CVE List - 2024 / December
Showing 1 - 100 of 3433 CVEs for December 2024 (Page 1 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-53752 | 2024-12-01 | WordPress Stripe Donation plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53750 | 2024-12-01 | WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53749 | 2024-12-01 | WordPress Post Carousel Slider for Elementor plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53748 | 2024-12-01 | WordPress WP Mermaid plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53747 | 2024-12-01 | WordPress Video Player for WPBakery plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53746 | 2024-12-01 | WordPress Elementor Button Plus plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53745 | 2024-12-01 | WordPress Social Sharing Buttons By Cosmos Farm plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53744 | 2024-12-01 | WordPress Elementor Image Gallery plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53743 | 2024-12-01 | WordPress Countdown Timer for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53742 | 2024-12-01 | WordPress Multilevel Referral Affiliate Plugin for WooCommerce plugin <= 2.27 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-12007 | 2024-12-01 | code-projects Farmacia visualizar-produto.php sql injection |
| CVE-2024-31669 | 2024-12-02 | rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. |
| CVE-2024-39343 | 2024-12-02 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not... |
| CVE-2024-39890 | 2024-12-02 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,... |
| CVE-2024-52724 | 2024-12-02 | ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. |
| CVE-2024-52732 | 2024-12-02 | Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. |
| CVE-2024-53364 | 2024-12-02 | A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious... |
| CVE-2024-53375 | 2024-12-02 | An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is... |
| CVE-2024-53459 | 2024-12-02 | Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. |
| CVE-2024-53477 | 2024-12-02 | JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java |
| CVE-2024-53484 | 2024-12-02 | Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. |
| CVE-2024-53564 | 2024-12-02 | A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position... |
| CVE-2024-53605 | 2024-12-02 | Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. |
| CVE-2024-53617 | 2024-12-02 | A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in... |
| CVE-2024-53900 | 2024-12-02 | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. |
| CVE-2024-53937 | 2024-12-02 | An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed... |
| CVE-2024-53938 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account... |
| CVE-2024-53939 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz... |
| CVE-2024-53940 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted... |
| CVE-2024-53941 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK... |
| CVE-2024-29645 | 2024-12-02 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. |
| CVE-2024-53566 | 2024-12-02 | An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. |
| CVE-2024-11856 | 2024-12-02 | HPE IceWall Products, Remote Unauthorized Data Modification |
| CVE-2024-20125 | 2024-12-02 | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2024-20129 | 2024-12-02 | In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20128 | 2024-12-02 | In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20127 | 2024-12-02 | In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20130 | 2024-12-02 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20131 | 2024-12-02 | In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20132 | 2024-12-02 | In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-20133 | 2024-12-02 | In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20134 | 2024-12-02 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20135 | 2024-12-02 | In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20136 | 2024-12-02 | In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-20137 | 2024-12-02 | In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20116 | 2024-12-02 | In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20138 | 2024-12-02 | In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2024-20139 | 2024-12-02 | In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2024-53103 | 2024-12-02 | hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer |
| CVE-2024-53104 | 2024-12-02 | media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format |
| CVE-2024-10490 | 2024-12-02 | Authentication bypass flaw in several mapp components |
| CVE-2024-33036 | 2024-12-02 | Use of Out-of-range Pointer Offset in Camera Driver |
| CVE-2024-33037 | 2024-12-02 | Buffer Over-read in Neural Processing Unit |
| CVE-2024-33039 | 2024-12-02 | Untrusted Pointer Dereference in Audio |
| CVE-2024-33040 | 2024-12-02 | Use After Free in Camera Driver |
| CVE-2024-33044 | 2024-12-02 | Improper Validation of Array Index in Hypervisor |
| CVE-2024-33053 | 2024-12-02 | Use After Free in Video |
| CVE-2024-33056 | 2024-12-02 | Buffer Over-read in MProc |
| CVE-2024-33063 | 2024-12-02 | Integer Overflow or Wraparound in WLAN Host Communication |
| CVE-2024-43048 | 2024-12-02 | Stack-based Buffer Overflow in Performance |
| CVE-2024-43049 | 2024-12-02 | Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host |
| CVE-2024-43050 | 2024-12-02 | Stack-based Buffer Overflow in WLAN Windows Host |
| CVE-2024-43052 | 2024-12-02 | Improper Input Validation in Video Analytics and Processing |
| CVE-2024-43053 | 2024-12-02 | Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host |
| CVE-2024-12015 | 2024-12-02 | SQL Injection in WordPress Project Manager Plugin |
| CVE-2024-53740 | 2024-12-02 | WordPress WooCommerce Ultimate Gift Card plugin < 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53730 | 2024-12-02 | WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53105 | 2024-12-02 | mm: page_alloc: move mlocked flag clearance into free_pages_prepare() |
| CVE-2024-53106 | 2024-12-02 | ima: fix buffer overrun in ima_eventdigest_init_common |
| CVE-2024-53107 | 2024-12-02 | fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() |
| CVE-2024-53108 | 2024-12-02 | drm/amd/display: Adjust VSDB parser for replay feature |
| CVE-2024-53109 | 2024-12-02 | nommu: pass NULL argument to vma_iter_prealloc() |
| CVE-2024-53110 | 2024-12-02 | vp_vdpa: fix id_table array not null terminated error |
| CVE-2024-53111 | 2024-12-02 | mm/mremap: fix address wraparound in move_page_tables() |
| CVE-2024-53112 | 2024-12-02 | ocfs2: uncache inode which has failed entering the group |
| CVE-2024-53113 | 2024-12-02 | mm: fix NULL pointer dereference in alloc_pages_bulk_noprof |
| CVE-2024-53114 | 2024-12-02 | x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client |
| CVE-2024-53115 | 2024-12-02 | drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle |
| CVE-2024-53116 | 2024-12-02 | drm/panthor: Fix handling of partial GPU mapping of BOs |
| CVE-2024-53117 | 2024-12-02 | virtio/vsock: Improve MSG_ZEROCOPY error handling |
| CVE-2024-53118 | 2024-12-02 | vsock: Fix sk_error_queue memory leak |
| CVE-2024-53119 | 2024-12-02 | virtio/vsock: Fix accept_queue memory leak |
| CVE-2024-53120 | 2024-12-02 | net/mlx5e: CT: Fix null-ptr-deref in add rule err flow |
| CVE-2024-53121 | 2024-12-02 | net/mlx5: fs, lock FTE when checking if active |
| CVE-2024-53122 | 2024-12-02 | mptcp: cope racing subflow creation in mptcp_rcv_space_adjust |
| CVE-2024-53123 | 2024-12-02 | mptcp: error out earlier on disconnect |
| CVE-2024-53124 | 2024-12-02 | net: fix data-races around sk->sk_forward_alloc |
| CVE-2024-53793 | 2024-12-02 | WordPress eDoc Easy Tables plugin <= 1.29 - CSRF to SQL Injection vulnerability |
| CVE-2024-53792 | 2024-12-02 | WordPress Watu Quiz plugin <= 3.4.2 - SQL Injection vulnerability |
| CVE-2024-53789 | 2024-12-02 | WordPress Advanced What should we write next about plugin <=1.0.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53784 | 2024-12-02 | WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.9 - Broken Access Control vulnerability |
| CVE-2024-53782 | 2024-12-02 | WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53781 | 2024-12-02 | WordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-53780 | 2024-12-02 | WordPress Load More Posts plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53779 | 2024-12-02 | WordPress Yahoo! WebPlayer plugin <= 2.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-53777 | 2024-12-02 | WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53776 | 2024-12-02 | WordPress Donate Me plugin <= 1.2.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-53775 | 2024-12-02 | WordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53770 | 2024-12-02 | WordPress RingCentral Communications plugin <= 1.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53769 | 2024-12-02 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |