CVE List - 2024 / November
Showing 3901 - 4000 of 4054 CVEs for November 2024 (Page 40 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-49503 | 2024-11-28 | Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web |
| CVE-2024-49502 | 2024-11-28 | Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web |
| CVE-2024-22038 | 2024-11-28 | DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge |
| CVE-2024-11599 | 2024-11-28 | Domain Restriction Bypass on Registration |
| CVE-2024-22037 | 2024-11-28 | Database password leaked by systemd uyuni-server-attestation service |
| CVE-2024-11103 | 2024-11-28 | Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover |
| CVE-2024-10798 | 2024-11-28 | Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10670 | 2024-11-28 | Primary Addon for Elementor <= 1.6.2 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-8672 | 2024-11-28 | Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution |
| CVE-2024-10780 | 2024-11-28 | Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11082 | 2024-11-28 | Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function |
| CVE-2024-8308 | 2024-11-28 | Siempelkamp: SQL injection due to improper handling of HTTP request input data |
| CVE-2024-52475 | 2024-11-28 | WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability |
| CVE-2024-11620 | 2024-11-28 | WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability |
| CVE-2024-52481 | 2024-11-28 | WordPress Jobify theme <= 4.2.3 - Unauthenticated Arbitrary File Read vulnerability |
| CVE-2024-52501 | 2024-11-28 | WordPress Office Locator plugin <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2024-52499 | 2024-11-28 | WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-52498 | 2024-11-28 | WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-52497 | 2024-11-28 | WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability |
| CVE-2024-52496 | 2024-11-28 | WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2024-52490 | 2024-11-28 | WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52495 | 2024-11-28 | WordPress Distance Based Shipping Calculator plugin <= 2.0.21 - SQL Injection vulnerability |
| CVE-2024-52474 | 2024-11-28 | WordPress Express Payments plugin <= 1.1.8 - SQL Injection vulnerability |
| CVE-2024-53737 | 2024-11-28 | WordPress WP Mailster plugin <= 1.8.16.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-11402 | 2024-11-28 | WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53736 | 2024-11-28 | WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53734 | 2024-11-28 | WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53733 | 2024-11-28 | WordPress Fence URL plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53732 | 2024-11-28 | WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53731 | 2024-11-28 | WordPress Fintelligence Calculator plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-7747 | 2024-11-28 | Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types |
| CVE-2024-11959 | 2024-11-28 | D-Link DIR-605L formResetStatistic buffer overflow |
| CVE-2024-11960 | 2024-11-28 | D-Link DIR-605L formSetPortTr buffer overflow |
| CVE-2024-11961 | 2024-11-28 | Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure |
| CVE-2023-52922 | 2024-11-28 | can: bcm: Fix UAF in bcm_proc_show() |
| CVE-2024-11962 | 2024-11-28 | code-projects Simple Car Rental System login.php sql injection |
| CVE-2024-11963 | 2024-11-28 | code-projects Responsive Hotel Site room.php sql injection |
| CVE-2024-11969 | 2024-11-28 | Incorrect default permissions in Cradlepoint NetCloud Exchange |
| CVE-2024-52338 | 2024-11-28 | Apache Arrow R package: Arbitrary code execution when loading a malicious data file |
| CVE-2024-11964 | 2024-11-28 | PHPGurukul Complaint Management system index.php sql injection |
| CVE-2024-11965 | 2024-11-28 | PHPGurukul Complaint Management system reset-password.php sql injection |
| CVE-2024-11966 | 2024-11-28 | PHPGurukul Complaint Management system index.php sql injection |
| CVE-2024-11967 | 2024-11-28 | PHPGurukul Complaint Management system reset-password.php sql injection |
| CVE-2024-11968 | 2024-11-28 | code-projects Farmacia pagamento.php sql injection |
| CVE-2024-11970 | 2024-11-28 | code-projects Concert Ticket Ordering System tour(cor).php sql injection |
| CVE-2024-11971 | 2024-11-28 | Guizhou Xiaoma Technology jpress Avatar upload cross site scripting |
| CVE-2024-8299 | 2024-11-28 | Malicious Code Execution Vulnerability in GENESIS64 and MC Works64 |
| CVE-2024-8300 | 2024-11-28 | Malicious Code Execution Vulnerability in GENESIS64 |
| CVE-2024-9852 | 2024-11-28 | Malicious Code Execution Vulnerability in GENESIS64 and MC Works64 |
| CVE-2024-35366 | 2024-11-29 | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the... |
| CVE-2024-35367 | 2024-11-29 | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const... |
| CVE-2024-35368 | 2024-11-29 | FFmpeg n7.0 is affected by a Double Free via the... |
| CVE-2024-35369 | 2024-11-29 | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a... |
| CVE-2024-35371 | 2024-11-29 | Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The... |
| CVE-2024-35451 | 2024-11-29 | LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. |
| CVE-2024-36611 | 2024-11-29 | In Symfony v7.07, a security vulnerability was identified in the... |
| CVE-2024-36612 | 2024-11-29 | Zulip from 8.0 to 8.3 contains a memory leak vulnerability... |
| CVE-2024-36615 | 2024-11-29 | FFmpeg n7.0 has a race condition vulnerability in the VP9... |
| CVE-2024-36616 | 2024-11-29 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1... |
| CVE-2024-36617 | 2024-11-29 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg... |
| CVE-2024-36618 | 2024-11-29 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of... |
| CVE-2024-36619 | 2024-11-29 | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of... |
| CVE-2024-36620 | 2024-11-29 | moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference... |
| CVE-2024-36621 | 2024-11-29 | moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go.... |
| CVE-2024-36622 | 2024-11-29 | In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability... |
| CVE-2024-36624 | 2024-11-29 | Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-36625 | 2024-11-29 | Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-36626 | 2024-11-29 | In prestashop 8.1.4, a NULL pointer dereference was identified in... |
| CVE-2024-36671 | 2024-11-29 | nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow... |
| CVE-2024-39162 | 2024-11-29 | pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only... |
| CVE-2024-45495 | 2024-11-29 | MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. |
| CVE-2024-47193 | 2024-11-29 | WithSecure Elements Agent for Mac before 24.3, MDR before 24.3,... |
| CVE-2024-48406 | 2024-11-29 | Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed... |
| CVE-2024-52777 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are... |
| CVE-2024-52778 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... |
| CVE-2024-52779 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... |
| CVE-2024-52780 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... |
| CVE-2024-52781 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... |
| CVE-2024-52782 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... |
| CVE-2024-53504 | 2024-11-29 | A SQL injection vulnerability has been identified in Siyuan 3.1.11... |
| CVE-2024-53505 | 2024-11-29 | A SQL injection vulnerability has been identified in Siyuan 3.1.11... |
| CVE-2024-53506 | 2024-11-29 | A SQL injection vulnerability has been identified in Siyuan 3.1.11... |
| CVE-2024-53507 | 2024-11-29 | A SQL injection vulnerability was discovered in Siyuan 3.1.11 in... |
| CVE-2024-53623 | 2024-11-29 | Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7... |
| CVE-2024-54123 | 2024-11-29 | Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS... |
| CVE-2024-54124 | 2024-11-29 | In Click Studios Passwordstate before build 9920, there is a... |
| CVE-2024-54159 | 2024-11-29 | stalld through 1.19.7 allows local users to cause a denial... |
| CVE-2024-36623 | 2024-11-29 | moby through v25.0.3 has a Race Condition vulnerability in the... |
| CVE-2024-48651 | 2024-11-29 | In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants... |
| CVE-2024-11978 | 2024-11-29 | Interinfo DreamMaker - Arbitrary File Reading through Path Traversal |
| CVE-2024-11979 | 2024-11-29 | Interinfo DreamMaker - Unrestricted File Upload through Path Traversal |
| CVE-2024-53701 | 2024-11-29 | Multiple FCNT Android devices provide the original security features such... |
| CVE-2024-10704 | 2024-11-29 | Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS |
| CVE-2024-10980 | 2024-11-29 | Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS |
| CVE-2024-11980 | 2024-11-29 | Billion Electric router - Missing Authentication |
| CVE-2024-11981 | 2024-11-29 | Billion Electric router - Authentication Bypass |
| CVE-2024-11982 | 2024-11-29 | Billion Electric router - Plaintext Storage of a Password |
| CVE-2024-11983 | 2024-11-29 | Billion Electric router - OS Command Injection |
| CVE-2024-11481 | 2024-11-29 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the... |
| CVE-2024-11482 | 2024-11-29 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the... |