CVE List - 2024 / November
Showing 1601 - 1700 of 4054 CVEs for November 2024 (Page 17 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-47439 | 2024-11-12 | Substance3D - Painter | NULL Pointer Dereference (CWE-476) |
| CVE-2024-47430 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-47428 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-47431 | 2024-11-12 | Substance3D - Painter | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-47429 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-49520 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-49518 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-47436 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2024-49515 | 2024-11-12 | Substance3D - Painter | Untrusted Search Path (CWE-426) |
| CVE-2024-47437 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2024-47427 | 2024-11-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-49525 | 2024-11-12 | Substance3D - Painter | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-11110 | 2024-11-12 | Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69... |
| CVE-2024-11111 | 2024-11-12 | Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69... |
| CVE-2024-11112 | 2024-11-12 | Use after free in Media in Google Chrome on Windows... |
| CVE-2024-11113 | 2024-11-12 | Use after free in Accessibility in Google Chrome prior to... |
| CVE-2024-11114 | 2024-11-12 | Inappropriate implementation in Views in Google Chrome on Windows prior... |
| CVE-2024-11115 | 2024-11-12 | Insufficient policy enforcement in Navigation in Google Chrome on iOS... |
| CVE-2024-11116 | 2024-11-12 | Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69... |
| CVE-2024-11117 | 2024-11-12 | Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69... |
| CVE-2024-49508 | 2024-11-12 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-49507 | 2024-11-12 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-49511 | 2024-11-12 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2024-49509 | 2024-11-12 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-49512 | 2024-11-12 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2024-49510 | 2024-11-12 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2024-11168 | 2024-11-12 | Improper validation of IPv6 and IPvFuture addresses |
| CVE-2023-38920 | 2024-11-13 | Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0... |
| CVE-2024-40404 | 2024-11-13 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain... |
| CVE-2024-40405 | 2024-11-13 | Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109... |
| CVE-2024-40407 | 2024-11-13 | A full path disclosure in Cybele Software Thinfinity Workspace before... |
| CVE-2024-40408 | 2024-11-13 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain... |
| CVE-2024-40410 | 2024-11-13 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain... |
| CVE-2024-42834 | 2024-11-13 | A stored cross-site scripting (XSS) vulnerability in the Create Customer... |
| CVE-2024-45875 | 2024-11-13 | The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed... |
| CVE-2024-45876 | 2024-11-13 | The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in... |
| CVE-2024-45877 | 2024-11-13 | baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control... |
| CVE-2024-45878 | 2024-11-13 | The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in... |
| CVE-2024-45879 | 2024-11-13 | The file upload function in the "QWKalkulation" tool of baltic-it... |
| CVE-2024-48510 | 2024-11-13 | Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a... |
| CVE-2024-50852 | 2024-11-13 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command... |
| CVE-2024-50853 | 2024-11-13 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command... |
| CVE-2024-50956 | 2024-11-13 | A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN... |
| CVE-2024-50969 | 2024-11-13 | A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects... |
| CVE-2024-50970 | 2024-11-13 | A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture... |
| CVE-2024-50971 | 2024-11-13 | A SQL injection vulnerability in print.php of Itsourcecode Construction Management... |
| CVE-2024-50972 | 2024-11-13 | A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management... |
| CVE-2024-51027 | 2024-11-13 | Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in... |
| CVE-2024-40443 | 2024-11-13 | SQL Injection vulnerability in Simple Laboratory Management System using PHP... |
| CVE-2024-50854 | 2024-11-13 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack... |
| CVE-2024-50955 | 2024-11-13 | An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles... |
| CVE-2024-37376 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-39710 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and... |
| CVE-2024-32841 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-34782 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-37398 | 2024-11-13 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows... |
| CVE-2024-32847 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-34787 | 2024-11-13 | Path traversal in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-32844 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-38656 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.2 and... |
| CVE-2024-39709 | 2024-11-13 | Incorrect file permissions in Ivanti Connect Secure before version 22.6R2... |
| CVE-2024-39711 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and... |
| CVE-2024-38649 | 2024-11-13 | An out-of-bounds write in IPsec of Ivanti Connect Secure before... |
| CVE-2024-38654 | 2024-11-13 | Improper bounds checking in Ivanti Secure Access Client before version... |
| CVE-2024-32839 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-37400 | 2024-11-13 | An out of bounds read in Ivanti Connect Secure before... |
| CVE-2024-34781 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-39712 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and... |
| CVE-2024-29211 | 2024-11-13 | A race condition in Ivanti Secure Access Client before version... |
| CVE-2024-34780 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-34784 | 2024-11-13 | SQL injection in Ivanti Endpoint Manager before 2024 November Security... |
| CVE-2024-38655 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and... |
| CVE-2024-10778 | 2024-11-13 | BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10852 | 2024-11-13 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export |
| CVE-2024-9578 | 2024-11-13 | Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution |
| CVE-2024-8985 | 2024-11-13 | Social Proof (Testimonials) Slider <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via spslider-block Shortcode |
| CVE-2024-10851 | 2024-11-13 | Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting |
| CVE-2024-10887 | 2024-11-13 | NiceJob <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10577 | 2024-11-13 | Fat Rat Collect <= 2.7.3 - Reflected Cross-Site Scripting |
| CVE-2024-9614 | 2024-11-13 | Constant Contact Forms by MailMunch <= 2.1.2 - Reflected Cross-Site Scripting |
| CVE-2024-10850 | 2024-11-13 | Razorpay Payment Button for Elementor <= 1.2.5 - Reflected Cross-Site Scripting |
| CVE-2024-10038 | 2024-11-13 | WP-Strava <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-10717 | 2024-11-13 | Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license |
| CVE-2024-10853 | 2024-11-13 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion |
| CVE-2024-10854 | 2024-11-13 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import |
| CVE-2024-8874 | 2024-11-13 | AJAX Login and Registration modal popup + inline form <= 2.24 - Reflected Cross-Site Scripting |
| CVE-2024-10629 | 2024-11-13 | GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation |
| CVE-2024-9426 | 2024-11-13 | Aqua SVG Sprite <= 3.0.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10882 | 2024-11-13 | Product Delivery Date for WooCommerce - Lite <= 2.8.0 - Reflected Cross-Site Scripting |
| CVE-2024-10593 | 2024-11-13 | WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion |
| CVE-2024-10530 | 2024-11-13 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition |
| CVE-2024-10531 | 2024-11-13 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Update |
| CVE-2024-10684 | 2024-11-13 | Kognetiks Chatbot for WordPress <= 2.1.7 - Reflected Cross-Site Scripting |
| CVE-2024-11143 | 2024-11-13 | Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification |
| CVE-2024-10529 | 2024-11-13 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Deletion |
| CVE-2024-10802 | 2024-11-13 | Hash Elements <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title Exposure |
| CVE-2024-10794 | 2024-11-13 | Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10828 | 2024-11-13 | Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details |
| CVE-2024-10820 | 2024-11-13 | WooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File Upload |
| CVE-2024-10174 | 2024-11-13 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass |