CVE List - 2024 / November

Showing 601 - 700 of 4054 CVEs for November 2024 (Page 7 of 41)

Back to List Previous Next

CVE ID	Date	Title
CVE-2024-49377	2024-11-05	Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint
CVE-2024-49772	2024-11-05	Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM
CVE-2024-49773	2024-11-05	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
CVE-2024-49774	2024-11-05	ModuleScanner flaws in SuiteCRM
CVE-2024-0134	2024-11-05	NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain...
CVE-2024-50332	2024-11-05	Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM
CVE-2024-50333	2024-11-05	RCE in ModuleBuilder in SuiteCRM
CVE-2024-50335	2024-11-05	Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM
CVE-2024-51735	2024-11-05	Stored Cross-site Scripting to RCE on Osmedeus Web Server
CVE-2024-51746	2024-11-05	Use of incorrect Rekor entries during verification in gitsign
CVE-2024-51753	2024-11-05	Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix
CVE-2024-51752	2024-11-05	Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs
CVE-2024-7995	2024-11-05	Autodesk VRED Design Privilege Escalation Vulnerability
CVE-2024-51745	2024-11-05	Wasmtime doesn't fully sandbox all the Windows device filenames
CVE-2024-10084	2024-11-05	Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode
CVE-2024-51756	2024-11-05	cap-std doesn't fully sandbox all the Windows device filenames
CVE-2024-42509	2024-11-05	Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
CVE-2024-47460	2024-11-05	Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
CVE-2024-47461	2024-11-05	Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
CVE-2024-47462	2024-11-05	Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
CVE-2024-47463	2024-11-05	Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
CVE-2024-47464	2024-11-05	Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files
CVE-2024-10028	2024-11-05	Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log
CVE-2024-48325	2024-11-06	Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the...
CVE-2024-50637	2024-11-06	UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting...
CVE-2024-51409	2024-11-06	Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote...
CVE-2024-10647	2024-11-06	WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL
CVE-2024-34673	2024-11-06	Improper Input Validation in IpcProtocol in Modem prior to SMR...
CVE-2024-34674	2024-11-06	Improper access control in Contacts prior to SMR Nov-2024 Release...
CVE-2024-34675	2024-11-06	Improper access control in Dex Mode prior to SMR Nov-2024...
CVE-2024-34676	2024-11-06	Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to...
CVE-2024-34677	2024-11-06	Exposure of sensitive information in System UI prior to SMR...
CVE-2024-34678	2024-11-06	Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1...
CVE-2024-34679	2024-11-06	Incorrect default permissions in Crane prior to SMR Nov-2024 Release...
CVE-2024-34680	2024-11-06	Use of implicit intent for sensitive communication in WlanTest prior...
CVE-2024-34681	2024-11-06	Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release...
CVE-2024-34682	2024-11-06	Improper authorization in Settings prior to SMR Nov-2024 Release 1...
CVE-2024-49401	2024-11-06	Improper input validation in Settings Suggestions prior to SMR Nov-2024...
CVE-2024-49402	2024-11-06	Improper input validation in Dressroom prior to SMR Nov-2024 Release...
CVE-2024-49403	2024-11-06	Improper access control in Samsung Voice Recorder prior to version...
CVE-2024-49404	2024-11-06	Improper Access Control in Samsung Video Player prior to versions...
CVE-2024-49405	2024-11-06	Improper authentication in Private Info in Samsung Pass in prior...
CVE-2024-49406	2024-11-06	Improper validation of integrity check value in Blockchain Keystore prior...
CVE-2024-49407	2024-11-06	Improper access control in Samsung Flow prior to version 4.9.15.7...
CVE-2024-49408	2024-11-06	Out-of-bounds write in usb driver prior to Firmware update Sep-2024...
CVE-2024-49409	2024-11-06	Out-of-bounds write in Battery Full Capacity node prior to Firmware...
CVE-2024-7879	2024-11-06	WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets
CVE-2024-9934	2024-11-06	Wp-ImageZoom <= 1.1.0 - Reflected XSS
CVE-2024-9307	2024-11-06	mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files
CVE-2024-10535	2024-11-06	Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion
CVE-2024-10020	2024-11-06	Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider
CVE-2024-10543	2024-11-06	Tumult Hype Animations <= 1.9.14 - Missing Authorization
CVE-2024-9946	2024-11-06	Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider
CVE-2024-6626	2024-11-06	EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization
CVE-2024-9681	2024-11-06	HSTS subdomain overwrites parent cache entry
CVE-2024-52043	2024-11-06	User enumeration in HubHub
CVE-2024-8614	2024-11-06	WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-8615	2024-11-06	WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
CVE-2024-9902	2024-11-06	Ansible-core: ansible-core user may read/write unauthorized content
CVE-2024-10715	2024-11-06	MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block
CVE-2024-10168	2024-11-06	Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode
CVE-2024-8323	2024-11-06	Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute
CVE-2024-10186	2024-11-06	Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode
CVE-2024-10914	2024-11-06	D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
CVE-2024-10915	2024-11-06	D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
CVE-2020-11859	2024-11-06	Potential Cross Site Scripting vulnerability in OpenText iManager
CVE-2024-35146	2024-11-06	IBM Maximo Application Suite cross-site scripting
CVE-2024-10081	2024-11-06	CodeChecker is an analyzer tooling, defect database and viewer extension...
CVE-2024-10082	2024-11-06	CodeChecker is an analyzer tooling, defect database and viewer extension...
CVE-2024-6861	2024-11-06	Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
CVE-2024-10916	2024-11-06	D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure
CVE-2024-10919	2024-11-06	didi Super-Jacoco triggerUnitCover os command injection
CVE-2024-10920	2024-11-06	mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key
CVE-2024-10826	2024-11-06	Use after free in Family Experiences in Google Chrome on...
CVE-2024-10827	2024-11-06	Use after free in Serial in Google Chrome prior to...
CVE-2024-20371	2024-11-06	Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability
CVE-2024-20476	2024-11-06	Cisco Identity Services Engine Authorization Bypass Vulnerability
CVE-2024-20445	2024-11-06	Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
CVE-2024-20457	2024-11-06	Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
CVE-2024-20484	2024-11-06	Cisco Enterprise Chat and Email Denial of Service Vulnerability
CVE-2024-20487	2024-11-06	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy
CVE-2024-20504	2024-11-06	Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities
CVE-2024-20507	2024-11-06	Cisco Meeting Management Information Disclosure Vulnerability
CVE-2024-20511	2024-11-06	Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
CVE-2024-20514	2024-11-06	Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
CVE-2024-20525	2024-11-06	Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
CVE-2024-20527	2024-11-06	Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
CVE-2024-20528	2024-11-06	Cisco Identity Services Engine Path Traversal Vulnerability
CVE-2024-20529	2024-11-06	Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
CVE-2024-20530	2024-11-06	Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
CVE-2024-20531	2024-11-06	Cisco Identity Services Engine XML External Entity Injection Vulnerability
CVE-2024-20532	2024-11-06	Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
CVE-2024-20533	2024-11-06	Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
CVE-2024-20534	2024-11-06	Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-Site Scripting Vulnerability
CVE-2024-20536	2024-11-06	Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
CVE-2024-20537	2024-11-06	Cisco Identity Services Engine Authorization Bypass Vulnerability
CVE-2024-20538	2024-11-06	Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVE-2024-20539	2024-11-06	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
CVE-2024-20540	2024-11-06	Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
CVE-2024-10318	2024-11-06	NGINX OpenID Connect Vulnerability