VULNMAP - Security Vulnerabilities

CVE List - 2024 / December

Showing 2201 - 2300 of 3433 CVEs for December 2024 (Page 23 of 35)

CVE ID Date Title
CVE-2024-12656 2024-12-16 FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference
CVE-2024-12657 2024-12-16 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E000 null pointer dereference
CVE-2024-11144 2024-12-16 Race Condition with LightFTP
CVE-2024-4762 2024-12-16 An improper validation vulnerability was reported in the firmware update...
CVE-2024-6001 2024-12-16 An improper certificate validation vulnerability was reported in LADM that...
CVE-2024-8058 2024-12-16 An improper parsing vulnerability was reported in the FileZ client...
CVE-2024-12658 2024-12-16 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E01C null pointer dereference
CVE-2024-12659 2024-12-16 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E004 null pointer dereference
CVE-2024-12660 2024-12-16 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E018 null pointer dereference
CVE-2024-12661 2024-12-16 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E024 null pointer dereference
CVE-2024-12662 2024-12-16 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E040 null pointer dereference
CVE-2024-12663 2024-12-16 funnyzpc Mee-Admin Login login observable response discrepancy
CVE-2024-12687 2024-12-16 Insecure YAML Deserialization
CVE-2024-12664 2024-12-16 ruifang-tech Rebuild Project Task Comment cross site scripting
CVE-2024-12665 2024-12-16 ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting
CVE-2024-12666 2024-12-16 ClassCMS User Management Page admin insufficient privileges
CVE-2024-12667 2024-12-16 InvoicePlane view session expiration
CVE-2024-55949 2024-12-16 Privilege escalation in IAM import API in MinIO
CVE-2024-55951 2024-12-16 Metabase sandboxed users could see filter values from other sandboxed users
CVE-2024-35230 2024-12-16 Welcome and About GeoServer pages communicate version and revision information
CVE-2024-56017 2024-12-16 WordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerability
CVE-2024-12443 2024-12-16 CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11900 2024-12-16 Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11902 2024-12-16 Slope Widgets <= 4.2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11905 2024-12-16 Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11906 2024-12-16 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-29646 2024-12-17 Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker...
CVE-2024-31668 2024-12-17 rizin before v0.6.3 is vulnerable to Improper Neutralization of Special...
CVE-2024-36831 2024-12-17 A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link...
CVE-2024-36832 2024-12-17 A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers...
CVE-2024-37605 2024-12-17 A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers...
CVE-2024-37606 2024-12-17 A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers...
CVE-2024-37607 2024-12-17 A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote...
CVE-2024-49194 2024-12-17 Databricks JDBC Driver before 2.6.40 could potentially allow remote code...
CVE-2024-51175 2024-12-17 An issue in H3C switch h3c-S1526 allows a remote attacker...
CVE-2024-54662 2024-12-17 Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access...
CVE-2024-55056 2024-12-17 A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul...
CVE-2024-55057 2024-12-17 Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password...
CVE-2024-55058 2024-12-17 An insecure direct object reference (IDOR) vulnerability was discovered in...
CVE-2024-55059 2024-12-17 A stored HTML Injection vulnerability was identified in PHPGurukul Online...
CVE-2024-55496 2024-12-17 A vulnerability has been found in the 1000projects Bookstore Management...
CVE-2024-55513 2024-12-17 A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and...
CVE-2024-55514 2024-12-17 A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and...
CVE-2024-55515 2024-12-17 A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and...
CVE-2024-55516 2024-12-17 A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and...
CVE-2024-10205 2024-12-17 Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
CVE-2024-12239 2024-12-17 PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter
CVE-2020-12484 2024-12-17 When using special mode to connect to enterprise wifi, certain...
CVE-2020-12487 2024-12-17 Command Execution Vulnerability in ABE service
CVE-2021-26278 2024-12-17 Sensitive information leakage vulnerability in wifi module
CVE-2021-26279 2024-12-17 Information disclosure vulnerability in Weather module
CVE-2024-12356 2024-12-17 Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
CVE-2024-55864 2024-12-17 Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions...
CVE-2024-9624 2024-12-17 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
CVE-2024-54125 2024-12-17 Improper authorization in handler for custom URL scheme issue in...
CVE-2024-38499 2024-12-17 Improper Privilege Management Vulnerability in CA Client Automation 14.5
CVE-2024-11999 2024-12-17 CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could...
CVE-2021-26280 2024-12-17 Permission bypass vulnerability in permission manager module
CVE-2021-26281 2024-12-17 Information disclosure vulnerability in Alarm clock module
CVE-2024-12219 2024-12-17 Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting
CVE-2024-12220 2024-12-17 SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-11294 2024-12-17 Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
CVE-2024-12293 2024-12-17 User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation
CVE-2024-8326 2024-12-17 s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure
CVE-2024-12024 2024-12-17 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.5.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name
CVE-2024-12127 2024-12-17 Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter
CVE-2024-12469 2024-12-17 WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter
CVE-2024-12601 2024-12-17 Calculated Fields Form <= 5.2.63 - Denial of Service
CVE-2024-12395 2024-12-17 WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number'
CVE-2024-9654 2024-12-17 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass
CVE-2024-11280 2024-12-17 PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
CVE-2024-52542 2024-12-17 Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following...
CVE-2024-8429 2024-12-17 Improper Authentication in Digital Operation Services' WiFiBurada
CVE-2024-8475 2024-12-17 Protection Mechanism Failure in Digital Operation Services' WiFiBurada
CVE-2024-50379 2024-12-17 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
CVE-2024-54677 2024-12-17 Apache Tomcat: DoS in examples web application
CVE-2024-10356 2024-12-17 ElementsReady Addons for Elementor <= 6.4.8 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVE-2024-9819 2024-12-17 IDOR in NextGEO's NG Analyser
CVE-2024-8972 2024-12-17 SQLi in Mobil365 Informatics' Saha365 App
CVE-2024-11422 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12178 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-10476 2024-12-17 Default credentials are used in the above listed BD Diagnostic...
CVE-2024-12191 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12192 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12193 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12179 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12194 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12197 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12198 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12199 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12200 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12669 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12670 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-12671 2024-12-17 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
CVE-2024-53144 2024-12-17 Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
CVE-2024-42194 2024-12-17 HCL BigFix Inventory is affected by an access control vulnerability
CVE-2024-49817 2024-12-17 IBM Security Guardium Key Lifecycle Manager information disclosure
CVE-2024-49818 2024-12-17 IBM Security Guardium Key Lifecycle Manager information disclosure
CVE-2024-49819 2024-12-17 IBM Security Guardium Key Lifecycle Manager information disclosure
CVE-2024-49820 2024-12-17 IBM Security Guardium Key Lifecycle Manager information disclosure