VULNMAP - Security Vulnerabilities

CVE List - 2024 / October

Showing 3201 - 3300 of 3571 CVEs for October 2024 (Page 33 of 36)

CVE ID Date Title
CVE-2024-48063 2024-10-29 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this...
CVE-2024-48138 2024-10-29 A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php...
CVE-2024-48206 2024-10-29 A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads...
CVE-2024-48461 2024-10-29 Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6...
CVE-2024-48573 2024-10-29 A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows...
CVE-2024-51075 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in...
CVE-2024-51076 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in...
CVE-2024-51180 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in...
CVE-2024-51181 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in...
CVE-2024-51568 2024-10-29 CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via...
CVE-2024-48572 2024-10-29 A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows...
CVE-2024-48955 2024-10-29 Broken access control in NetAdmin 4.030319 returns data with functionalities...
CVE-2024-51378 2024-10-29 getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel)...
CVE-2024-51567 2024-10-29 upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6...
CVE-2024-10477 2024-10-29 LinZhaoguan pb-cms Permission Management Page admin#permissions cross site scripting
CVE-2024-10478 2024-10-29 LinZhaoguan pb-cms Edit Article edit cross site scripting
CVE-2024-45656 2024-10-29 IBM Flexible Service Processor hard coded credentials
CVE-2024-50068 2024-10-29 mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()
CVE-2024-50069 2024-10-29 pinctrl: apple: check devm_kasprintf() returned value
CVE-2024-50070 2024-10-29 pinctrl: stm32: check devm_kasprintf() returned value
CVE-2024-50071 2024-10-29 pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()
CVE-2024-50072 2024-10-29 x86/bugs: Use code segment selector for VERW operand
CVE-2024-50073 2024-10-29 tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
CVE-2024-50074 2024-10-29 parport: Proper fix for array out-of-bounds access
CVE-2024-50075 2024-10-29 xhci: tegra: fix checked USB2 port number
CVE-2024-50076 2024-10-29 vt: prevent kernel-infoleak in con_font_get()
CVE-2024-50077 2024-10-29 Bluetooth: ISO: Fix multiple init when debugfs is disabled
CVE-2024-50078 2024-10-29 Bluetooth: Call iso_exit() on module unload
CVE-2024-50079 2024-10-29 io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work
CVE-2024-50080 2024-10-29 ublk: don't allow user copy for unprivileged device
CVE-2024-50081 2024-10-29 blk-mq: setup queue ->tag_set before initializing hctx
CVE-2024-50082 2024-10-29 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
CVE-2024-50083 2024-10-29 tcp: fix mptcp DSS corruption due to large pmtu xmit
CVE-2024-50084 2024-10-29 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
CVE-2024-50085 2024-10-29 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
CVE-2024-50086 2024-10-29 ksmbd: fix user-after-free from session log off
CVE-2024-50087 2024-10-29 btrfs: fix uninitialized pointer free on read_alloc_one_name() error
CVE-2024-50088 2024-10-29 btrfs: fix uninitialized pointer free in add_inode_ref()
CVE-2024-10479 2024-10-29 LinZhaoguan pb-cms Theme Management Module admin#themes cross site scripting
CVE-2024-22065 2024-10-29 ZTE MF258 Pro product has a OS Command injection vulnerability
CVE-2024-10008 2024-10-29 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation
CVE-2024-10000 2024-10-29 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality
CVE-2024-10312 2024-10-29 Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVE-2024-50494 2024-10-29 WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability
CVE-2024-50493 2024-10-29 WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability
CVE-2024-50484 2024-10-29 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
CVE-2024-50482 2024-10-29 WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability
CVE-2024-50480 2024-10-29 WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability
CVE-2024-10241 2024-10-29 Private channel names leaked with Ctrl+K when ElasticSearch is enabled
CVE-2024-50052 2024-10-29 Arbitrary post deletion via Playbooks /ignore-thread endpoint
CVE-2024-47401 2024-10-29 DoS via Amplified GraphQL Response in Playbooks
CVE-2024-46872 2024-10-29 Client-Side Path Traversal Leading to CSRF in Playbooks
CVE-2024-50473 2024-10-29 WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
CVE-2024-9438 2024-10-29 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
CVE-2024-10048 2024-10-29 Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page
CVE-2024-50427 2024-10-29 WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
CVE-2024-50420 2024-10-29 WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
CVE-2024-50490 2024-10-29 WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-50485 2024-10-29 WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
CVE-2024-50481 2024-10-29 WordPress Bstone Demo Importer plugin <= 1.0.1 - Privilege Escalation vulnerability
CVE-2024-50476 2024-10-29 WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-50475 2024-10-29 WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-50426 2024-10-29 WordPress Survey Maker plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50418 2024-10-29 WordPress Time Slot plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50415 2024-10-29 WordPress Ads.txt & App-ads.txt Manager for WordPress plugin <= 1.1.7.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-50414 2024-10-29 WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50413 2024-10-29 WordPress Import and export users and customers plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50412 2024-10-29 WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.15 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50411 2024-10-29 WordPress WP Abstracts plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49642 2024-10-29 WordPress Todo Custom Field plugin <= 3.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-45477 2024-10-29 Apache NiFi: Improper Neutralization of Input in Parameter Description
CVE-2024-22066 2024-10-29 There is a privilege escalation vulnerability in ZTE ZXR10 ZSR...
CVE-2024-9376 2024-10-29 Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-10436 2024-10-29 WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion
CVE-2024-10437 2024-10-29 WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation
CVE-2024-10227 2024-10-29 affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode
CVE-2024-50550 2024-10-29 WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability
CVE-2024-50410 2024-10-29 WordPress Namaste! LMS plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50409 2024-10-29 WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50407 2024-10-29 WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49692 2024-10-29 WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49679 2024-10-29 WordPress WPKoi Templates for Elementor plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-10184 2024-10-29 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode
CVE-2024-10185 2024-10-29 StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode
CVE-2024-10266 2024-10-29 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget
CVE-2024-10233 2024-10-29 SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode
CVE-2024-10360 2024-10-29 Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVE-2024-49678 2024-10-29 WordPress js paper theme <= 2.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49673 2024-10-29 WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49672 2024-10-29 WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-49670 2024-10-29 WordPress Client Power Tools Portal plugin <= 1.8.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49667 2024-10-29 WordPress Local Business Addons For Elementor plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-49665 2024-10-29 WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-49664 2024-10-29 WordPress chatplusjp plugin <= 1.02 - Cross Site Scripting (XSS) vulnerability
CVE-2024-10181 2024-10-29 Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode
CVE-2024-49663 2024-10-29 WordPress uCAT – Next Story plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49662 2024-10-29 WordPress Simple Load More plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49661 2024-10-29 WordPress leenk.me plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49660 2024-10-29 WordPress Campus Explorer Widget plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49659 2024-10-29 WordPress Coub plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability