Bank Management System accept.php sql injection |
| CVE-2024-10416 | 2024-10-27 | code-projects Blood Bank Management System cancel.php sql injection |
| CVE-2024-10417 | 2024-10-27 | code-projects Blood Bank Management System delete.php sql injection |
| CVE-2024-10418 | 2024-10-27 | code-projects Blood Bank Management System infoAdd.php sql injection |
| CVE-2024-10419 | 2024-10-27 | code-projects Blood Bank Management System bloodrequest.php cross site scripting |
| CVE-2024-10420 | 2024-10-27 | SourceCodester Attendance and Payroll System update.php upload unrestricted upload |
| CVE-2024-10421 | 2024-10-27 | SourceCodester Attendance and Payroll System overtime_row.php sql injection |
| CVE-2024-10422 | 2024-10-27 | SourceCodester Attendance and Payroll System overtime_add.php sql injection |
| CVE-2024-10423 | 2024-10-27 | Project Worlds Student Project Allocation System Project Selection Page project_selection.php sql injection |
| CVE-2024-10424 | 2024-10-27 | Project Worlds Student Project Allocation System Project Selection Page remove_project.php sql injection |
| CVE-2024-10425 | 2024-10-27 | Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection |
| CVE-2024-10426 | 2024-10-27 | Codezips Pet Shop Management System animalsadd.php sql injection |
| CVE-2024-10427 | 2024-10-27 | Codezips Pet Shop Management System deleteanimal.php sql injection |
| CVE-2024-10428 | 2024-10-27 | WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection |
| CVE-2024-10429 | 2024-10-27 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection |
| CVE-2024-10430 | 2024-10-27 | Codezips Pet Shop Management System animalsupdate.php sql injection |