CVE List - 2024 / December
Showing 3301 - 3400 of 3433 CVEs for December 2024 (Page 34 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-56516 | 2024-12-30 | free-one-api uses md5 for password storage |
| CVE-2024-56517 | 2024-12-30 | LGSL has a reflected XSS at /lgsl_files/lgsl_list.php |
| CVE-2024-56733 | 2024-12-30 | Password Pusher Allows Session Token Interception Leading to Potential Hijacking |
| CVE-2024-12828 | 2024-12-30 | Webmin CGI Command Injection Remote Code Execution Vulnerability |
| CVE-2024-56734 | 2024-12-30 | Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint |
| CVE-2024-12834 | 2024-12-30 | Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability |
| CVE-2024-12835 | 2024-12-30 | Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-12836 | 2024-12-30 | Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability |
| CVE-2024-12754 | 2024-12-30 | AnyDesk Link Following Information Disclosure Vulnerability |
| CVE-2024-56801 | 2024-12-30 | Tasklists has Blind SQL Injection in /ajax/reorder.php |
| CVE-2024-56799 | 2024-12-30 | Simofa Allows Unauthenticated Access to API Routes |
| CVE-2024-56800 | 2024-12-30 | Firecrawl has SSRF Vulnerability via malicious scrape target |
| CVE-2024-11944 | 2024-12-30 | iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-11946 | 2024-12-30 | iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability |
| CVE-2024-13043 | 2024-12-30 | Panda Security Dome Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-12751 | 2024-12-30 | Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2024-12752 | 2024-12-30 | Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-12753 | 2024-12-30 | Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-13044 | 2024-12-30 | Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-13045 | 2024-12-30 | Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-13046 | 2024-12-30 | Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-13047 | 2024-12-30 | Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability |
| CVE-2024-13048 | 2024-12-30 | Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-13049 | 2024-12-30 | Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability |
| CVE-2024-13050 | 2024-12-30 | Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-13051 | 2024-12-30 | Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-13042 | 2024-12-30 | Tsinghua Unigroup Electronic Archives Management System download.html download information disclosure |
| CVE-2024-13058 | 2024-12-30 | Authenticated, non-admin users can create storage pools via the sifi API |
| CVE-2024-12838 | 2024-12-31 | Changing Information Technology CGFIDO - Authentication Bypass |
| CVE-2024-12839 | 2024-12-31 | Changing Information Technology CGFIDO - Authentication Bypass |
| CVE-2024-13040 | 2024-12-31 | Quanta Computer QOCA aim - Authorization Bypass |
| CVE-2024-45497 | 2024-12-31 | Openshift-api: build process in openshift allows overwriting of node pull credentials |
| CVE-2024-11972 | 2024-12-31 | Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation |
| CVE-2024-49422 | 2024-12-31 | Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release... |
| CVE-2024-13067 | 2024-12-31 | CodeAstro Online Food Ordering System All Users Page all_users.php access control |
| CVE-2024-56230 | 2024-12-31 | WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin <= 1.1.3 - Local File Inclusion vulnerability |
| CVE-2024-56216 | 2024-12-31 | WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability |
| CVE-2024-56214 | 2024-12-31 | WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability |
| CVE-2024-56213 | 2024-12-31 | WordPress Eventin plugin <= 4.0.7 - Contributor+ Limited Local File Inclusion vulnerability |
| CVE-2024-56211 | 2024-12-31 | WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability |
| CVE-2024-56212 | 2024-12-31 | WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability |
| CVE-2024-56220 | 2024-12-31 | WordPress SSL Wireless SMS Notification plugin <= 3.5.0 - Privilege Escalation vulnerability |
| CVE-2024-56232 | 2024-12-31 | WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-56229 | 2024-12-31 | WordPress SearchIQ plugin <= 4.6 - Cross-Site Requst Forgery (CSRF) vulnerability |
| CVE-2024-56222 | 2024-12-31 | WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56218 | 2024-12-31 | WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56265 | 2024-12-31 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56256 | 2024-12-31 | WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56235 | 2024-12-31 | WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56215 | 2024-12-31 | WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2024-56217 | 2024-12-31 | WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability |
| CVE-2024-56219 | 2024-12-31 | WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2024-56225 | 2024-12-31 | WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability |
| CVE-2024-56227 | 2024-12-31 | WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability |
| CVE-2024-56234 | 2024-12-31 | WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability |
| CVE-2024-56233 | 2024-12-31 | WordPress Kintpv Wooconnect plugin <= 8.129 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56231 | 2024-12-31 | WordPress SaasPricing plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56228 | 2024-12-31 | WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56226 | 2024-12-31 | WordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56224 | 2024-12-31 | WordPress Ledenbeheer plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56223 | 2024-12-31 | WordPress Gulri Slider plugin <= 3.5.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56221 | 2024-12-31 | WordPress WPMozo Addons Lite for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-12108 | 2024-12-31 | WhatsUp Gold - Public API signing key rotation issue |
| CVE-2024-12106 | 2024-12-31 | WhatsUp Gold - LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication |
| CVE-2024-12105 | 2024-12-31 | WhatsUp Gold - SnmpExtendedActiveMonitor path traversal |
| CVE-2024-56210 | 2024-12-31 | WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56209 | 2024-12-31 | WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13069 | 2024-12-31 | SourceCodester Multi Role Login System add-user.php cross site scripting |
| CVE-2024-13061 | 2024-12-31 | 2100 Technology Electronic Official Document Management System - Authentication Bypass |
| CVE-2024-56205 | 2024-12-31 | WordPress AI Magic – SEO Content Generator & Article Writer plugin <= 1.0.4 - Privilege Escalation vulnerability |
| CVE-2024-56071 | 2024-12-31 | WordPress Simple Dashboard plugin <= 2.0 - Privilege Escalation vulnerability |
| CVE-2023-50850 | 2024-12-31 | WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability |
| CVE-2023-48775 | 2024-12-31 | WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability |
| CVE-2024-56067 | 2024-12-31 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability |
| CVE-2024-56031 | 2024-12-31 | WordPress Smart Shopify Product plugin <= 1.0.2 - Arbitrary Content Deletion vulnerability |
| CVE-2024-55991 | 2024-12-31 | WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability |
| CVE-2024-56068 | 2024-12-31 | WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability |
| CVE-2024-56046 | 2024-12-31 | WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-56064 | 2024-12-31 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-56039 | 2024-12-31 | WordPress VibeBP plugin < 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-56041 | 2024-12-31 | WordPress VibeBP plugin < 1.9.9.5.1 - SQL Injection vulnerability |
| CVE-2024-56042 | 2024-12-31 | WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-56040 | 2024-12-31 | WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-56043 | 2024-12-31 | WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-56044 | 2024-12-31 | WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability |
| CVE-2024-56045 | 2024-12-31 | WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability |
| CVE-2024-56061 | 2024-12-31 | WordPress RepairBuddy plugin <= 3.8119 - Account Takeover vulnerability |
| CVE-2024-56066 | 2024-12-31 | WordPress Agency Toolkit plugin <= 1.0.23 - Privilege Escalation vulnerability |
| CVE-2024-56203 | 2024-12-31 | WordPress Wayne Audio Player plugin <= 1.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56204 | 2024-12-31 | WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56206 | 2024-12-31 | WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability |
| CVE-2024-56207 | 2024-12-31 | WordPress EditionGuard for WooCommerce – eBook Sales with DRM plugin <= 3.4.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56070 | 2024-12-31 | WordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilities |
| CVE-2024-56002 | 2024-12-31 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-55995 | 2024-12-31 | WordPress Torod plugin <= 1.7 - Settings Change vulnerability |
| CVE-2024-51667 | 2024-12-31 | WordPress Paytium plugin <= 4.4.10 - Broken Access Control vulnerability |
| CVE-2024-49698 | 2024-12-31 | WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-49694 | 2024-12-31 | WordPress My Wp Brand – Hide menu & Hide Plugin plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-49687 | 2024-12-31 | WordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerability |
| CVE-2024-49686 | 2024-12-31 | WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability |