VULNMAP - Security Vulnerabilities

CVE List - 2024 / October

Showing 3001 - 3100 of 3570 CVEs for October 2024 (Page 31 of 36)

CVE ID Date Title
CVE-2024-10431 2024-10-27 Codezips Pet Shop Management System deletebird.php sql injection
CVE-2024-10432 2024-10-27 Project Worlds Simple Web-Based Chat Application index.php sql injection
CVE-2024-34537 2024-10-28 TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of...
CVE-2024-39205 2024-10-28 An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVE-2024-42011 2024-10-28 The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.
CVE-2024-42930 2024-10-28 PbootCMS 3.2.8 is vulnerable to URL Redirect.
CVE-2024-48074 2024-10-28 An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the...
CVE-2024-48107 2024-10-28 SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on...
CVE-2024-48177 2024-10-28 MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do.
CVE-2024-48178 2024-10-28 newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
CVE-2024-48191 2024-10-28 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
CVE-2024-48195 2024-10-28 Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
CVE-2024-48196 2024-10-28 An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
CVE-2024-48291 2024-10-28 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
CVE-2024-48356 2024-10-28 LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.
CVE-2024-48357 2024-10-28 LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.
CVE-2024-48465 2024-10-28 The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter
CVE-2024-48594 2024-10-28 File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.
CVE-2024-48825 2024-10-28 Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48826 2024-10-28 Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48936 2024-10-28 SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs...
CVE-2024-51506 2024-10-28 Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVE-2024-51507 2024-10-28 Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVE-2024-51508 2024-10-28 Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVE-2024-51509 2024-10-28 Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVE-2024-10433 2024-10-28 Project Worlds Simple Web-Based Chat Application index.php cross site scripting
CVE-2024-10434 2024-10-28 Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow
CVE-2024-10435 2024-10-28 didi Super-Jacoco triggerEnvCov command injection
CVE-2024-50067 2024-10-28 uprobe: avoid out-of-bounds memory access of fetching args
CVE-2024-23843 2024-10-28 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0...
CVE-2024-10438 2024-10-28 Sunnet eHRD CTMS - Authentication Bypass
CVE-2024-10439 2024-10-28 Sunnet eHRD CTMS - Insecure Direct Object Reference
CVE-2024-10440 2024-10-28 Sunnet eHRD CTMS - SQL Injection
CVE-2024-50307 2024-10-28 Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file...
CVE-2024-9162 2024-10-28 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection
CVE-2024-38821 2024-10-28 Authorization Bypass of Static Resources in WebFlux Applications
CVE-2024-50442 2024-10-28 WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
CVE-2024-50489 2024-10-28 WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability
CVE-2024-50487 2024-10-28 WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability
CVE-2024-50486 2024-10-28 WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability
CVE-2024-50477 2024-10-28 WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability
CVE-2024-50498 2024-10-28 WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
CVE-2024-50492 2024-10-28 WordPress ScottCart plugin <= 1.1 - Remote Code Execution (RCE) vulnerability
CVE-2024-50450 2024-10-28 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
CVE-2024-50416 2024-10-28 WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability
CVE-2024-10446 2024-10-28 Project Worlds Online Time Table Generator admindashboard.php sql injection
CVE-2024-50408 2024-10-28 WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability
CVE-2024-50488 2024-10-28 WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability
CVE-2024-50483 2024-10-28 WordPress Meetup plugin <= 0.1 - Broken Authentication vulnerability
CVE-2024-50478 2024-10-28 WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability
CVE-2024-50463 2024-10-28 WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability
CVE-2024-50497 2024-10-28 WordPress Advanced Online Ordering and Delivery Platform plugin <= 2.0.0 - Local File Inclusion vulnerability
CVE-2024-50491 2024-10-28 WordPress RSVP ME plugin <= 1.9.9 - SQL Injection vulnerability
CVE-2024-50479 2024-10-28 WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability
CVE-2024-50465 2024-10-28 WordPress Premium SEO Pack plugin <= 1.6.001 - SQL Injection vulnerability
CVE-2024-50502 2024-10-28 WordPress Cozy Blocks plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50501 2024-10-28 WordPress Kata Plus plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50472 2024-10-28 WordPress Amilia Store plugin <= 2.9.8 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-50471 2024-10-28 WordPress Trip Plan plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50470 2024-10-28 WordPress Themes4WP YouTube External Subtitles plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50573 2024-10-28 In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVE-2024-50574 2024-10-28 In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
CVE-2024-50575 2024-10-28 In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
CVE-2024-50576 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
CVE-2024-50577 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
CVE-2024-50578 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
CVE-2024-50579 2024-10-28 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
CVE-2024-50580 2024-10-28 In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
CVE-2024-50581 2024-10-28 In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
CVE-2024-50582 2024-10-28 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
CVE-2024-8013 2024-10-28 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
CVE-2024-10447 2024-10-28 Project Worlds Online Time Table Generator staffdashboard.php sql injection
CVE-2024-50443 2024-10-28 WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability
CVE-2024-10455 2024-10-28 Reachable Assertion in µD3TN
CVE-2024-10448 2024-10-28 code-projects Blood Bank Management System delete.php cross-site request forgery
CVE-2024-49761 2024-10-28 REXML ReDoS vulnerability
CVE-2024-10214 2024-10-28 Incorrect Session Creation with Desktop SSO
CVE-2024-10449 2024-10-28 Codezips Hospital Appointment System loginAction.php sql injection
CVE-2024-45802 2024-10-28 Squid Denial of Service
CVE-2024-10450 2024-10-28 SourceCodester Kortex Lite Advocate Office Management System POST Parameter edit_profile.php sql injection
CVE-2024-47827 2024-10-28 Argo Workflows Controller: Denial of Service via malicious daemon Workflows
CVE-2024-10469 2024-10-28 CERT/CC VINCE versions before 3.0.9 allows authenticated user to access User Management view.
CVE-2024-42028 2024-10-28 A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user...
CVE-2024-6245 2024-10-28 Default Credentials in ssh service for SmartPlay in Maruti Suzuki
CVE-2024-49771 2024-10-28 MPXJ has a Potential Path Traversal Vulnerability
CVE-2024-9629 2024-10-28 Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse
CVE-2024-50469 2024-10-28 WordPress Textboxes plugin <= 0.1.3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50468 2024-10-28 WordPress Raptor Editor plugin <= 1.0.20 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50467 2024-10-28 WordPress Scrollbar by webxapp plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50464 2024-10-28 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50462 2024-10-28 WordPress Interactive World Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50461 2024-10-28 WordPress EmbedPress plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50460 2024-10-28 WordPress Firelight Lightbox plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50458 2024-10-28 WordPress Advanced Sermons plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50451 2024-10-28 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50449 2024-10-28 WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50448 2024-10-28 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-50447 2024-10-28 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50446 2024-10-28 WordPress Futurio Extra plugin <= 2.0.11 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50445 2024-10-28 WordPress Selection Lite plugin <= 1.13 - Cross Site Scripting (XSS) vulnerability