CVE List - 2024 / December
Showing 2501 - 2600 of 3433 CVEs for December 2024 (Page 26 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12782 | 2024-12-19 | Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization |
| CVE-2024-12783 | 2024-12-19 | itsourcecode Vehicle Management System billaction.php cross site scripting |
| CVE-2024-9101 | 2024-12-19 | phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php |
| CVE-2024-9102 | 2024-12-19 | phpLDAPadmin: Improper Neutralization of Formula Elements |
| CVE-2021-26102 | 2024-12-19 | A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a... |
| CVE-2024-12784 | 2024-12-19 | itsourcecode Vehicle Management System editbill.php sql injection |
| CVE-2024-10244 | 2024-12-19 | SQLi in ISDO Software's Web Software |
| CVE-2024-47093 | 2024-12-19 | Fix various XSS issues and potential RCE |
| CVE-2024-25131 | 2024-12-19 | Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation |
| CVE-2024-12785 | 2024-12-19 | itsourcecode Vehicle Management System sendmail.php sql injection |
| CVE-2024-12786 | 2024-12-19 | X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management |
| CVE-2024-12798 | 2024-12-19 | JaninoEventEvaluator vulnerability |
| CVE-2024-12787 | 2024-12-19 | 1000 Projects Attendance Tracking Management System check_student_login.php sql injection |
| CVE-2024-9154 | 2024-12-19 | Authenticated Remote Code Execution |
| CVE-2024-38864 | 2024-12-19 | User-Readable Private Key in Windows Agent |
| CVE-2024-12801 | 2024-12-19 | SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks |
| CVE-2024-12788 | 2024-12-19 | Codezips Technical Discussion Forum signinpost.php sql injection |
| CVE-2024-12789 | 2024-12-19 | PbootCMS IndexController.php code injection |
| CVE-2021-22501 | 2024-12-19 | Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation. The vulnerability could be exploited to confidential information This issue affects Operations Bridge... |
| CVE-2024-12790 | 2024-12-19 | code-projects Hostel Management Site room-details.php cross site scripting |
| CVE-2024-52896 | 2024-12-19 | IBM MQ information disclosure |
| CVE-2024-51471 | 2024-12-19 | IBM MQ Appliance denial of service |
| CVE-2024-38819 | 2024-12-19 | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on... |
| CVE-2024-52897 | 2024-12-19 | IBM MQ information disclosure |
| CVE-2024-49336 | 2024-12-19 | IBM Security Guardium server-side request forgery |
| CVE-2024-12791 | 2024-12-19 | Codezips E-Commerce Site signin.php sql injection |
| CVE-2024-12792 | 2024-12-19 | Codezips E-Commerce Site newadmin.php sql injection |
| CVE-2023-7005 | 2024-12-19 | CVE-2023-7005 |
| CVE-2024-12793 | 2024-12-19 | PbootCMS IndexController.php path traversal |
| CVE-2024-12794 | 2024-12-19 | Codezips E-Commerce Site editorder.php sql injection |
| CVE-2020-6923 | 2024-12-19 | HP Linux Imaging and Printing Software - Potential Memory Buffer Overflow |
| CVE-2024-54150 | 2024-12-19 | Algorithm Confusion Vulnerability in cjwt |
| CVE-2024-56200 | 2024-12-19 | Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy |
| CVE-2024-56159 | 2024-12-19 | Server source code is exposed to the public if sourcemaps are enabled |
| CVE-2024-53991 | 2024-12-19 | Potential Backup file leaked via Nginx in Discourse |
| CVE-2024-52794 | 2024-12-19 | Magnific lightbox susceptible to Cross-site Scripting in Discourse |
| CVE-2024-52589 | 2024-12-19 | Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse |
| CVE-2024-49765 | 2024-12-19 | Bypass of Discourse Connect using other login paths if enabled in Discourse |
| CVE-2024-7137 | 2024-12-19 | Denial of Service in Silicon Labs RS9116 Bluetooth SDK |
| CVE-2024-7138 | 2024-12-19 | Denial of Service in Silicon Labs RS9116 Bluetooth SDK |
| CVE-2024-7139 | 2024-12-19 | Denial of Service in Silicon Labs RS9116 Bluetooth SDK |
| CVE-2024-12111 | 2024-12-19 | Potential LDAP injection vulnerability in OpenText Privileged Access Manager |
| CVE-2024-12727 | 2024-12-19 | A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote... |
| CVE-2024-2201 | 2024-12-19 | CVE-2024-2201 |
| CVE-2024-11157 | 2024-12-19 | Rockwell Automation Third Party Vulnerability in Arena |
| CVE-2024-12728 | 2024-12-19 | A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). |
| CVE-2024-12175 | 2024-12-19 | Rockwell Automation Code Execution Vulnerability in Arena |
| CVE-2024-12672 | 2024-12-19 | Rockwell Automation Third Party Vulnerability in Arena® |
| CVE-2024-12729 | 2024-12-19 | A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). |
| CVE-2024-11364 | 2024-12-19 | Rockwell Automation Third Party Vulnerability in Arena® |
| CVE-2024-54009 | 2024-12-19 | Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. |
| CVE-2024-56327 | 2024-12-19 | Malicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrage |
| CVE-2024-12700 | 2024-12-19 | Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type |
| CVE-2021-40959 | 2024-12-20 | A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to inject... |
| CVE-2024-37758 | 2024-12-20 | Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. |
| CVE-2024-55186 | 2024-12-20 | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the... |
| CVE-2024-55341 | 2024-12-20 | A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the... |
| CVE-2024-55342 | 2024-12-20 | A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed... |
| CVE-2024-55470 | 2024-12-20 | Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without... |
| CVE-2024-55471 | 2024-12-20 | Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter. |
| CVE-2024-55509 | 2024-12-20 | SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. |
| CVE-2024-12829 | 2024-12-20 | Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability |
| CVE-2024-12830 | 2024-12-20 | Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-12832 | 2024-12-20 | Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability |
| CVE-2024-12831 | 2024-12-20 | Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability |
| CVE-2024-54538 | 2024-12-20 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma... |
| CVE-2024-12678 | 2024-12-20 | Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens |
| CVE-2020-9250 | 2024-12-20 | There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may... |
| CVE-2022-32144 | 2024-12-20 | There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common... |
| CVE-2022-32203 | 2024-12-20 | There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned... |
| CVE-2022-32204 | 2024-12-20 | There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common... |
| CVE-2022-34159 | 2024-12-20 | Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures... |
| CVE-2024-11776 | 2024-12-20 | PCRecruiter Extensions <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2023-42867 | 2024-12-20 | This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges. |
| CVE-2024-44223 | 2024-12-20 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected... |
| CVE-2024-44195 | 2024-12-20 | A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. |
| CVE-2024-44292 | 2024-12-20 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user... |
| CVE-2024-44231 | 2024-12-20 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login... |
| CVE-2024-44211 | 2024-12-20 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. |
| CVE-2024-44293 | 2024-12-20 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user... |
| CVE-2024-44298 | 2024-12-20 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about... |
| CVE-2024-21549 | 2024-12-20 | Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing... |
| CVE-2024-5955 | 2024-12-20 | Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected... |
| CVE-2024-10555 | 2024-12-20 | MaxButtons < 9.8.1 - Admin+ Stored XSS via Button Width |
| CVE-2024-10706 | 2024-12-20 | Download Manager < 3.3.03 - Admin+ Stored XSS |
| CVE-2024-11108 | 2024-12-20 | Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-8968 | 2024-12-20 | MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color |
| CVE-2024-9503 | 2024-12-20 | Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update |
| CVE-2024-11775 | 2024-12-20 | Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11411 | 2024-12-20 | Spotlightr <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12571 | 2024-12-20 | Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion |
| CVE-2024-11812 | 2024-12-20 | Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12509 | 2024-12-20 | Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11297 | 2024-12-20 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-9619 | 2024-12-20 | WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-11784 | 2024-12-20 | Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11331 | 2024-12-20 | isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting |
| CVE-2024-11893 | 2024-12-20 | Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11806 | 2024-12-20 | PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11783 | 2024-12-20 | Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |