CVE List - 2024 / November
Showing 3501 - 3600 of 4054 CVEs for November 2024 (Page 36 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-10869 | 2024-11-23 | GuardGiant Brute Force Protection <= 2.2.6 - Reflected Cross-Site Scripting |
| CVE-2024-11463 | 2024-11-23 | DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting |
| CVE-2024-10216 | 2024-11-23 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal |
| CVE-2024-10961 | 2024-11-23 | Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider |
| CVE-2024-9223 | 2024-11-23 | WPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-10874 | 2024-11-23 | Quotes llama <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11362 | 2024-11-23 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting |
| CVE-2024-10886 | 2024-11-23 | Tribute Testimonials – WordPress Testimonial Grid/Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10537 | 2024-11-23 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration |
| CVE-2024-10813 | 2024-11-23 | Product Table for WooCommerce by CodeAstrology (wooproducttable.com) <= 3.5.1 - Information Exposure |
| CVE-2024-11415 | 2024-11-23 | WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation |
| CVE-2024-10116 | 2024-11-23 | Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter |
| CVE-2024-10868 | 2024-11-23 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10880 | 2024-11-23 | JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting |
| CVE-2024-10873 | 2024-11-23 | LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-11408 | 2024-11-23 | Slotti Ajanvaraus <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11387 | 2024-11-23 | Easy Liveblogs <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11332 | 2024-11-23 | HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10606 | 2024-11-23 | WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2024-11426 | 2024-11-23 | AutoListicle: Automatically Update Numbered List Articles <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11361 | 2024-11-23 | PDF Invoices & Packing Slips Generator for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11188 | 2024-11-23 | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter |
| CVE-2024-11265 | 2024-11-23 | Wp Maximum Upload File Size <= 1.1.3 - Authenticated (Author+) Full Path Disclosure |
| CVE-2024-11330 | 2024-11-23 | Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting |
| CVE-2024-11446 | 2024-11-23 | Chessgame Shizzle <= 1.3.0 - Reflected Cross-Site Scripting |
| CVE-2024-9635 | 2024-11-23 | Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting |
| CVE-2024-9660 | 2024-11-23 | School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload |
| CVE-2024-10803 | 2024-11-23 | MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download |
| CVE-2024-9511 | 2024-11-23 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection |
| CVE-2024-9942 | 2024-11-23 | WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9941 | 2024-11-23 | WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-9659 | 2024-11-23 | School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-11227 | 2024-11-23 | Memberlite Shortcodes <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via memberlite_accordion Shortcode |
| CVE-2024-11199 | 2024-11-23 | Rescue Shortcodes <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rescue_progressbar Shortcode |
| CVE-2024-10519 | 2024-11-23 | Wishlist for WooCommerce: Multi Wishlists Per Customer PRO 3.0.8 - 3.1.2 - Reflected Cross-Site Scripting via wtab Parameter |
| CVE-2024-11034 | 2024-11-23 | Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form |
| CVE-2024-11231 | 2024-11-23 | 우커머스 네이버페이 <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via mnp_purchase Shortcode |
| CVE-2024-11631 | 2024-11-23 | itsourcecode Tailoring Management System expedit.php sql injection |
| CVE-2024-11229 | 2024-11-23 | 코드엠샵 소셜톡 <= 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via add_plus_friends and add_plus_talk Shortcodes |
| CVE-2024-11228 | 2024-11-23 | 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode |
| CVE-2023-7299 | 2024-11-23 | DataGear resolveSql sql injection |
| CVE-2024-11632 | 2024-11-23 | code-projects Simple Car Rental System book_car.php sql injection |
| CVE-2024-35160 | 2024-11-23 | IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure |
| CVE-2024-53899 | 2024-11-24 | virtualenv before 20.26.6 allows command injection through the activation scripts... |
| CVE-2024-53901 | 2024-11-24 | The Imager package before 1.025 for Perl has a heap-based... |
| CVE-2024-53909 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53910 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53911 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53912 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53913 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53914 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53915 | 2024-11-24 | An issue was discovered in the server in Veritas Enterprise... |
| CVE-2024-53916 | 2024-11-24 | In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect... |
| CVE-2024-11236 | 2024-11-24 | Integer overflow in the firebird and dblib quoters causing OOB writes |
| CVE-2024-11234 | 2024-11-24 | Configuring a proxy in a stream context might allow for CRLF injection in URIs |
| CVE-2024-11233 | 2024-11-24 | Single byte overread with convert.quoted-printable-decode filter |
| CVE-2024-11665 | 2024-11-24 | Unauthenticated Remote Command Injection |
| CVE-2024-11666 | 2024-11-24 | Unauthenticated Remote Command Injection in eCharge Salia PLCC |
| CVE-2024-11646 | 2024-11-24 | 1000 Projects Beauty Parlour Management System edit-services.php sql injection |
| CVE-2024-45755 | 2024-11-25 | An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0,... |
| CVE-2024-45756 | 2024-11-25 | An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0,... |
| CVE-2024-50671 | 2024-11-25 | Incorrect access control in Adapt Learning Adapt Authoring Tool <=... |
| CVE-2024-50672 | 2024-11-25 | A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool... |
| CVE-2024-52787 | 2024-11-25 | An issue in the upload_documents method of libre-chat v0.0.6 allows... |
| CVE-2024-53554 | 2024-11-25 | A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum... |
| CVE-2024-53556 | 2024-11-25 | An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to... |
| CVE-2024-53597 | 2024-11-25 | masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-53599 | 2024-11-25 | A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of... |
| CVE-2024-53930 | 2024-11-25 | WikiDocs before 1.0.65 allows stored XSS by authenticated users via... |
| CVE-2024-11647 | 2024-11-25 | 1000 Projects Beauty Parlour Management System view-appointment.php sql injection |
| CVE-2024-11648 | 2024-11-25 | 1000 Projects Beauty Parlour Management System add-customer.php sql injection |
| CVE-2024-11649 | 2024-11-25 | 1000 Projects Beauty Parlour Management System search-appointment.php sql injection |
| CVE-2024-11650 | 2024-11-25 | Tenda i9 GetIPTV websReadEvent null pointer dereference |
| CVE-2024-11651 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT wifi_schedule command injection |
| CVE-2024-11652 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT sn_https command injection |
| CVE-2024-11653 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_traceroute command injection |
| CVE-2024-11483 | 2024-11-25 | Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5 |
| CVE-2024-11654 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_traceroute6 command injection |
| CVE-2024-11655 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_pinginterface command injection |
| CVE-2024-11656 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_ping6 command injection |
| CVE-2024-11657 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_nslookup command injection |
| CVE-2024-10709 | 2024-11-25 | YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-10710 | 2024-11-25 | YaDisk Files <= 1.2.5 - Admin+ Stored XSS |
| CVE-2024-6393 | 2024-11-25 | NextGEN Gallery < 3.59.5 - Admin+ Stored XSS |
| CVE-2024-7056 | 2024-11-25 | WPForms < 1.9.1.6 - Admin+ Stored XSS |
| CVE-2024-11658 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT ajax_getChannelList command injection |
| CVE-2024-6538 | 2024-11-25 | Openshift-console: openshift console: server-side request forgery |
| CVE-2024-11659 | 2024-11-25 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection |
| CVE-2024-11660 | 2024-11-25 | code-projects Farmacia usuario.php cross site scripting |
| CVE-2024-9666 | 2024-11-25 | Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability |
| CVE-2024-11661 | 2024-11-25 | Codezips Free Exam Hall Seating Management System Profile Image profile.php unrestricted upload |
| CVE-2024-10270 | 2024-11-25 | Org.keycloak:keycloak-services: keycloak denial of service |
| CVE-2024-10451 | 2024-11-25 | Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process |
| CVE-2024-10492 | 2024-11-25 | Keycloak-quarkus-server: keycloak path trasversal |
| CVE-2024-11662 | 2024-11-25 | welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization |
| CVE-2024-11663 | 2024-11-25 | Codezips E-Commerce Site search.php sql injection |
| CVE-2021-23282 | 2024-11-25 | Stored Cross-site Scripting reported in Intelligent Power Manager v1 |
| CVE-2022-33861 | 2024-11-25 | Insufficient verification of authenticity in IPP |
| CVE-2022-33862 | 2024-11-25 | Improper access control mechanism in IPP |
| CVE-2024-11664 | 2024-11-25 | eNMS TGZ File controller.py multiselect_filtering path traversal |