CVE List - 2024 / December
Showing 2301 - 2400 of 3433 CVEs for December 2024 (Page 24 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-49816 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2024-51479 | 2024-12-17 | Authorization bypass in Next.js |
| CVE-2024-56139 | 2024-12-17 | A stack overflow Segmentation Fault (SEGV) and Memory Leak in pdftools |
| CVE-2024-11993 | 2024-12-17 | Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through... |
| CVE-2024-12539 | 2024-12-17 | Elasticsearch Incorrect Authorization |
| CVE-2023-37940 | 2024-12-17 | Cross-site scripting (XSS) vulnerability in the edit Service Access Policy... |
| CVE-2024-56142 | 2024-12-17 | Path Traversal in pghoard |
| CVE-2024-52792 | 2024-12-17 | Arbitrary config values override in lam |
| CVE-2024-9779 | 2024-12-17 | Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens |
| CVE-2024-10973 | 2024-12-17 | Keycloak: cli option for encrypted jgroups ignored |
| CVE-2024-37649 | 2024-12-18 | Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a... |
| CVE-2024-39703 | 2024-12-18 | In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to... |
| CVE-2024-49201 | 2024-12-18 | Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows... |
| CVE-2024-49202 | 2024-12-18 | Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens... |
| CVE-2024-55086 | 2024-12-18 | In the GetSimple CMS CE 3.3.19 management page, Server-Side Request... |
| CVE-2024-55088 | 2024-12-18 | GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery... |
| CVE-2024-55231 | 2024-12-18 | An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online... |
| CVE-2024-55232 | 2024-12-18 | An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online... |
| CVE-2024-55239 | 2024-12-18 | A reflected Cross-Site Scripting vulnerability in the standard documentation upload... |
| CVE-2024-55461 | 2024-12-18 | SeaCMS <=13.0 is vulnerable to command execution in phome.php via... |
| CVE-2024-55492 | 2024-12-18 | Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting... |
| CVE-2024-55506 | 2024-12-18 | An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version... |
| CVE-2024-56115 | 2024-12-18 | A vulnerability in Amiro.CMS before 7.8.4 exists due to the... |
| CVE-2024-56116 | 2024-12-18 | A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows... |
| CVE-2024-56170 | 2024-12-18 | A validation integrity issue was discovered in Fort through 1.6.4... |
| CVE-2024-56173 | 2024-12-18 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be... |
| CVE-2024-56174 | 2024-12-18 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be... |
| CVE-2024-56175 | 2024-12-18 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be... |
| CVE-2024-56317 | 2024-12-18 | In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the... |
| CVE-2024-56318 | 2024-12-18 | In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through... |
| CVE-2024-56319 | 2024-12-18 | In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before... |
| CVE-2024-36694 | 2024-12-18 | OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via... |
| CVE-2024-53580 | 2024-12-18 | iperf v3.17.1 was discovered to contain a segmentation violation via... |
| CVE-2024-55089 | 2024-12-18 | Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in... |
| CVE-2024-55505 | 2024-12-18 | An issue in CodeAstro Complaint Management System v.1.0 allows a... |
| CVE-2024-56169 | 2024-12-18 | A validation integrity issue was discovered in Fort through 1.6.4... |
| CVE-2024-47480 | 2024-12-18 | Dell Inventory Collector Client, versions prior to 12.7.0, contains an... |
| CVE-2024-11439 | 2024-12-18 | ScanCircle <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11748 | 2024-12-18 | Taeggie Feed <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12500 | 2024-12-18 | Philantro – Donations and Donor Management <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11881 | 2024-12-18 | Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12513 | 2024-12-18 | Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12432 | 2024-12-18 | WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key |
| CVE-2024-12025 | 2024-12-18 | Collapsing Categories <= 3.0.8 - Unauthenticated SQL Injection |
| CVE-2024-11254 | 2024-12-18 | AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-12259 | 2024-12-18 | CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation |
| CVE-2024-12596 | 2024-12-18 | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion |
| CVE-2024-12449 | 2024-12-18 | Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12250 | 2024-12-18 | Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure |
| CVE-2024-12061 | 2024-12-18 | Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-12698 | 2024-12-18 | Ose-olm-catalogd-container: incomplete fix for rapid reset (cve-2023-39325/cve-2023-44487) |
| CVE-2024-10892 | 2024-12-18 | Cost Calculator Builder < 3.2.43 - Settings update via CSRF |
| CVE-2024-4464 | 2024-12-18 | Authorization bypass through user-controlled key vulnerability in streaming service in... |
| CVE-2024-21546 | 2024-12-18 | Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to... |
| CVE-2024-21548 | 2024-12-18 | Versions of the package bun before 1.1.30 are vulnerable to... |
| CVE-2024-21547 | 2024-12-18 | Versions of the package spatie/browsershot before 5.0.2 are vulnerable to... |
| CVE-2024-1610 | 2024-12-18 | OPPO Store app include remote account token hijacking and sensitive information leakage |
| CVE-2024-47397 | 2024-12-18 | Weak authentication issue exists in AE1021 firmware versions 2.0.10 and... |
| CVE-2024-53688 | 2024-12-18 | Improper neutralization of special elements used in an OS command... |
| CVE-2024-54457 | 2024-12-18 | Inclusion of undocumented features or chicken bits issue exists in... |
| CVE-2024-12287 | 2024-12-18 | Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user |
| CVE-2024-11295 | 2024-12-18 | Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-11614 | 2024-12-18 | Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library |
| CVE-2024-12340 | 2024-12-18 | Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template |
| CVE-2024-12554 | 2024-12-18 | Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function |
| CVE-2024-12454 | 2024-12-18 | Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-47104 | 2024-12-18 | IBM i incorrect privilege assignment |
| CVE-2024-11926 | 2024-12-18 | Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions |
| CVE-2024-11291 | 2024-12-18 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-11912 | 2024-12-18 | Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id |
| CVE-2024-4995 | 2024-12-18 | Protocol Downgrade in Wapro ERP Desktop |
| CVE-2024-4996 | 2024-12-18 | Hardcoded Password in Wapro ERP Desktop |
| CVE-2024-56008 | 2024-12-18 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability |
| CVE-2024-56059 | 2024-12-18 | WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability |
| CVE-2024-56058 | 2024-12-18 | WordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerability |
| CVE-2024-54270 | 2024-12-18 | WordPress Axeptio plugin <= 2.5.3 - Local File Inclusion vulnerability |
| CVE-2024-55985 | 2024-12-18 | WordPress YDS Support Ticket System plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-55984 | 2024-12-18 | WordPress Saksh Escrow System plugin <= 2.4 - SQL Injection vulnerability |
| CVE-2024-55983 | 2024-12-18 | WordPress PowerFormBuilder plugin <= 1.0.6 - SQL Injection vulnerability |
| CVE-2024-55975 | 2024-12-18 | WordPress Dr Affiliate plugin <= 1.2.3 - SQL Injection vulnerability |
| CVE-2024-56016 | 2024-12-18 | WordPress Image Mapper plugin <= 0.2.5.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56010 | 2024-12-18 | WordPress Device Detector Plugin <= 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54350 | 2024-12-18 | WordPress hmd theme <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51646 | 2024-12-18 | WordPress Saoshyant Element plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49677 | 2024-12-18 | WordPress Bootstrap Buttons plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-55997 | 2024-12-18 | WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability |
| CVE-2024-52485 | 2024-12-18 | WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2024-50570 | 2024-12-18 | A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows... |
| CVE-2023-34990 | 2024-12-18 | A relative path traversal in Fortinet FortiWLM version 8.6.0 through... |
| CVE-2024-48889 | 2024-12-18 | An Improper Neutralization of Special Elements used in an OS... |
| CVE-2024-56128 | 2024-12-18 | Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption |
| CVE-2024-12371 | 2024-12-18 | Rockwell Automation PowerMonitor™ 1000 Remote Code Execution |
| CVE-2024-47119 | 2024-12-18 | IBM Storage Defender - Resiliency Service improper certificate validation |
| CVE-2023-50956 | 2024-12-18 | IBM Storage Defender - Resiliency Service information disclosure |
| CVE-2024-52361 | 2024-12-18 | IBM Storage Defender - Resiliency Service information disclosure |
| CVE-2024-12372 | 2024-12-18 | Rockwell Automation PowerMonitor™ 1000 Denial of Service |
| CVE-2024-12373 | 2024-12-18 | Rockwell Automation PowerMonitor™ 1000 Denial of Service |
| CVE-2024-47810 | 2024-12-18 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795... |
| CVE-2024-49576 | 2024-12-18 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795... |
| CVE-2024-41752 | 2024-12-18 | IBM Cognos Analytics HTML injection |