CVE List - 2024 / November
Showing 2201 - 2300 of 4054 CVEs for November 2024 (Page 23 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45608 | 2024-11-15 | GLPI has an Authenticated SQL Injection |
| CVE-2024-10934 | 2024-11-15 | OpenBSD NFS double-free vulnerability |
| CVE-2024-11256 | 2024-11-15 | 1000 Projects Portfolio Management System MCA login.php sql injection |
| CVE-2024-11257 | 2024-11-15 | 1000 Projects Beauty Parlour Management System forgot-password.php sql injection |
| CVE-2024-49536 | 2024-11-15 | Audition | Out-of-bounds Read (CWE-125) |
| CVE-2024-3334 | 2024-11-15 | USB Security Feature Bypass in Digital Guardian Windows Agent Prior to version 8.2.0 |
| CVE-2024-11258 | 2024-11-15 | 1000 Projects Beauty Parlour Management System index.php sql injection |
| CVE-2024-11259 | 2024-11-15 | code-projects Farmacia fornecedores.php cross site scripting |
| CVE-2024-45609 | 2024-11-15 | GLPI has a Reflected XSS in /front/stat.graph.php |
| CVE-2024-45610 | 2024-11-15 | GLPI has a reflected XSS in ajax/cable.php |
| CVE-2024-45611 | 2024-11-15 | GLPI has a stored XSS at src/RSSFeed.php |
| CVE-2024-49060 | 2024-11-15 | Azure Stack HCI Elevation of Privilege Vulnerability |
| CVE-2024-11217 | 2024-11-15 | Oauth-server-container: oauth-server-container logs client secret in debug level |
| CVE-2017-13309 | 2024-11-15 | In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak... |
| CVE-2024-38370 | 2024-11-15 | GLPI allows API document download without rights |
| CVE-2024-9500 | 2024-11-15 | Autodesk ADP Desktop SDK Privilege Escalation Vulnerability |
| CVE-2024-51764 | 2024-11-15 | A security vulnerability has been identified in HPE Data Management... |
| CVE-2017-13310 | 2024-11-15 | In createFromParcel of ViewPager.java, there is a possible read/write serialization... |
| CVE-2024-51765 | 2024-11-15 | A security vulnerability has been identified in HPE Cray Data... |
| CVE-2017-13311 | 2024-11-15 | In the read() function of ProcessStats.java, there is a possible... |
| CVE-2017-13312 | 2024-11-15 | In createFromParcel of MediaCas.java, there is a possible parcel read/write... |
| CVE-2017-13314 | 2024-11-15 | In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings... |
| CVE-2024-11261 | 2024-11-15 | SourceCodester Student Record Management System Number of Students Menu StudentRecordManagementSystem.cpp memory corruption |
| CVE-2017-13313 | 2024-11-15 | In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop... |
| CVE-2024-11262 | 2024-11-15 | SourceCodester Student Record Management System View All Student Marks main stack-based overflow |
| CVE-2024-11263 | 2024-11-15 | arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y |
| CVE-2024-10795 | 2024-11-16 | Popularis Extra <= 1.2.7 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10861 | 2024-11-16 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update |
| CVE-2024-10786 | 2024-11-16 | Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing |
| CVE-2024-10883 | 2024-11-16 | SimpleForm – Contact form made simple <= 2.2.0 - Reflected Cross-Site Scripting |
| CVE-2024-10884 | 2024-11-16 | SimpleForm Contact Form Submissions <= 2.1.0 - Reflected Cross-Site Scripting |
| CVE-2024-9849 | 2024-11-16 | 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 4.6 - Authenticated (Author+) Arbitrary File Upload |
| CVE-2024-10017 | 2024-11-16 | PJW Mime Config <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9192 | 2024-11-16 | WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update |
| CVE-2024-9935 | 2024-11-16 | PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download |
| CVE-2024-11118 | 2024-11-16 | 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function |
| CVE-2024-10875 | 2024-11-16 | Gallery Manager <= 1.6.58 - Reflected Cross-Site Scripting |
| CVE-2024-11092 | 2024-11-16 | SVGPlus <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9386 | 2024-11-16 | Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10147 | 2024-11-16 | Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode |
| CVE-2024-9615 | 2024-11-16 | BulkPress <= 0.3.5 - Reflected Cross-Site Scripting |
| CVE-2024-10015 | 2024-11-16 | ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter |
| CVE-2024-6628 | 2024-11-16 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request Forgery |
| CVE-2024-9938 | 2024-11-16 | Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting |
| CVE-2024-9850 | 2024-11-16 | SVG Case Study <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8873 | 2024-11-16 | PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting |
| CVE-2024-11085 | 2024-11-16 | WP Log Viewer <= 1.2.1 - Missing Authorization |
| CVE-2024-9839 | 2024-11-16 | Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-10262 | 2024-11-16 | Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-10533 | 2024-11-16 | WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-10728 | 2024-11-16 | PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation |
| CVE-2024-8856 | 2024-11-16 | Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload |
| CVE-2024-10614 | 2024-11-16 | Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation |
| CVE-2024-10645 | 2024-11-16 | Blogger 301 Redirect <= 2.5.3 - Unauthenticated SQL Injection via br |
| CVE-2024-9887 | 2024-11-16 | Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection |
| CVE-2024-10592 | 2024-11-16 | Mapster WP Maps <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11094 | 2024-11-16 | 404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure |
| CVE-2024-52416 | 2024-11-16 | WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability |
| CVE-2024-52415 | 2024-11-16 | WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52386 | 2024-11-16 | WordPress Classified Listing plugin <= 3.1.15.1 - Local File Inclusion vulnerability |
| CVE-2024-52414 | 2024-11-16 | WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability |
| CVE-2024-52413 | 2024-11-16 | WordPress Airin Blog theme <= 1.6.1 - PHP Object Injection vulnerability |
| CVE-2024-52412 | 2024-11-16 | WordPress Xin theme <= 1.0.8.1 - PHP Object Injection vulnerability |
| CVE-2024-52411 | 2024-11-16 | WordPress Advanced Personalization plugin <= 1.1.2 - PHP Object Injection vulnerability |
| CVE-2024-52410 | 2024-11-16 | WordPress Referrer Detector plugin <= 4.2.1.0 - PHP Object Injection vulnerability |
| CVE-2024-52409 | 2024-11-16 | WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability |
| CVE-2024-52408 | 2024-11-16 | WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability |
| CVE-2024-52407 | 2024-11-16 | WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-52406 | 2024-11-16 | WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability |
| CVE-2024-52405 | 2024-11-16 | WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52404 | 2024-11-16 | WordPress CF7 Reply Manager plugin <= 1.2.3 - Arbitrary File Upload vulnerability |
| CVE-2024-52403 | 2024-11-16 | WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52400 | 2024-11-16 | WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability |
| CVE-2024-52399 | 2024-11-16 | WordPress Writer Helper plugin <= 3.1.6 - Arbitrary File Upload vulnerability |
| CVE-2024-52398 | 2024-11-16 | WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability |
| CVE-2024-52397 | 2024-11-16 | WordPress Convert Docx2post plugin <= 1.4 - Arbitrary File Upload vulnerability |
| CVE-2024-52867 | 2024-11-17 | guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because... |
| CVE-2024-52871 | 2024-11-17 | In Flagsmith before 2.134.1, it is possible to bypass the... |
| CVE-2024-52872 | 2024-11-17 | In Flagsmith before 2.134.1, the get_document endpoint is not correctly... |
| CVE-2024-52876 | 2024-11-17 | Holy Stone Remote ID Module HSRID01, firmware distributed with the... |
| CVE-2020-25720 | 2024-11-17 | Samba: check attribute access rights for ldap adds of computers |
| CVE-2023-0657 | 2024-11-17 | Keycloak: impersonation via logout token exchange |
| CVE-2023-1419 | 2024-11-17 | Debezium: script injection via connector parameter |
| CVE-2023-4639 | 2024-11-17 | Undertow: cookie smuggling/spoofing |
| CVE-2023-6110 | 2024-11-17 | Openstack: deleting a non existing access rule deletes another existing access rule in it's scope |
| CVE-2024-0793 | 2024-11-17 | Kube-controller-manager: malformed hpa v1 manifest causes crash |
| CVE-2023-43091 | 2024-11-17 | Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json |
| CVE-2015-20111 | 2024-11-18 | miniupnp before 4c90b87, as used in Bitcoin Core before 0.12... |
| CVE-2019-25220 | 2024-11-18 | Bitcoin Core before 24.0.1 allows remote attackers to cause a... |
| CVE-2023-49952 | 2024-11-18 | Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a... |
| CVE-2024-28058 | 2024-11-18 | In RSA NetWitness (NW) Platform before 12.5.1, even when an... |
| CVE-2024-33231 | 2024-11-18 | Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows... |
| CVE-2024-44757 | 2024-11-18 | An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of... |
| CVE-2024-48292 | 2024-11-18 | An issue in the wssrvc.exe service of QuickHeal Antivirus Pro... |
| CVE-2024-48293 | 2024-11-18 | Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier... |
| CVE-2024-48294 | 2024-11-18 | A NULL pointer dereference in the component libPdfCore.dll of Wondershare... |
| CVE-2024-50804 | 2024-11-18 | Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0... |
| CVE-2024-50848 | 2024-11-18 | An XML External Entity (XXE) vulnerability in the Import object... |
| CVE-2024-50849 | 2024-11-18 | A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality... |
| CVE-2024-50919 | 2024-11-18 | Jpress until v5.1.1 has arbitrary file uploads on the windows... |