CVE List - 2024 / October
Showing 3301 - 3400 of 3570 CVEs for October 2024 (Page 34 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-49651 | 2024-10-29 | WordPress WooCommerce Maintenance Mode plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2017-20195 | 2024-10-29 | LUNAD3v AreaLoad request.php sql injection |
| CVE-2024-49650 | 2024-10-29 | WordPress BuddyPress Greeting Message plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49648 | 2024-10-29 | WordPress SVG Captcha plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49647 | 2024-10-29 | WordPress Simple Custom Admin plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49646 | 2024-10-29 | WordPress Code Generate plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49645 | 2024-10-29 | WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49643 | 2024-10-29 | WordPress Whitelist plugin <= 3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10458 | 2024-10-29 | A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox... |
| CVE-2024-10459 | 2024-10-29 | An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR <... |
| CVE-2024-10460 | 2024-10-29 | The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird... |
| CVE-2024-10461 | 2024-10-29 | In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox... |
| CVE-2024-10462 | 2024-10-29 | Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird <... |
| CVE-2024-10463 | 2024-10-29 | Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird... |
| CVE-2024-10464 | 2024-10-29 | Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This... |
| CVE-2024-10465 | 2024-10-29 | A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. |
| CVE-2024-10466 | 2024-10-29 | By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR... |
| CVE-2024-10467 | 2024-10-29 | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-10468 | 2024-10-29 | Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. |
| CVE-2024-10474 | 2024-10-29 | Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for... |
| CVE-2024-49641 | 2024-10-29 | WordPress Tida URL Screenshot plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-41153 | 2024-10-29 | Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to... |
| CVE-2024-49640 | 2024-10-29 | WordPress ACL Floating Cart for WooCommerce plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49639 | 2024-10-29 | WordPress Monitor.chat plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49638 | 2024-10-29 | WordPress Risk Warning Bar plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-41156 | 2024-10-29 | Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be... |
| CVE-2024-7475 | 2024-10-29 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-5982 | 2024-10-29 | Path Traversal in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-7474 | 2024-10-29 | IDOR in lunary-ai/lunary |
| CVE-2024-6674 | 2024-10-29 | Data Leak through CORS Misconfiguration in parisneo/lollms-webui |
| CVE-2024-6868 | 2024-10-29 | Arbitrary File Write in mudler/LocalAI |
| CVE-2024-7962 | 2024-10-29 | Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-49637 | 2024-10-29 | WordPress Bet WC 2018 Russia plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-7807 | 2024-10-29 | Denial of Service (DOS) in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-7010 | 2024-10-29 | Timing Attack in mudler/localai |
| CVE-2024-7473 | 2024-10-29 | IDOR Vulnerability in lunary-ai/lunary |
| CVE-2024-5823 | 2024-10-29 | File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-6581 | 2024-10-29 | Remote Code Execution due to Stored XSS in parisneo/lollms |
| CVE-2024-8143 | 2024-10-29 | Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-7774 | 2024-10-29 | Path Traversal in langchain-ai/langchainjs |
| CVE-2024-7783 | 2024-10-29 | Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm |
| CVE-2024-49636 | 2024-10-29 | WordPress Agile Video Player Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-7472 | 2024-10-29 | Email Injection Vulnerability in lunary-ai/lunary |
| CVE-2024-7042 | 2024-10-29 | Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection |
| CVE-2024-8309 | 2024-10-29 | SQL Injection in langchain-ai/langchain |
| CVE-2024-6673 | 2024-10-29 | CSRF Vulnerability in parisneo/lollms-webui |
| CVE-2024-49635 | 2024-10-29 | WordPress Banner Slider plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49634 | 2024-10-29 | WordPress BP Member Type Manager plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49632 | 2024-10-29 | WordPress CWD 3D Image Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47640 | 2024-10-29 | WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9505 | 2024-10-29 | Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget |
| CVE-2024-10226 | 2024-10-29 | Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode |
| CVE-2024-48921 | 2024-10-29 | Kyverno's PolicyException objects can be created in any namespace by default |
| CVE-2024-49769 | 2024-10-29 | Waitress has a denial of service leading to high CPU usage/resource exhaustion |
| CVE-2024-49768 | 2024-10-29 | Waitress has request processing race condition in HTTP pipelining with invalid first request |
| CVE-2024-50334 | 2024-10-29 | Semicolon Path Injection on API /api;/config |
| CVE-2024-10452 | 2024-10-29 | Organization admins can delete pending invites created in an organization they are not part of. |
| CVE-2024-7985 | 2024-10-29 | FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-25566 | 2024-10-29 | Open Redirect in PingAM |
| CVE-2024-8923 | 2024-10-29 | Sandbox Escape in Now Platform |
| CVE-2024-8924 | 2024-10-29 | Unauthenticated Blind SQL Injection in Core Platform |
| CVE-2024-10491 | 2024-10-29 | Preload arbitrary resources by injecting additional `Link` headers |
| CVE-2024-9988 | 2024-10-29 | Crypto <= 2.15 - Authentication Bypass via register |
| CVE-2024-9990 | 2024-10-29 | Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass |
| CVE-2024-9989 | 2024-10-29 | Crypto <= 2.15 - Authentication Bypass via log_in |
| CVE-2024-50466 | 2024-10-29 | WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-50459 | 2024-10-29 | WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2024-50456 | 2024-10-29 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2024-50455 | 2024-10-29 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2024-8587 | 2024-10-29 | Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-8588 | 2024-10-29 | Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2024-8589 | 2024-10-29 | Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2024-8590 | 2024-10-29 | Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability |
| CVE-2024-50454 | 2024-10-29 | WordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-8591 | 2024-10-29 | Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-8593 | 2024-10-29 | Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability |
| CVE-2024-8594 | 2024-10-29 | Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-8595 | 2024-10-29 | Autodesk AutoCAD MODEL File Parsing Use-After-Free Code Execution Vulnerability |
| CVE-2024-50428 | 2024-10-29 | WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability |
| CVE-2024-8596 | 2024-10-29 | Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Code Execution Vulnerability |
| CVE-2024-8597 | 2024-10-29 | Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability |
| CVE-2024-8598 | 2024-10-29 | Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability |
| CVE-2024-8599 | 2024-10-29 | Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability |
| CVE-2024-8600 | 2024-10-29 | A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write... |
| CVE-2024-9826 | 2024-10-29 | Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability |
| CVE-2024-9827 | 2024-10-29 | Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2024-10228 | 2024-10-29 | Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user |
| CVE-2024-50425 | 2024-10-29 | WordPress WP Booking System – Booking Calendar plugin <= 2.0.19.10 - Broken Access Control vulnerability |
| CVE-2024-50424 | 2024-10-29 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2024-50423 | 2024-10-29 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2024-50422 | 2024-10-29 | WordPress Breeze plugin <= 2.1.14 - Broken Access Control vulnerability |
| CVE-2024-50421 | 2024-10-29 | WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 3.8.6 - Broken Access Control vulnerability |
| CVE-2024-8592 | 2024-10-29 | Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability |
| CVE-2024-8896 | 2024-10-29 | Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability |
| CVE-2024-9489 | 2024-10-29 | Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability |
| CVE-2024-9996 | 2024-10-29 | Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability |
| CVE-2024-9997 | 2024-10-29 | Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability |
| CVE-2024-7991 | 2024-10-29 | Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability |
| CVE-2024-7992 | 2024-10-29 | Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-10487 | 2024-10-29 | Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security... |