CVE List - 2024 / December
Showing 1501 - 1600 of 3433 CVEs for December 2024 (Page 16 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-54514 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2.... |
| CVE-2024-44241 | 2024-12-11 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary... |
| CVE-2024-54492 | 2024-12-11 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2.... |
| CVE-2024-44200 | 2024-12-11 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information. |
| CVE-2024-54484 | 2024-12-11 | The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. |
| CVE-2024-54485 | 2024-12-11 | The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may... |
| CVE-2024-44201 | 2024-12-11 | The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted... |
| CVE-2024-54493 | 2024-12-11 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly. |
| CVE-2024-54515 | 2024-12-11 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. |
| CVE-2024-54503 | 2024-12-11 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in... |
| CVE-2024-54489 | 2024-12-11 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute... |
| CVE-2024-54466 | 2024-12-11 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by... |
| CVE-2024-44299 | 2024-12-11 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary... |
| CVE-2024-12492 | 2024-12-11 | code-projects Farmacia visualizar-usuario.php sql injection |
| CVE-2024-12497 | 2024-12-11 | 1000 Projects Attendance Tracking Management System check_admin_login.php sql injection |
| CVE-2024-31670 | 2024-12-12 | rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. |
| CVE-2024-54810 | 2024-12-12 | A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter. |
| CVE-2024-54811 | 2024-12-12 | A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. |
| CVE-2024-54842 | 2024-12-12 | A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. |
| CVE-2024-55099 | 2024-12-12 | A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via... |
| CVE-2024-12503 | 2024-12-12 | ClassCMS Model Management Page admin cross site scripting |
| CVE-2024-12536 | 2024-12-12 | SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting |
| CVE-2024-41146 | 2024-12-12 | Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a... |
| CVE-2024-42407 | 2024-12-12 | Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they... |
| CVE-2024-11442 | 2024-12-12 | Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12341 | 2024-12-12 | Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation |
| CVE-2024-11430 | 2024-12-12 | SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-11413 | 2024-12-12 | HostFact bestelformulier integratie <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11689 | 2024-12-12 | HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-11279 | 2024-12-12 | Schema App Structured Data <= 2.2.4 - Reflected Cross-Site Scripting |
| CVE-2024-11427 | 2024-12-12 | Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11914 | 2024-12-12 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11433 | 2024-12-12 | Surbma | SalesAutopilot Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12461 | 2024-12-12 | WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11419 | 2024-12-12 | Password for WP <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11443 | 2024-12-12 | de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11015 | 2024-12-12 | Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user |
| CVE-2024-11417 | 2024-12-12 | dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11901 | 2024-12-12 | PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10111 | 2024-12-12 | OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass |
| CVE-2024-12338 | 2024-12-12 | Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username |
| CVE-2024-12260 | 2024-12-12 | Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting |
| CVE-2024-12258 | 2024-12-12 | WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting |
| CVE-2024-11683 | 2024-12-12 | Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11723 | 2024-12-12 | kvCORE IDX <= 2.3.35 - Reflected Cross-Site Scripting |
| CVE-2024-12406 | 2024-12-12 | Library Management System <= 3.0.0 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-11891 | 2024-12-12 | Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11750 | 2024-12-12 | ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10910 | 2024-12-12 | Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category |
| CVE-2024-11875 | 2024-12-12 | Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10590 | 2024-12-12 | Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-11410 | 2024-12-12 | Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11384 | 2024-12-12 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12463 | 2024-12-12 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode |
| CVE-2024-10182 | 2024-12-12 | Cognito Forms <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-11804 | 2024-12-12 | Planaday API <= 11.4 - Reflected Cross-Site Scripting |
| CVE-2024-11459 | 2024-12-12 | Country Blocker <= 3.2 - Reflected Cross-Site Scripting |
| CVE-2024-12162 | 2024-12-12 | Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-12156 | 2024-12-12 | AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting |
| CVE-2024-12441 | 2024-12-12 | BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting |
| CVE-2024-11709 | 2024-12-12 | AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion |
| CVE-2024-12526 | 2024-12-12 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-11882 | 2024-12-12 | FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11781 | 2024-12-12 | Smart Agenda – Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12040 | 2024-12-12 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' |
| CVE-2024-11359 | 2024-12-12 | Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting |
| CVE-2024-12018 | 2024-12-12 | Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion |
| CVE-2024-12072 | 2024-12-12 | Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting |
| CVE-2024-11765 | 2024-12-12 | WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12172 | 2024-12-12 | WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update |
| CVE-2024-10124 | 2024-12-12 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation |
| CVE-2024-12255 | 2024-12-12 | Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure |
| CVE-2024-11757 | 2024-12-12 | WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11871 | 2024-12-12 | Social Media Shortcodes <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11785 | 2024-12-12 | Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11766 | 2024-12-12 | WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11052 | 2024-12-12 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations |
| CVE-2024-12265 | 2024-12-12 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure |
| CVE-2024-12059 | 2024-12-12 | ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read |
| CVE-2024-12263 | 2024-12-12 | Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete |
| CVE-2024-10010 | 2024-12-12 | LearnPress < 4.2.7.2 - Admin+ Stored XSS |
| CVE-2024-10499 | 2024-12-12 | AI-Engine < 2.6.5 - Admin+ SQLi |
| CVE-2024-10517 | 2024-12-12 | ProfilePress < 4.15.15 - Admin+ Stored XSS |
| CVE-2024-10518 | 2024-12-12 | ProfilePress < 4.15.15 - Admin+ Stored XSS |
| CVE-2024-10568 | 2024-12-12 | Ajax Search Lite < 4.12.4 - Admin+ Stored XSS |
| CVE-2024-10637 | 2024-12-12 | Kadence Blocks < 3.2.54 - Admin+ Stored XSS |
| CVE-2024-9428 | 2024-12-12 | Popup Builder < 4.3.5 - Admin+ Stored XSS |
| CVE-2024-9641 | 2024-12-12 | LuckyWP Table of Contents < 2.1.7 - Admin+ Stored XSS |
| CVE-2024-9881 | 2024-12-12 | LearnPress < 4.2.7.2 - Admin+ Stored XSS |
| CVE-2024-10784 | 2024-12-12 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11181 | 2024-12-12 | Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11727 | 2024-12-12 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-10583 | 2024-12-12 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12312 | 2024-12-12 | Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection |
| CVE-2024-12201 | 2024-12-12 | Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation |
| CVE-2024-11724 | 2024-12-12 | Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Whitelist Script |
| CVE-2024-12329 | 2024-12-12 | Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure |
| CVE-2024-12564 | 2024-12-12 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK before 2025.3 |
| CVE-2024-21574 | 2024-12-12 | The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the... |
| CVE-2024-12333 | 2024-12-12 | WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution |