CVE List - 2024 / November
Showing 1101 - 1200 of 4054 CVEs for November 2024 (Page 12 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-51674 | 2024-11-09 | WordPress Sastra Essential Addons for Elementor plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51673 | 2024-11-09 | WordPress HT Politic plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51670 | 2024-11-09 | WordPress JS Help Desk plugin <= 2.8.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51668 | 2024-11-09 | WordPress MyCurator Content Curation plugin <= 3.78 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51664 | 2024-11-09 | WordPress Beds24 Online Booking plugin <= 2.0.25 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51663 | 2024-11-09 | WordPress Bricksable for Bricks Builder plugin <= 1.6.59 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51662 | 2024-11-09 | WordPress Black Widgets For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51647 | 2024-11-09 | WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51630 | 2024-11-09 | WordPress Responsive Flickr Gallery plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-51629 | 2024-11-09 | WordPress Header Footer Composer for Elementor plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51628 | 2024-11-09 | WordPress EzyOnlineBookings Online Booking System Widget plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51627 | 2024-11-09 | WordPress Audio Comparison Lite plugin <= 3.4 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51623 | 2024-11-09 | WordPress WP EIS plugin <= 1.3.3 - SQL Injection vulnerability |
| CVE-2024-51622 | 2024-11-09 | WordPress WP EASY RECIPE plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51618 | 2024-11-09 | WordPress Custom Admin Menu plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51616 | 2024-11-09 | WordPress AwesomePress plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51614 | 2024-11-09 | WordPress Aajoda Testimonials plugin <= 2.2.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51613 | 2024-11-09 | WordPress TradeMe widgets plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51612 | 2024-11-09 | WordPress Reftagger Shortcode plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51611 | 2024-11-09 | WordPress WP Feature Box plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51610 | 2024-11-09 | WordPress Display Terms Shortcode plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51609 | 2024-11-09 | WordPress Emoji Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51608 | 2024-11-09 | WordPress AmaDiscount Plugin plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-51606 | 2024-11-09 | WordPress Blrt WP Embed plugin <= 1.6.9 - SQL Injection vulnerability |
| CVE-2024-51605 | 2024-11-09 | WordPress Genoo plugin <= 6.0.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51604 | 2024-11-09 | WordPress Media Modal plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51603 | 2024-11-09 | WordPress NMR Strava activities plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51599 | 2024-11-09 | WordPress Simple Business Manager plugin <= 4.6.7.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51598 | 2024-11-09 | WordPress Selar.co Widget plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51597 | 2024-11-09 | WordPress ThemeShark Templates & Widgets for Elementor plugin <= 1.1.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51596 | 2024-11-09 | WordPress Business plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51595 | 2024-11-09 | WordPress SKSDEV Toolkit plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51594 | 2024-11-09 | WordPress Gmap Point List plugin <= 1.1.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51593 | 2024-11-09 | WordPress Курс валют UAH plugin <= 2.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51592 | 2024-11-09 | WordPress Meta Store Elements plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51591 | 2024-11-09 | WordPress Slicko plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51590 | 2024-11-09 | WordPress Hoo Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51589 | 2024-11-09 | WordPress Bigmart Elements plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51588 | 2024-11-09 | WordPress Super Addons for Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51587 | 2024-11-09 | WordPress Definitive Addons for Elementor plugin <= 1.5.16 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51586 | 2024-11-09 | WordPress Elementary Addons plugin <= 2.0.4 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51585 | 2024-11-09 | WordPress Sales Page Addon plugin <= 1.4.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-42000 | 2024-11-09 | Unauthorized Access to view channels' details |
| CVE-2024-36250 | 2024-11-09 | MFA Code Replay |
| CVE-2024-52032 | 2024-11-09 | Private channel names leaking when Elasticsearch is enabled |
| CVE-2020-10367 | 2024-11-10 | Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a "Spectra" attack. |
| CVE-2020-10368 | 2024-11-10 | Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack. |
| CVE-2020-10369 | 2024-11-10 | Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack. |
| CVE-2021-35473 | 2024-11-10 | An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use... |
| CVE-2021-41737 | 2024-11-10 | In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption. |
| CVE-2023-40457 | 2024-11-10 | The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset)... |
| CVE-2024-46613 | 2024-11-10 | WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command,... |
| CVE-2024-46952 | 2024-11-10 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). |
| CVE-2024-46954 | 2024-11-10 | An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. |
| CVE-2020-10370 | 2024-11-10 | Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack. |
| CVE-2024-46951 | 2024-11-10 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. |
| CVE-2024-46953 | 2024-11-10 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible... |
| CVE-2024-46955 | 2024-11-10 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. |
| CVE-2024-46956 | 2024-11-10 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. |
| CVE-2024-11046 | 2024-11-10 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp os command injection |
| CVE-2024-11047 | 2024-11-10 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow |
| CVE-2024-11048 | 2024-11-10 | D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow |
| CVE-2024-11049 | 2024-11-10 | ZKTeco ZKBio Time Image File photo direct request |
| CVE-2024-11050 | 2024-11-10 | AMTT Hotel Broadband Operation System language.php cross site scripting |
| CVE-2024-11051 | 2024-11-10 | AMTT Hotel Broadband Operation System online_status.php sql injection |
| CVE-2024-51584 | 2024-11-10 | WordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51583 | 2024-11-10 | WordPress Kento Ads Rotator plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51581 | 2024-11-10 | WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51580 | 2024-11-10 | WordPress Clever Addons for Elementor plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51578 | 2024-11-10 | WordPress 3D Presentation plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51577 | 2024-11-10 | WordPress bpmn.io plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-11054 | 2024-11-10 | SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload |
| CVE-2024-51576 | 2024-11-10 | WordPress AMP Img Shortcode plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10265 | 2024-11-10 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-10958 | 2024-11-10 | WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay |
| CVE-2024-11055 | 2024-11-10 | 1000 Projects Beauty Parlour Management System admin-profile.php sql injection |
| CVE-2024-11056 | 2024-11-10 | Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow |
| CVE-2024-11057 | 2024-11-10 | Codezips Hospital Appointment System removeBranchResult.php sql injection |
| CVE-2024-11058 | 2024-11-10 | CodeAstro Real Estate Management System About Us Page aboutedit.php sql injection |
| CVE-2024-11059 | 2024-11-10 | Project Worlds Free Download Online Shopping System success.php sql injection |
| CVE-2024-25253 | 2024-11-11 | Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module. |
| CVE-2024-25254 | 2024-11-11 | SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter. |
| CVE-2024-25255 | 2024-11-11 | Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior. |
| CVE-2024-36061 | 2024-11-11 | EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities. |
| CVE-2024-41992 | 2024-11-11 | Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this... |
| CVE-2024-44546 | 2024-11-11 | Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. |
| CVE-2024-46962 | 2024-11-11 | The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component. |
| CVE-2024-46963 | 2024-11-11 | The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component. |
| CVE-2024-46964 | 2024-11-11 | The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. |
| CVE-2024-46965 | 2024-11-11 | The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. |
| CVE-2024-46966 | 2024-11-11 | The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. |
| CVE-2024-48322 | 2024-11-11 | UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. |
| CVE-2024-48939 | 2024-11-11 | Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able... |
| CVE-2024-50601 | 2024-11-11 | Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead... |
| CVE-2024-50636 | 2024-11-11 | PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing... |
| CVE-2024-50667 | 2024-11-11 | The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows... |
| CVE-2024-50989 | 2024-11-11 | A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter. |
| CVE-2024-50990 | 2024-11-11 | A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST... |
| CVE-2024-50991 | 2024-11-11 | A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter |
| CVE-2024-51026 | 2024-11-11 | The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field. |