CVE List - 2024 / November
Showing 2901 - 3000 of 4054 CVEs for November 2024 (Page 30 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9239 | 2024-11-20 | Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting |
| CVE-2024-10899 | 2024-11-20 | WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting |
| CVE-2024-10855 | 2024-11-20 | Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion |
| CVE-2024-10365 | 2024-11-20 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-52033 | 2024-11-20 | Exposure of sensitive system information to an unauthorized control sphere... |
| CVE-2024-48895 | 2024-11-20 | Improper neutralization of special elements used in an OS command... |
| CVE-2024-47865 | 2024-11-20 | Missing authentication for critical function vulnerability exists in Rakuten Turbo... |
| CVE-2024-11176 | 2024-11-20 | Incorrect calculation of effective permissions in M-Files Aino |
| CVE-2024-10127 | 2024-11-20 | Support for authentication bypass condition in M-Files LDAP authentication |
| CVE-2024-10126 | 2024-11-20 | Local file inclusion vulnerability in M-Files Server |
| CVE-2024-10665 | 2024-11-20 | Yaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/Deletion |
| CVE-2024-10891 | 2024-11-20 | Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11179 | 2024-11-20 | MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-11494 | 2024-11-20 | **UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel... |
| CVE-2024-10382 | 2024-11-20 | Arbitrary Code execution in Car App Android Jetpack Library |
| CVE-2024-45689 | 2024-11-20 | Moodle: unprotected access to sensitive information via dynamic tables |
| CVE-2024-45690 | 2024-11-20 | Moodle: idor when deleting oauth2 linked accounts |
| CVE-2024-45691 | 2024-11-20 | Moodle: lesson activity password bypass through php loose comparison |
| CVE-2024-48899 | 2024-11-20 | Moodle: idor when accessing list of course badges |
| CVE-2024-10872 | 2024-11-20 | Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-52447 | 2024-11-20 | WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability |
| CVE-2024-52444 | 2024-11-20 | WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-52446 | 2024-11-20 | WordPress Buying Buddy IDX CRM plugin <= 1.1.12 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52445 | 2024-11-20 | WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.3 - PHP Object Injection vulnerability |
| CVE-2024-52443 | 2024-11-20 | WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability |
| CVE-2024-52441 | 2024-11-20 | WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability |
| CVE-2024-52440 | 2024-11-20 | WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability |
| CVE-2024-52439 | 2024-11-20 | WordPress Team Rosters plugin <= 4.6 - PHP Object Injection vulnerability |
| CVE-2024-52450 | 2024-11-20 | WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2024-52449 | 2024-11-20 | WordPress WordPress Bootscraper plugin <= 2.1.0 - Local File Inclusion vulnerability |
| CVE-2024-10520 | 2024-11-20 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion |
| CVE-2024-52448 | 2024-11-20 | WordPress Ultimate Classified Listings plugin <= 1.4 - Local File Inclusion vulnerability |
| CVE-2024-52451 | 2024-11-20 | WordPress Post Ideas plugin <= 2 - CSRF to SQL Injection vulnerability |
| CVE-2024-11404 | 2024-11-20 | File Upload Bypass in django Filer |
| CVE-2024-52442 | 2024-11-20 | WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability |
| CVE-2024-52438 | 2024-11-20 | WordPress de:branding plugin <= 1.0.2 - Privilege Escalation vulnerability |
| CVE-2024-11406 | 2024-11-20 | Stored XSS in django CMS Attributes Fields |
| CVE-2024-52437 | 2024-11-20 | WordPress Banner System plugin <= 1.0.0 - Privilege Escalation vulnerability |
| CVE-2024-11495 | 2024-11-20 | Buffer overflow in OllyDbg |
| CVE-2024-9478 | 2024-11-20 | Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... |
| CVE-2024-9479 | 2024-11-20 | Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... |
| CVE-2024-10913 | 2024-11-20 | Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace' |
| CVE-2024-11154 | 2024-11-20 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-52597 | 2024-11-20 | 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render |
| CVE-2024-52598 | 2024-11-20 | 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview |
| CVE-2024-52473 | 2024-11-20 | WordPress HTML5 Lyrics Karaoke Player plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52472 | 2024-11-20 | WordPress Weather Atlas Widget plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52471 | 2024-11-20 | WordPress Extensions for Elementor plugin <= 2.0.37 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52470 | 2024-11-20 | WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10094 | 2024-11-20 | Pega Platform versions 6.x to Infinity 24.1.1 are affected by... |
| CVE-2024-11484 | 2024-11-20 | Code4Berry Decoration Management System User Image update_image.php access control |
| CVE-2024-11485 | 2024-11-20 | Code4Berry Decoration Management System User userregister.php permission |
| CVE-2024-11486 | 2024-11-20 | Code4Berry Decoration Management System User Permission user_permission.php |
| CVE-2024-11487 | 2024-11-20 | Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection |
| CVE-2024-52796 | 2024-11-20 | Password Pusher's rate limiter can be bypassed by forging proxy headers |
| CVE-2024-11488 | 2024-11-20 | 115cms web_user.html cross site scripting |
| CVE-2024-11489 | 2024-11-20 | 115cms file.html cross site scripting |
| CVE-2018-9468 | 2024-11-20 | In query of DownloadManager.java, there is a possible read/write of... |
| CVE-2018-9469 | 2024-11-20 | In multiple functions of ShortcutService.java, there is a possible creation... |
| CVE-2024-11490 | 2024-11-20 | 115cms set.html cross site scripting |
| CVE-2024-11491 | 2024-11-20 | 115cms useradmin.html cross site scripting |
| CVE-2018-9470 | 2024-11-20 | In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write... |
| CVE-2018-9471 | 2024-11-20 | In the deserialization constructor of NanoAppFilter.java, there is a possible... |
| CVE-2018-9472 | 2024-11-20 | In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write... |
| CVE-2018-9474 | 2024-11-20 | In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch... |
| CVE-2018-9475 | 2024-11-20 | In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of... |
| CVE-2018-9477 | 2024-11-20 | In the development options section of the Settings app, there... |
| CVE-2018-9478 | 2024-11-20 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out... |
| CVE-2024-11492 | 2024-11-20 | 115cms appurladd.html cross site scripting |
| CVE-2024-11493 | 2024-11-20 | 115cms pageAE.html cross site scripting |
| CVE-2018-9479 | 2024-11-20 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out... |
| CVE-2018-9480 | 2024-11-20 | In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read... |
| CVE-2018-9481 | 2024-11-20 | In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read... |
| CVE-2018-9482 | 2024-11-20 | In intr_data_copy_cb of btif_hd.cc, there is a possible out of... |
| CVE-2018-9483 | 2024-11-20 | In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of... |
| CVE-2018-9484 | 2024-11-20 | In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of... |
| CVE-2018-9485 | 2024-11-20 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of... |
| CVE-2018-9486 | 2024-11-20 | In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of... |
| CVE-2018-9487 | 2024-11-20 | In setVpnForcedLocked of Vpn.java, there is a possible blocking of... |
| CVE-2024-52581 | 2024-11-20 | Litestar allows unbounded resource consumption (DoS vulnerability) |
| CVE-2024-9875 | 2024-11-20 | Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0... |
| CVE-2024-30896 | 2024-11-21 | InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token... |
| CVE-2024-45194 | 2024-11-21 | In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in... |
| CVE-2024-45512 | 2024-11-21 | An issue was discovered in webmail in Zimbra Collaboration (ZCS)... |
| CVE-2024-45513 | 2024-11-21 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1.... |
| CVE-2024-45514 | 2024-11-21 | An issue was discovered in Zimbra Collaboration (ZCS) through v10.1.... |
| CVE-2024-45517 | 2024-11-21 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1.... |
| CVE-2024-48286 | 2024-11-21 | Linksys E3000 1.0.06.002_US is vulnerable to command injection via the... |
| CVE-2024-48747 | 2024-11-21 | An issue in alist-tvbox v1.7.1 allows a remote attacker to... |
| CVE-2024-51337 | 2024-11-21 | Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed... |
| CVE-2024-51364 | 2024-11-21 | An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers... |
| CVE-2024-51366 | 2024-11-21 | An arbitrary file upload vulnerability in the component \Roaming\Omega of... |
| CVE-2024-51367 | 2024-11-21 | An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of... |
| CVE-2024-53333 | 2024-11-21 | TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion... |
| CVE-2024-53334 | 2024-11-21 | TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. |
| CVE-2024-53335 | 2024-11-21 | TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi. |
| CVE-2024-53425 | 2024-11-21 | A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in... |
| CVE-2024-53426 | 2024-11-21 | A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in... |
| CVE-2024-53429 | 2024-11-21 | Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which... |
| CVE-2024-53432 | 2024-11-21 | While parsing certain malformed PLY files, PCL version 1.14.1 crashes... |