CVE List - 2024 / November
Showing 201 - 300 of 4054 CVEs for November 2024 (Page 3 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-37123 | 2024-11-01 | WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability |
| CVE-2024-37119 | 2024-11-01 | WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability |
| CVE-2024-37108 | 2024-11-01 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability |
| CVE-2024-37106 | 2024-11-01 | WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability |
| CVE-2024-37096 | 2024-11-01 | WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability |
| CVE-2024-37095 | 2024-11-01 | WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability |
| CVE-2024-37249 | 2024-11-01 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability |
| CVE-2024-37250 | 2024-11-01 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability |
| CVE-2024-44038 | 2024-11-01 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability |
| CVE-2024-47302 | 2024-11-01 | WordPress Fluent Support plugin <= 1.8.0 - Broken Access Control on Email Verification vulnerability |
| CVE-2024-47311 | 2024-11-01 | WordPress Wheel of Life plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2024-47314 | 2024-11-01 | WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2024-48039 | 2024-11-01 | WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.15 - Broken Access Control vulnerability |
| CVE-2024-48044 | 2024-11-01 | WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability |
| CVE-2024-48045 | 2024-11-01 | WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability |
| CVE-2024-49256 | 2024-11-01 | WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability |
| CVE-2024-37209 | 2024-11-01 | WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-10656 | 2024-11-01 | Tongda OA 2017 apply.php sql injection |
| CVE-2024-10657 | 2024-11-01 | Tongda OA prcs_info.php sql injection |
| CVE-2024-10658 | 2024-11-01 | Tongda OA check_seal.php sql injection |
| CVE-2024-10659 | 2024-11-01 | ESAFENET CDG CDGAuthoriseTempletService.java delSystemEncryptPolicy sql injection |
| CVE-2024-10660 | 2024-11-01 | ESAFENET CDG HookService.java deleteHook sql injection |
| CVE-2024-10661 | 2024-11-01 | Tenda AC15 SetDlnaCfg stack-based overflow |
| CVE-2024-10662 | 2024-11-01 | Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-49770 | 2024-11-01 | oak's path traversal allows transfer of hidden files within the served root directory |
| CVE-2024-51483 | 2024-11-01 | changedetection.io Path Traversal vulnerability |
| CVE-2024-51492 | 2024-11-01 | Zusam vulnerable to stored XSS, allowing token theft via crafted SVG |
| CVE-2024-41738 | 2024-11-01 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-41741 | 2024-11-01 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-41745 | 2024-11-01 | IBM CICS TX Standard cross-site scripting |
| CVE-2024-41744 | 2024-11-01 | IBM CICS TX Standard cross-site request forgery |
| CVE-2024-44234 | 2024-11-01 | The issue was addressed with improved bounds checks. This issue... |
| CVE-2024-44232 | 2024-11-01 | The issue was addressed with improved bounds checks. This issue... |
| CVE-2024-44233 | 2024-11-01 | The issue was addressed with improved bounds checks. This issue... |
| CVE-2024-9191 | 2024-11-01 | The Okta Device Access features, provided by the Okta Verify... |
| CVE-2024-51774 | 2024-11-02 | qBittorrent before 5.0.1 proceeds with use of https URLs even... |
| CVE-2024-10310 | 2024-11-02 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget |
| CVE-2024-10540 | 2024-11-02 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-8739 | 2024-11-02 | ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting |
| CVE-2024-9868 | 2024-11-02 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate |
| CVE-2024-9896 | 2024-11-02 | BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-10697 | 2024-11-02 | Tenda AC6 API Endpoint WriteFacMac formWriteFacMac command injection |
| CVE-2024-10698 | 2024-11-02 | Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-10699 | 2024-11-02 | code-projects Wazifa System logincontrol.php sql injection |
| CVE-2024-10700 | 2024-11-02 | code-projects University Event Management System submit.php sql injection |
| CVE-2024-10701 | 2024-11-02 | PHPGurukul Car Rental Portal search.php cross site scripting |
| CVE-2024-10702 | 2024-11-02 | code-projects Simple Car Rental System signup.php sql injection |
| CVE-2024-10730 | 2024-11-03 | Tongda OA web_show.php sql injection |
| CVE-2024-10731 | 2024-11-03 | Tongda OA check_seal.php sql injection |
| CVE-2024-10732 | 2024-11-03 | Tongda OA 2017 index.php sql injection |
| CVE-2024-10733 | 2024-11-03 | code-projects Restaurant Order System login.php sql injection |
| CVE-2024-10734 | 2024-11-03 | Project Worlds Life Insurance Management System editPayment.php sql injection |
| CVE-2024-10735 | 2024-11-03 | Project Worlds Life Insurance Management System editNominee.php sql injection |
| CVE-2024-10736 | 2024-11-03 | Codezips Free Exam Hall Seating Management System student.php sql injection |
| CVE-2024-10737 | 2024-11-03 | Codezips Free Exam Hall Seating Management System teacher.php sql injection |
| CVE-2024-10738 | 2024-11-03 | itsourcecode Farm Management System manage-breed.php sql injection |
| CVE-2024-10739 | 2024-11-03 | code-projects E-Health Care System adminlogin.php sql injection |
| CVE-2024-10740 | 2024-11-03 | code-projects E-Health Care System consulting_detail.php sql injection |
| CVE-2024-10741 | 2024-11-03 | code-projects E-Health Care System registration.php sql injection |
| CVE-2024-10742 | 2024-11-03 | code-projects Wazifa System control.php sql injection |
| CVE-2024-10743 | 2024-11-03 | PHPGurukul Online Shopping Portal editable_ajax.php cross site scripting |
| CVE-2024-10744 | 2024-11-03 | PHPGurukul Online Shopping Portal complex_header_2.php cross site scripting |
| CVE-2024-10745 | 2024-11-03 | PHPGurukul Online Shopping Portal deferred_table.php cross site scripting |
| CVE-2024-10746 | 2024-11-03 | PHPGurukul Online Shopping Portal dom_data.php cross site scripting |
| CVE-2024-30616 | 2024-11-04 | Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via... |
| CVE-2024-30617 | 2024-11-04 | A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26... |
| CVE-2024-30618 | 2024-11-04 | A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26... |
| CVE-2024-30619 | 2024-11-04 | Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control.... |
| CVE-2024-34882 | 2024-11-04 | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24... |
| CVE-2024-34883 | 2024-11-04 | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24... |
| CVE-2024-34885 | 2024-11-04 | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24... |
| CVE-2024-34887 | 2024-11-04 | Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24... |
| CVE-2024-34891 | 2024-11-04 | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24... |
| CVE-2024-45164 | 2024-11-04 | Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security... |
| CVE-2024-45185 | 2024-11-04 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2024-45882 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability... |
| CVE-2024-45884 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... |
| CVE-2024-45885 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... |
| CVE-2024-45887 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... |
| CVE-2024-45888 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability... |
| CVE-2024-45889 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... |
| CVE-2024-45890 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This... |
| CVE-2024-45891 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... |
| CVE-2024-45893 | 2024-11-04 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... |
| CVE-2024-48050 | 2024-11-04 | In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression.... |
| CVE-2024-48052 | 2024-11-04 | In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side... |
| CVE-2024-48057 | 2024-11-04 | localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When... |
| CVE-2024-48059 | 2024-11-04 | gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting... |
| CVE-2024-48061 | 2024-11-04 | langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as... |
| CVE-2024-48336 | 2024-11-04 | The install() function of ProviderInstaller.java in Magisk App before canary... |
| CVE-2024-48463 | 2024-11-04 | Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http... |
| CVE-2024-48809 | 2024-11-04 | An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t... |
| CVE-2024-51127 | 2024-11-04 | An issue in the createTempFile method of hornetq v2.4.9 allows... |
| CVE-2024-51136 | 2024-11-04 | An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj... |
| CVE-2024-51246 | 2024-11-04 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51249 | 2024-11-04 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51251 | 2024-11-04 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51253 | 2024-11-04 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into... |
| CVE-2024-51326 | 2024-11-04 | SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows... |
| CVE-2024-51327 | 2024-11-04 | SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0... |