CVE List - 2024 / October
Showing 3501 - 3571 of 3571 CVEs for October 2024 (Page 36 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-52044 | 2024-10-31 | Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE)... |
| CVE-2023-52045 | 2024-10-31 | Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to... |
| CVE-2024-39332 | 2024-10-31 | Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code... |
| CVE-2024-39719 | 2024-10-31 | An issue was discovered in Ollama through 0.3.14. File existence... |
| CVE-2024-39720 | 2024-10-31 | An issue was discovered in Ollama before 0.1.46. An attacker... |
| CVE-2024-39721 | 2024-10-31 | An issue was discovered in Ollama before 0.1.34. The CreateModelHandler... |
| CVE-2024-39722 | 2024-10-31 | An issue was discovered in Ollama before 0.1.46. It exposes... |
| CVE-2024-42515 | 2024-10-31 | Glossarizer through 1.5.2 improperly tries to convert text into HTML.... |
| CVE-2024-42835 | 2024-10-31 | langflow v1.0.12 was discovered to contain a remote code execution... |
| CVE-2024-48200 | 2024-10-31 | An issue in MobaXterm v24.2 allows a local attacker to... |
| CVE-2024-48307 | 2024-10-31 | JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-48311 | 2024-10-31 | Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-48359 | 2024-10-31 | Qualitor v8.24 was discovered to contain a remote code execution... |
| CVE-2024-48360 | 2024-10-31 | Qualitor v8.24 was discovered to contain a Server-Side Request Forgery... |
| CVE-2024-50801 | 2024-10-31 | A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in... |
| CVE-2024-50802 | 2024-10-31 | A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in... |
| CVE-2024-51060 | 2024-10-31 | Projectworlds Online Admission System v1 is vulnerable to SQL Injection... |
| CVE-2024-51063 | 2024-10-31 | Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL... |
| CVE-2024-51064 | 2024-10-31 | Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL... |
| CVE-2024-51065 | 2024-10-31 | Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL... |
| CVE-2024-51066 | 2024-10-31 | An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in... |
| CVE-2024-51254 | 2024-10-31 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-51255 | 2024-10-31 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-51259 | 2024-10-31 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-51260 | 2024-10-31 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-51430 | 2024-10-31 | Cross Site Scripting vulnerability in online diagnostic lab management system... |
| CVE-2024-10556 | 2024-10-31 | Codezips Pet Shop Management System birdsadd.php sql injection |
| CVE-2024-10557 | 2024-10-31 | code-projects Blood Bank Management System updateprofile.php cross-site request forgery |
| CVE-2024-10559 | 2024-10-31 | SourceCodester Airport Booking Management System details buffer overflow |
| CVE-2024-10561 | 2024-10-31 | Codezips Pet Shop Management System birdsupdate.php sql injection |
| CVE-2024-10544 | 2024-10-31 | Woo Manage Fraud Orders <= 6.1.7 - Unauthenticated Information Exposure via Log Files |
| CVE-2024-9708 | 2024-10-31 | Easy SVG Upload <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-21537 | 2024-10-31 | Versions of the package lilconfig from 3.1.0 and before 3.1.1... |
| CVE-2024-10392 | 2024-10-31 | AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9700 | 2024-10-31 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation |
| CVE-2024-9165 | 2024-10-31 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9430 | 2024-10-31 | Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download |
| CVE-2024-9446 | 2024-10-31 | WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode |
| CVE-2024-9434 | 2024-10-31 | WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-30149 | 2024-10-31 | HCL AppScan Source is affected by an expired TLS/SSL certificate |
| CVE-2024-43383 | 2024-10-31 | Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator |
| CVE-2024-49685 | 2024-10-31 | WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49674 | 2024-10-31 | WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-43984 | 2024-10-31 | WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2024-43933 | 2024-10-31 | WordPress WPMobile.App plugin <= 11.48 - CSRF to Stored XSS vulnerability |
| CVE-2024-43930 | 2024-10-31 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2024-8934 | 2024-10-31 | Beckhoff: Local command injection via TwinCAT Package Manager |
| CVE-2024-10454 | 2024-10-31 | Clickjacking vulnerability in Clibo Manager |
| CVE-2024-48910 | 2024-10-31 | DOMPurify vulnerable to tampering by prototype polution |
| CVE-2024-8553 | 2024-10-31 | Foreman: read-only access to entire db from templates |
| CVE-2024-8185 | 2024-10-31 | Vault Vulnerable to Denial of Service When Processing Raft Join Requests |
| CVE-2024-50354 | 2024-10-31 | Out-of-memory during deserialization with crafted inputs |
| CVE-2024-51481 | 2024-10-31 | Nix allows macOS sandbox escape via built-in builders |
| CVE-2024-51478 | 2024-10-31 | Use of a Broken or Risky Cryptographic Algorithm in YesWiki |
| CVE-2024-7883 | 2024-10-31 | CMSE secure state may leak from stack to floating-point registers |
| CVE-2024-50347 | 2024-10-31 | Laravel Reverb has Missing API Signature Verification |
| CVE-2024-50356 | 2024-10-31 | Press has a potential 2FA bypass |
| CVE-2024-51482 | 2024-10-31 | Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64 |
| CVE-2024-10573 | 2024-10-31 | Mpg123: buffer overflow when writing decoded pcm samples |
| CVE-2024-10594 | 2024-10-31 | ESAFENET CDG FileDirectoryService.java docHistory sql injection |
| CVE-2024-10595 | 2024-10-31 | ESAFENET CDG PublicDocInfoAjax.java delDifferCourseList sql injection |
| CVE-2024-10596 | 2024-10-31 | ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection |
| CVE-2024-10597 | 2024-10-31 | ESAFENET CDG PolicyActionService.java delPolicyAction sql injection |
| CVE-2024-6480 | 2024-10-31 | SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting |
| CVE-2024-6479 | 2024-10-31 | SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-10598 | 2024-10-31 | Tongda OA Annual Leave data.php improper authorization |
| CVE-2024-10599 | 2024-10-31 | Tongda OA 2017 package_static_resources.php resource consumption |
| CVE-2024-10600 | 2024-10-31 | Tongda OA 2017 submenu.php sql injection |
| CVE-2024-10601 | 2024-10-31 | Tongda OA 2017 delete.php sql injection |
| CVE-2024-10602 | 2024-10-31 | Tongda OA 2017 data_picker_link.php sql injection |
| CVE-2024-10605 | 2024-10-31 | code-projects Blood Bank Management System request.php cross-site request forgery |