CVE List - 2024 / December
Showing 1601 - 1700 of 3433 CVEs for December 2024 (Page 17 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-11760 | 2024-12-12 | Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12160 | 2024-12-12 | Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting |
| CVE-2024-12397 | 2024-12-12 | Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling |
| CVE-2024-12401 | 2024-12-12 | Cert-manager: potential dos when parsing specially crafted pem inputs |
| CVE-2024-54096 | 2024-12-12 | Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. |
| CVE-2024-54097 | 2024-12-12 | Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity. |
| CVE-2024-54098 | 2024-12-12 | Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2024-54099 | 2024-12-12 | File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2024-54100 | 2024-12-12 | Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2024-12292 | 2024-12-12 | Insertion of Sensitive Information into Log File in GitLab |
| CVE-2024-12570 | 2024-12-12 | Privilege Context Switching Error in GitLab |
| CVE-2024-54101 | 2024-12-12 | Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54102 | 2024-12-12 | Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54103 | 2024-12-12 | Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54104 | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54105 | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54106 | 2024-12-12 | Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54107 | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-11274 | 2024-12-12 | URL Redirection to Untrusted Site ('Open Redirect') in GitLab |
| CVE-2024-10043 | 2024-12-12 | Incorrect Authorization in GitLab |
| CVE-2024-9387 | 2024-12-12 | URL Redirection to Untrusted Site ('Open Redirect') in GitLab |
| CVE-2024-9367 | 2024-12-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-8647 | 2024-12-12 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab |
| CVE-2024-8233 | 2024-12-12 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-8179 | 2024-12-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-54108 | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54109 | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54110 | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54111 | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54112 | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54113 | 2024-12-12 | Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. |
| CVE-2024-54114 | 2024-12-12 | Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54115 | 2024-12-12 | Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-54116 | 2024-12-12 | Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2024-54117 | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54119 | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-54122 | 2024-12-12 | Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-28142 | 2024-12-12 | Stored cross site scripting |
| CVE-2024-47947 | 2024-12-12 | Stored cross site scripting |
| CVE-2024-12271 | 2024-12-12 | 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-36498 | 2024-12-12 | Stored cross site scripting |
| CVE-2024-36494 | 2024-12-12 | Reflected Cross Site Scripting |
| CVE-2024-28144 | 2024-12-12 | Broken Access Control |
| CVE-2024-28145 | 2024-12-12 | Unauthenticated SQL Injection |
| CVE-2024-50584 | 2024-12-12 | SQL Injection |
| CVE-2024-28146 | 2024-12-12 | Hardcoded credentials |
| CVE-2024-28143 | 2024-12-12 | Insecure Password Change Function |
| CVE-2024-21575 | 2024-12-12 | ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to... |
| CVE-2024-55633 | 2024-12-12 | Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access |
| CVE-2024-52901 | 2024-12-12 | IBM InfoSphere Information Server denial of service |
| CVE-2024-55662 | 2024-12-12 | XWiki allows remote code execution through the extension sheet |
| CVE-2024-47238 | 2024-12-12 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary... |
| CVE-2024-55663 | 2024-12-12 | XWiki Platform has an SQL injection in getdocuments.vm with sort parameter |
| CVE-2024-55875 | 2024-12-12 | http4k has a potential XXE (XML External Entity Injection) vulnerability |
| CVE-2024-55876 | 2024-12-12 | XWiki's scheduler in subwiki allows scheduling operations for any main wiki user |
| CVE-2024-49147 | 2024-12-12 | Microsoft Update Catalog Elevation of Privilege Vulnerability |
| CVE-2024-49071 | 2024-12-12 | Windows Defender Information Disclosure Vulnerability |
| CVE-2024-55877 | 2024-12-12 | XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList |
| CVE-2024-55879 | 2024-12-12 | XWiki allows RCE from script right in configurable sections |
| CVE-2024-55878 | 2024-12-12 | Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx |
| CVE-2024-55885 | 2024-12-12 | Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames |
| CVE-2024-55886 | 2024-12-12 | OpenTelemetry Logs source may lack authentication with some custom plugins |
| CVE-2024-55888 | 2024-12-12 | Content Security Policy appears to be missing in software and production setup |
| CVE-2024-12289 | 2024-12-12 | Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service |
| CVE-2024-55918 | 2024-12-13 | An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who... |
| CVE-2024-55956 | 2024-12-13 | In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging... |
| CVE-2024-9508 | 2024-12-13 | Horner Automation Cscape Out-of-bounds Read |
| CVE-2024-12212 | 2024-12-13 | Horner Automation Cscape Out-of-bounds Read |
| CVE-2024-12603 | 2024-12-13 | A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. |
| CVE-2024-12572 | 2024-12-13 | Hello in All Languages <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12300 | 2024-12-13 | AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2019-25221 | 2024-12-13 | Responsive Filterable Portfolio <=1.0.8 - Authenticated (Admin+) SQL Injection |
| CVE-2024-11767 | 2024-12-13 | NewsmanApp <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12574 | 2024-12-13 | SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-12579 | 2024-12-13 | Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service |
| CVE-2024-11809 | 2024-12-13 | Primer MyData for Woocommerce <= 4.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-21544 | 2024-12-13 | Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using... |
| CVE-2024-21543 | 2024-12-13 | Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting... |
| CVE-2024-12581 | 2024-12-13 | Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-11833 | 2024-12-13 | Arbitrary Directory Write via Runbooks Artifact Upload |
| CVE-2024-11834 | 2024-12-13 | Arbitrary File Write via PTRAC Import |
| CVE-2024-11835 | 2024-12-13 | Denial of Service |
| CVE-2024-11836 | 2024-12-13 | Server-side Request Forgery |
| CVE-2024-11837 | 2024-12-13 | N1QL Injection |
| CVE-2024-11838 | 2024-12-13 | Local File Inclusion |
| CVE-2024-11839 | 2024-12-13 | Insecure Deserialization via Runbooks Imports |
| CVE-2024-10678 | 2024-12-13 | Ultimate Blocks < 3.2.4 - Contributor+ Stored XSS |
| CVE-2024-10939 | 2024-12-13 | Image Widget < 4.4.11 - Admin+ Stored XSS |
| CVE-2024-11832 | 2024-12-13 | Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12414 | 2024-12-13 | Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery |
| CVE-2024-12420 | 2024-12-13 | WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-12421 | 2024-12-13 | Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting |
| CVE-2024-11754 | 2024-12-13 | Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11911 | 2024-12-13 | WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation |
| CVE-2024-12042 | 2024-12-13 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) |
| CVE-2024-11910 | 2024-12-13 | WP Crowdfunding <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12417 | 2024-12-13 | Simple Link Directory <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-12309 | 2024-12-13 | Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts |
| CVE-2024-11275 | 2024-12-13 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion |
| CVE-2024-12465 | 2024-12-13 | Property Hive Stamp Duty Calculator <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting |