VULNMAP - Security Vulnerabilities

CVE List - 2024 / October

Showing 3001 - 3100 of 3571 CVEs for October 2024 (Page 31 of 36)

CVE ID Date Title
CVE-2024-10429 2024-10-27 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection
CVE-2024-10430 2024-10-27 Codezips Pet Shop Management System animalsupdate.php sql injection
CVE-2024-10431 2024-10-27 Codezips Pet Shop Management System deletebird.php sql injection
CVE-2024-10432 2024-10-27 Project Worlds Simple Web-Based Chat Application index.php sql injection
CVE-2024-34537 2024-10-28 TYPO3 before 13.3.1 allows denial of service (interface error) in...
CVE-2024-39205 2024-10-28 An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below...
CVE-2024-42011 2024-10-28 The Spotify app 8.9.58 for iOS has a buffer overflow...
CVE-2024-42930 2024-10-28 PbootCMS 3.2.8 is vulnerable to URL Redirect.
CVE-2024-48074 2024-10-28 An authorized RCE vulnerability exists in the DrayTek Vigor2960 router...
CVE-2024-48107 2024-10-28 SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This...
CVE-2024-48177 2024-10-28 MRCMS 3.1.2 contains a SQL injection vulnerability via the RID...
CVE-2024-48178 2024-10-28 newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via...
CVE-2024-48191 2024-10-28 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request...
CVE-2024-48195 2024-10-28 Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote...
CVE-2024-48196 2024-10-28 An issue in eyouCMS v.1.6.7 allows a remote attacker to...
CVE-2024-48291 2024-10-28 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request...
CVE-2024-48356 2024-10-28 LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.
CVE-2024-48357 2024-10-28 LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection...
CVE-2024-48465 2024-10-28 The MRBS version 1.5.0 has an SQL injection vulnerability in...
CVE-2024-48594 2024-10-28 File Upload vulnerability in Prison Management System v.1.0 allows a...
CVE-2024-48825 2024-10-28 Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote...
CVE-2024-48826 2024-10-28 Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote...
CVE-2024-48936 2024-10-28 SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in...
CVE-2024-51506 2024-10-28 Tiki through 27.0 allows users who have certain permissions to...
CVE-2024-51507 2024-10-28 Tiki through 27.0 allows users who have certain permissions to...
CVE-2024-51508 2024-10-28 Tiki through 27.0 allows users who have certain permissions to...
CVE-2024-51509 2024-10-28 Tiki through 27.0 allows users who have certain permissions to...
CVE-2024-10433 2024-10-28 Project Worlds Simple Web-Based Chat Application index.php cross site scripting
CVE-2024-10434 2024-10-28 Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow
CVE-2024-10435 2024-10-28 didi Super-Jacoco triggerEnvCov command injection
CVE-2024-50067 2024-10-28 uprobe: avoid out-of-bounds memory access of fetching args
CVE-2024-23843 2024-10-28 Improper Neutralization of Special Elements used in an SQL Command...
CVE-2024-10438 2024-10-28 Sunnet eHRD CTMS - Authentication Bypass
CVE-2024-10439 2024-10-28 Sunnet eHRD CTMS - Insecure Direct Object Reference
CVE-2024-10440 2024-10-28 Sunnet eHRD CTMS - SQL Injection
CVE-2024-50307 2024-10-28 Use of potentially dangerous function issue exists in Chatwork Desktop...
CVE-2024-9162 2024-10-28 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection
CVE-2024-38821 2024-10-28 Authorization Bypass of Static Resources in WebFlux Applications
CVE-2024-50442 2024-10-28 WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
CVE-2024-50489 2024-10-28 WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability
CVE-2024-50487 2024-10-28 WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability
CVE-2024-50486 2024-10-28 WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability
CVE-2024-50477 2024-10-28 WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability
CVE-2024-50498 2024-10-28 WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
CVE-2024-50492 2024-10-28 WordPress ScottCart plugin <= 1.1 - Remote Code Execution (RCE) vulnerability
CVE-2024-50450 2024-10-28 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
CVE-2024-50416 2024-10-28 WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability
CVE-2024-10446 2024-10-28 Project Worlds Online Time Table Generator admindashboard.php sql injection
CVE-2024-50408 2024-10-28 WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability
CVE-2024-50488 2024-10-28 WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability
CVE-2024-50483 2024-10-28 WordPress Meetup plugin <= 0.1 - Broken Authentication vulnerability
CVE-2024-50478 2024-10-28 WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability
CVE-2024-50463 2024-10-28 WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability
CVE-2024-50497 2024-10-28 WordPress Advanced Online Ordering and Delivery Platform plugin <= 2.0.0 - Local File Inclusion vulnerability
CVE-2024-50491 2024-10-28 WordPress RSVP ME plugin <= 1.9.9 - SQL Injection vulnerability
CVE-2024-50479 2024-10-28 WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability
CVE-2024-50465 2024-10-28 WordPress Premium SEO Pack plugin <= 1.6.001 - SQL Injection vulnerability
CVE-2024-50502 2024-10-28 WordPress Cozy Blocks plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50501 2024-10-28 WordPress Kata Plus plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50472 2024-10-28 WordPress Amilia Store plugin <= 2.9.8 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-50471 2024-10-28 WordPress Trip Plan plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50470 2024-10-28 WordPress Themes4WP YouTube External Subtitles plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50573 2024-10-28 In JetBrains Hub before 2024.3.47707 improper access control allowed users...
CVE-2024-50574 2024-10-28 In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible...
CVE-2024-50575 2024-10-28 In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in...
CVE-2024-50576 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via...
CVE-2024-50577 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via...
CVE-2024-50578 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via...
CVE-2024-50579 2024-10-28 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure...
CVE-2024-50580 2024-10-28 In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due...
CVE-2024-50581 2024-10-28 In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead...
CVE-2024-50582 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due...
CVE-2024-8013 2024-10-28 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
CVE-2024-10447 2024-10-28 Project Worlds Online Time Table Generator staffdashboard.php sql injection
CVE-2024-50443 2024-10-28 WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability
CVE-2024-10455 2024-10-28 Reachable Assertion in µD3TN
CVE-2024-10448 2024-10-28 code-projects Blood Bank Management System delete.php cross-site request forgery
CVE-2024-49761 2024-10-28 REXML ReDoS vulnerability
CVE-2024-10214 2024-10-28 Incorrect Session Creation with Desktop SSO
CVE-2024-10449 2024-10-28 Codezips Hospital Appointment System loginAction.php sql injection
CVE-2024-45802 2024-10-28 Squid Denial of Service
CVE-2024-10450 2024-10-28 SourceCodester Kortex Lite Advocate Office Management System POST Parameter edit_profile.php sql injection
CVE-2024-47827 2024-10-28 Argo Workflows Controller: Denial of Service via malicious daemon Workflows
CVE-2024-10469 2024-10-28 CERT/CC VINCE versions before 3.0.9 allows authenticated user to access User Management view.
CVE-2024-42028 2024-10-28 A Local privilege escalation vulnerability found in a Self-Hosted UniFi...
CVE-2024-6245 2024-10-28 Default Credentials in ssh service for SmartPlay in Maruti Suzuki
CVE-2024-49771 2024-10-28 MPXJ has a Potential Path Traversal Vulnerability
CVE-2024-9629 2024-10-28 Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse
CVE-2024-50469 2024-10-28 WordPress Textboxes plugin <= 0.1.3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50468 2024-10-28 WordPress Raptor Editor plugin <= 1.0.20 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50467 2024-10-28 WordPress Scrollbar by webxapp plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50464 2024-10-28 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50462 2024-10-28 WordPress Interactive World Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50461 2024-10-28 WordPress EmbedPress plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50460 2024-10-28 WordPress Firelight Lightbox plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50458 2024-10-28 WordPress Advanced Sermons plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50451 2024-10-28 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50449 2024-10-28 WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50448 2024-10-28 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-50447 2024-10-28 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability