CVE List - 2024 / October
Showing 601 - 700 of 3571 CVEs for October 2024 (Page 7 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45292 | 2024-10-07 | PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks |
| CVE-2024-45291 | 2024-10-07 | Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet |
| CVE-2024-45290 | 2024-10-07 | Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet |
| CVE-2024-45060 | 2024-10-07 | Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet |
| CVE-2024-45051 | 2024-10-07 | Bypass of email address validation via encoded email addresses in Discourse |
| CVE-2024-45297 | 2024-10-07 | Prevent topic list filtering by hidden tags for unauthorized users in Discourse |
| CVE-2024-43789 | 2024-10-07 | Denial of service by the absence of restrictions on replies to posts in Discourse |
| CVE-2024-43362 | 2024-10-07 | Stored Cross-site Scripting (XSS) when creating external links in Cacti |
| CVE-2024-43364 | 2024-10-07 | Stored Cross-site Scripting (XSS) when creating external links in Cacti |
| CVE-2024-43365 | 2024-10-07 | Stored Cross-site Scripting (XSS) when creating external links in Cacti |
| CVE-2024-43363 | 2024-10-07 | Remote code execution via Log Poisoning in Cacti |
| CVE-2024-47973 | 2024-10-07 | In some Solidigm DC Products, a defect in device overprovisioning... |
| CVE-2024-47610 | 2024-10-07 | Stored Cross-site Scripting Vulnerability in Markdown Editor |
| CVE-2024-47974 | 2024-10-07 | Race condition during resource shutdown in some Solidigm DC Products... |
| CVE-2024-47772 | 2024-10-07 | Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse |
| CVE-2024-47967 | 2024-10-07 | Improper resource initialization handling in firmware of some Solidigm DC... |
| CVE-2024-47818 | 2024-10-07 | Logged-in users with any role can delete arbitrary files in @saltcorn/server |
| CVE-2024-47814 | 2024-10-07 | use-after-free when closing buffers in Vim |
| CVE-2024-47968 | 2024-10-07 | Improper resource shutdown in middle of certain operations on some... |
| CVE-2024-47817 | 2024-10-07 | Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus |
| CVE-2024-47782 | 2024-10-07 | Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover |
| CVE-2024-47781 | 2024-10-07 | Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki |
| CVE-2024-47969 | 2024-10-07 | Improper resource management in firmware of some Solidigm DC Products... |
| CVE-2024-25885 | 2024-10-08 | An issue in the getcolor function in utils.py of xhtml2pdf... |
| CVE-2024-36814 | 2024-10-08 | An arbitrary file read vulnerability in Adguard Home before v0.107.52... |
| CVE-2024-44349 | 2024-10-08 | A SQL injection vulnerability in login portal in AnteeoWMS before... |
| CVE-2024-45880 | 2024-10-08 | A command injection vulnerability exists in Motorola CX2L router v1.0.2... |
| CVE-2024-45918 | 2024-10-08 | Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable... |
| CVE-2024-46410 | 2024-10-08 | PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS)... |
| CVE-2024-46539 | 2024-10-08 | Insecure permissions in the Bluetooth Low Energy (BLE) component of... |
| CVE-2024-45230 | 2024-10-08 | An issue was discovered in Django 5.1 before 5.1.1, 5.0... |
| CVE-2024-45231 | 2024-10-08 | An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.... |
| CVE-2024-39806 | 2024-10-08 | Liteos_a has an out-of-bounds Read vulnerability |
| CVE-2024-39831 | 2024-10-08 | AccessTokenManager has an use after free vulnerability |
| CVE-2024-43696 | 2024-10-08 | Liteos_a has an Memory Leak vulnerability |
| CVE-2024-43697 | 2024-10-08 | Liteos_a has an Improper Input Validation vulnerability |
| CVE-2024-45382 | 2024-10-08 | Liteos_a has an Out-of-bounds Write vulnerability |
| CVE-2024-37179 | 2024-10-08 | Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) |
| CVE-2024-45277 | 2024-10-08 | Prototype Pollution vulnerability in SAP HANA Client |
| CVE-2024-45278 | 2024-10-08 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice |
| CVE-2024-45282 | 2024-10-08 | HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements) |
| CVE-2024-47594 | 2024-10-08 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) |
| CVE-2024-8925 | 2024-10-08 | Erroneous parsing of multipart form data |
| CVE-2024-8926 | 2024-10-08 | PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) |
| CVE-2024-8927 | 2024-10-08 | cgi.force_redirect configuration is bypassable due to the environment variable collision |
| CVE-2024-9026 | 2024-10-08 | PHP-FPM logs from children may be altered |
| CVE-2024-21532 | 2024-10-08 | All versions of the package ggit are vulnerable to Command... |
| CVE-2024-21533 | 2024-10-08 | All versions of the package ggit are vulnerable to Arbitrary... |
| CVE-2024-9292 | 2024-10-08 | Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-8983 | 2024-10-08 | Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS |
| CVE-2024-9021 | 2024-10-08 | Relevanssi < 4.23.1 - Contributor+ Stored XSS |
| CVE-2024-7206 | 2024-10-08 | Firmware extraction and Hardware SSL Pinning Bypass |
| CVE-2024-34662 | 2024-10-08 | Improper access control in ActivityManager prior to SMR Oct-2024 Release... |
| CVE-2024-34663 | 2024-10-08 | Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1... |
| CVE-2024-34664 | 2024-10-08 | Improper check for exception conditions in Knox Guard prior to... |
| CVE-2024-34665 | 2024-10-08 | Out-of-bounds write in parsing h.264 format in librtppayload.so prior to... |
| CVE-2024-34666 | 2024-10-08 | Out-of-bounds write in parsing h.264 format in a specific mode... |
| CVE-2024-34667 | 2024-10-08 | Out-of-bounds write in parsing h.265 format in librtppayload.so prior to... |
| CVE-2024-34668 | 2024-10-08 | Out-of-bounds write in parsing h.263 format in librtppayload.so prior to... |
| CVE-2024-34669 | 2024-10-08 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to... |
| CVE-2024-34670 | 2024-10-08 | Use of implicit intent for sensitive communication in Sound Assistant... |
| CVE-2024-34671 | 2024-10-08 | Use of implicit intent for sensitive communication in translation혻in Samsung... |
| CVE-2024-34672 | 2024-10-08 | Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in... |
| CVE-2024-8964 | 2024-10-08 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-47095 | 2024-10-08 | Reflected Cross-Site Scripting in Follet School Solutions Destiny |
| CVE-2022-4534 | 2024-10-08 | Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-8911 | 2024-10-08 | LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection |
| CVE-2024-8943 | 2024-10-08 | LatePoint <= 5.0.12 - Authentication Bypass |
| CVE-2023-52952 | 2024-10-08 | A vulnerability has been identified in HiMed Cockpit 12 pro... |
| CVE-2024-41798 | 2024-10-08 | A vulnerability has been identified in SENTRON 7KM PAC3200 (All... |
| CVE-2024-41902 | 2024-10-08 | A vulnerability has been identified in JT2Go (All versions <... |
| CVE-2024-41981 | 2024-10-08 | A vulnerability has been identified in Simcenter Femap V2306 (All... |
| CVE-2024-45463 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45464 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45465 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45466 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45467 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45468 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45469 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45470 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45471 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45472 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45473 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45474 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45475 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-45476 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-46886 | 2024-10-08 | The web server of affected devices does not properly validate... |
| CVE-2024-46887 | 2024-10-08 | The web server of affected devices do not properly authenticate... |
| CVE-2024-47046 | 2024-10-08 | A vulnerability has been identified in Simcenter Femap V2306 (All... |
| CVE-2024-47194 | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions <... |
| CVE-2024-47195 | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions <... |
| CVE-2024-47196 | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions <... |
| CVE-2024-47553 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor... |
| CVE-2024-47562 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor... |
| CVE-2024-47563 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor... |
| CVE-2024-47565 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor... |
| CVE-2024-8629 | 2024-10-08 | WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting |
| CVE-2024-8433 | 2024-10-08 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-3506 | 2024-10-08 | Camera Driver possible Buffer Overflow |
| CVE-2024-8422 | 2024-10-08 | CWE-416: Use After Free vulnerability exists that could cause arbitrary... |