CVE List - 2024 / December
Showing 2001 - 2100 of 3433 CVEs for December 2024 (Page 21 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-11715 | 2024-12-14 | WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation |
| CVE-2024-11713 | 2024-12-14 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() |
| CVE-2024-11714 | 2024-12-14 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() |
| CVE-2024-11711 | 2024-12-14 | WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection |
| CVE-2024-11710 | 2024-12-14 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection |
| CVE-2024-11712 | 2024-12-14 | WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download |
| CVE-2024-11720 | 2024-12-14 | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-11721 | 2024-12-14 | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation |
| CVE-2024-31892 | 2024-12-14 | IBM Storage Scale SQL injection |
| CVE-2024-31891 | 2024-12-14 | IBM Storage Scale privilege escalation |
| CVE-2024-55969 | 2024-12-15 | DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55... |
| CVE-2024-55970 | 2024-12-15 | File Manager in Syncfusion Essential Studio for ASP.NET MVC before... |
| CVE-2024-56072 | 2024-12-15 | An issue was discovered in FastNetMon Community Edition through 1.2.7.... |
| CVE-2024-56073 | 2024-12-15 | An issue was discovered in FastNetMon Community Edition through 1.2.7.... |
| CVE-2024-56074 | 2024-12-15 | gitingest before 9996a06 mishandles symbolic links that point outside of... |
| CVE-2024-56082 | 2024-12-15 | ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown... |
| CVE-2024-7701 | 2024-12-15 | Misuse of SHA256 to create an encryption key |
| CVE-2024-11858 | 2024-12-15 | Radare2: command injection via pebble application files in radare2 |
| CVE-2024-8798 | 2024-12-15 | Bluetooth: classic: avdtp: missing buffer length check |
| CVE-2024-29671 | 2024-12-16 | Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows... |
| CVE-2024-37773 | 2024-12-16 | An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows... |
| CVE-2024-37774 | 2024-12-16 | A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2... |
| CVE-2024-37775 | 2024-12-16 | Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers... |
| CVE-2024-37776 | 2024-12-16 | A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2... |
| CVE-2024-53376 | 2024-12-16 | CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary... |
| CVE-2024-55085 | 2024-12-16 | GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in... |
| CVE-2024-55100 | 2024-12-16 | A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php... |
| CVE-2024-55103 | 2024-12-16 | Online Nurse Hiring System v1.0 was discovered to contain a... |
| CVE-2024-55104 | 2024-12-16 | Online Nurse Hiring System v1.0 was discovered to contain multiple... |
| CVE-2024-55451 | 2024-12-16 | A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG... |
| CVE-2024-55452 | 2024-12-16 | A URL redirection vulnerability exists in UJCMS 9.6.3 due to... |
| CVE-2024-55554 | 2024-12-16 | Intrexx Portal Server before 12.0.2 allows XSS via a user-defined... |
| CVE-2024-55557 | 2024-12-16 | ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key... |
| CVE-2024-56083 | 2024-12-16 | Cognition Devin before 2024-12-12 provides write access to code by... |
| CVE-2024-56084 | 2024-12-16 | An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated... |
| CVE-2024-56085 | 2024-12-16 | An issue was discovered in Logpoint before 7.5.0. Authenticated users... |
| CVE-2024-56086 | 2024-12-16 | An issue was discovered in Logpoint before 7.5.0. Authenticated users... |
| CVE-2024-56087 | 2024-12-16 | An issue was discovered in Logpoint before 7.5.0. Authenticated users... |
| CVE-2024-56112 | 2024-12-16 | CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token... |
| CVE-2024-52949 | 2024-12-16 | iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the... |
| CVE-2024-8650 | 2024-12-16 | Incorrect Authorization in GitLab |
| CVE-2024-8116 | 2024-12-16 | Incorrect Authorization in GitLab |
| CVE-2024-11841 | 2024-12-16 | Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-5333 | 2024-12-16 | The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure |
| CVE-2024-12641 | 2024-12-16 | Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE |
| CVE-2024-12642 | 2024-12-16 | Chunghwa Telecom TenderDocTransfer - Arbitrary File Write |
| CVE-2024-9678 | 2024-12-16 | An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The... |
| CVE-2024-12643 | 2024-12-16 | Chunghwa Telecom tbm-client - Arbitrary File Delete |
| CVE-2024-12644 | 2024-12-16 | Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste |
| CVE-2024-12645 | 2024-12-16 | Chunghwa Telecom topm-client - Arbitrary File Read |
| CVE-2024-9679 | 2024-12-16 | A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3... |
| CVE-2024-12646 | 2024-12-16 | Chunghwa Telecom topm-client - Arbitrary File Delete |
| CVE-2024-48872 | 2024-12-16 | Bypass of "Max failed attempts" restriction via race condition |
| CVE-2024-54083 | 2024-12-16 | DoS via lack of type validation in Calls |
| CVE-2024-54682 | 2024-12-16 | Zipbomb DoS via Missing Slack Import Validation |
| CVE-2024-12362 | 2024-12-16 | InvoicePlane invoices.php download path traversal |
| CVE-2024-12478 | 2024-12-16 | InvoicePlane 1 upload_file unrestricted upload |
| CVE-2024-54366 | 2024-12-16 | WordPress Vimeography plugin <= 2.4.4 - Full Path Disclosure (FPD) vulnerability |
| CVE-2024-56004 | 2024-12-16 | WordPress Easy Site Importer plugin <= 1.0.1 - Settings Change vulnerability |
| CVE-2024-55998 | 2024-12-16 | WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability |
| CVE-2024-54373 | 2024-12-16 | WordPress EduAdmin Booking plugin <= 5.2.0 - Local File Inclusion vulnerability |
| CVE-2024-55990 | 2024-12-16 | WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability |
| CVE-2024-55989 | 2024-12-16 | WordPress WP Simple Pay Lite Manager Plugin <= 1.4 - SQL Injection vulnerability |
| CVE-2024-56012 | 2024-12-16 | WordPress Post Title (TypeWriter) and Flash News / Post (Responsive) plugins <= 4.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-54440 | 2024-12-16 | WordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54439 | 2024-12-16 | WordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54438 | 2024-12-16 | WordPress Gaxx Keywords plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54437 | 2024-12-16 | WordPress jCarousel for WordPress plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54436 | 2024-12-16 | WordPress Jet Footer Code plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54435 | 2024-12-16 | WordPress Onlywire Multi Autosubmitter plugin <= 1.2.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54434 | 2024-12-16 | WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability |
| CVE-2024-54433 | 2024-12-16 | WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54432 | 2024-12-16 | WordPress WP Flipkart Importer plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54431 | 2024-12-16 | WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54430 | 2024-12-16 | WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54429 | 2024-12-16 | WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54428 | 2024-12-16 | WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-54427 | 2024-12-16 | WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54426 | 2024-12-16 | WordPress LeaderBoard Plugin plugin <= 1.2.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54425 | 2024-12-16 | WordPress LionScripts: Site Maintenance plugin <= 2.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54424 | 2024-12-16 | WordPress Like in Vk.com plugin <= 0.5.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54423 | 2024-12-16 | WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54421 | 2024-12-16 | WordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54420 | 2024-12-16 | WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54416 | 2024-12-16 | WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54415 | 2024-12-16 | WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54414 | 2024-12-16 | WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54413 | 2024-12-16 | WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54412 | 2024-12-16 | WordPress ECT Product Carousel plugin <= 1.9 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54411 | 2024-12-16 | WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54410 | 2024-12-16 | WordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54409 | 2024-12-16 | WordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54408 | 2024-12-16 | WordPress Youtube Video Grid plugin <= 1.9 - CSRF to Settings Change vulnerability |
| CVE-2024-54407 | 2024-12-16 | WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54405 | 2024-12-16 | WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-54404 | 2024-12-16 | WordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54402 | 2024-12-16 | WordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2024-54401 | 2024-12-16 | WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54400 | 2024-12-16 | WordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54399 | 2024-12-16 | WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |