CVE List - 2024 / November
Showing 3001 - 3100 of 4054 CVEs for November 2024 (Page 31 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48288 | 2024-11-21 | TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to... |
| CVE-2024-45663 | 2024-11-21 | IBM Db2 denial of service |
| CVE-2024-52797 | 2024-11-21 | Searching Opencast may cause a denial of service |
| CVE-2022-43933 | 2024-11-21 | configuration secrets are logged in support-save |
| CVE-2022-43934 | 2024-11-21 | Weak Key-exchange algorithms |
| CVE-2022-43935 | 2024-11-21 | Switch passwords and authorization IDs are printed in the embedded MLS DB file |
| CVE-2024-11447 | 2024-11-21 | Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting |
| CVE-2024-10682 | 2024-11-21 | Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting |
| CVE-2024-9851 | 2024-11-21 | LSX Tour Operator <= 1.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10164 | 2024-11-21 | Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode |
| CVE-2024-11414 | 2024-11-21 | RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10532 | 2024-11-21 | Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import |
| CVE-2024-11455 | 2024-11-21 | Include Mastodon Feed <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9111 | 2024-11-21 | Product Designer <= 1.0.35 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-11370 | 2024-11-21 | Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-10726 | 2024-11-21 | Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11354 | 2024-11-21 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion |
| CVE-2024-11428 | 2024-11-21 | Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11432 | 2024-11-21 | SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11435 | 2024-11-21 | salavat counter Plugin <= 0.9.1 - Reflected Cross-Site Scripting |
| CVE-2024-11412 | 2024-11-21 | Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11197 | 2024-11-21 | Lock User Account <= 1.0.5 - User Lock Bypass |
| CVE-2024-10522 | 2024-11-21 | Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-10696 | 2024-11-21 | UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode |
| CVE-2024-11360 | 2024-11-21 | Page Parts <= 1.4.3 - Reflected Cross-Site Scripting |
| CVE-2024-11424 | 2024-11-21 | Slick Sitemap <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11409 | 2024-11-21 | Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection |
| CVE-2024-11388 | 2024-11-21 | Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9442 | 2024-11-21 | F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-11385 | 2024-11-21 | Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10172 | 2024-11-21 | WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode |
| CVE-2024-10898 | 2024-11-21 | Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-11416 | 2024-11-21 | WIP Incoming Lite <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11365 | 2024-11-21 | Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting |
| CVE-2024-10177 | 2024-11-21 | Beds24 Online Booking <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode |
| CVE-2024-11440 | 2024-11-21 | Grey Owl Lightbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2022-43936 | 2024-11-21 | Brocade Fabric OS switch passwords when debugging is enabled |
| CVE-2022-43937 | 2024-11-21 | Brocade SANnav Information Disclosure Vulnerability |
| CVE-2024-10785 | 2024-11-21 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10796 | 2024-11-21 | If-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10623 | 2024-11-21 | ForumEngine <= 1.8 - Reflected Cross-Site Scripting |
| CVE-2024-9371 | 2024-11-21 | Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting |
| CVE-2024-10528 | 2024-11-21 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update |
| CVE-2024-11438 | 2024-11-21 | StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10782 | 2024-11-21 | Theme Builder For Elementor <= 1.2.2 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10788 | 2024-11-21 | Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context |
| CVE-2024-11334 | 2024-11-21 | My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export |
| CVE-2024-10671 | 2024-11-21 | Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10403 | 2024-11-21 | SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav |
| CVE-2024-7517 | 2024-11-21 | Privileged escalation via crafted use of portcfg command |
| CVE-2024-10482 | 2024-11-21 | Media Library Tools < 1.5.0 - Author+ Stored XSS via SVG |
| CVE-2024-5029 | 2024-11-21 | CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF |
| CVE-2024-8157 | 2024-11-21 | Alphabetical List <= 1.0.3 - Settings Update via CSRF |
| CVE-2024-9600 | 2024-11-21 | Ditty < 3.1.47 - Author+ Stored XSS |
| CVE-2024-9768 | 2024-11-21 | Formidable Forms < 6.14.1 - Admin+ Stored XSS |
| CVE-2024-9828 | 2024-11-21 | Taskbuilder < 3.0.5 - Admin+ SQL Injection |
| CVE-2024-10393 | 2024-11-21 | Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration |
| CVE-2024-10890 | 2024-11-21 | WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting |
| CVE-2024-10400 | 2024-11-21 | Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter |
| CVE-2024-11456 | 2024-11-21 | Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting |
| CVE-2024-11371 | 2024-11-21 | Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting |
| CVE-2024-10675 | 2024-11-21 | affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting |
| CVE-2024-52067 | 2024-11-21 | Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log |
| CVE-2024-11595 | 2024-11-21 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark |
| CVE-2024-11596 | 2024-11-21 | Buffer Over-read in Wireshark |
| CVE-2024-10792 | 2024-11-21 | Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting |
| CVE-2024-11320 | 2024-11-21 | Command Injection leading to RCE via LDAP Misconfiguration |
| CVE-2024-10316 | 2024-11-21 | Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-9542 | 2024-11-21 | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template |
| CVE-2024-7016 | 2024-11-21 | Stored XSS in Smarttek Informatics' Smart Doctor |
| CVE-2024-11587 | 2024-11-21 | idcCMS classProvCity.php GetCityOptionJs cross site scripting |
| CVE-2024-11588 | 2024-11-21 | AVL-DiTEST-DiagDev libdoip DoIPConnection.cpp reactOnReceivedTcpMessage null pointer dereference |
| CVE-2024-11589 | 2024-11-21 | itsourcecode Tailoring Management System expcatedit.php sql injection |
| CVE-2024-11590 | 2024-11-21 | 1000 Projects Bookstore Management System forget_password_process.php sql injection |
| CVE-2024-7026 | 2024-11-21 | SQLi in Teknogis Informatics' Closed Circuit Vehicle Tracking Software |
| CVE-2024-7130 | 2024-11-21 | Reflected XSS in Kion Computer's KION Exchange Programs Software |
| CVE-2024-11089 | 2024-11-21 | Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-11088 | 2024-11-21 | Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor |
| CVE-2024-11591 | 2024-11-21 | 1000 Projects Beauty Parlour Management System add-services.php sql injection |
| CVE-2024-11592 | 2024-11-21 | 1000 Projects Beauty Parlour Management System about-us.php sql injection |
| CVE-2024-21786 | 2024-11-21 | An OS command injection vulnerability exists in the web interface... |
| CVE-2024-28025 | 2024-11-21 | Three OS command injection vulnerabilities exist in the web interface... |
| CVE-2024-28026 | 2024-11-21 | Three OS command injection vulnerabilities exist in the web interface... |
| CVE-2024-28027 | 2024-11-21 | Three OS command injection vulnerabilities exist in the web interface... |
| CVE-2024-21855 | 2024-11-21 | A lack of authentication vulnerability exists in the HTTP API... |
| CVE-2024-29224 | 2024-11-21 | An OS command injection vulnerability exists in the NAT parameter... |
| CVE-2024-28892 | 2024-11-21 | An OS command injection vulnerability exists in the name parameter... |
| CVE-2024-8526 | 2024-11-21 | Automated Logic WebCTRL and Carrier i-Vu Open Redirect |
| CVE-2024-8525 | 2024-11-21 | Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload |
| CVE-2024-49529 | 2024-11-21 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2024-52803 | 2024-11-21 | LLama Factory Remote OS Command Injection Vulnerability |
| CVE-2024-52799 | 2024-11-21 | Argo Workflows Chart: Excessive Privileges in Workflow Role |
| CVE-2024-52309 | 2024-11-21 | SFTPGo allows administrators to restrict command execution from the EventManager |
| CVE-2024-52307 | 2024-11-21 | authentik allows a timing attack due to missing constant time comparison for metrics view |
| CVE-2024-52289 | 2024-11-21 | authentik has an insecure default configuration for OAuth2 Redirect URIs |
| CVE-2024-52287 | 2024-11-21 | authentik performs insufficient validation of OAuth scopes |
| CVE-2024-53089 | 2024-11-21 | LoongArch: KVM: Mark hrtimer to expire in hard interrupt context |
| CVE-2024-53090 | 2024-11-21 | afs: Fix lock recursion |
| CVE-2024-53091 | 2024-11-21 | bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx |
| CVE-2024-53092 | 2024-11-21 | virtio_pci: Fix admin vq cleanup by using correct info pointer |