CVE List - 2024 / December
Showing 3401 - 3433 of 3433 CVEs for December 2024 (Page 35 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-6603 | 2024-12-31 | Ffmpeg: null pointer dereference in ffmpeg hls parsing |
| CVE-2024-25133 | 2024-12-31 | Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation |
| CVE-2024-13070 | 2024-12-31 | CodeAstro Online Food Ordering System Update User Page update_users.php sql injection |
| CVE-2024-13072 | 2024-12-31 | 1000 Projects Beauty Parlour Management System Customer Detail add-customer-services.php sql injection |
| CVE-2024-56802 | 2024-12-31 | Tapir allows DeployKey exposure |
| CVE-2024-56198 | 2024-12-31 | path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability |
| CVE-2024-52047 | 2024-12-31 | A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain... |
| CVE-2024-52048 | 2024-12-31 | A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to... |
| CVE-2024-52049 | 2024-12-31 | A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to... |
| CVE-2024-52050 | 2024-12-31 | A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2024-53647 | 2024-12-31 | Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading... |
| CVE-2024-55631 | 2024-12-31 | An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability... |
| CVE-2024-55632 | 2024-12-31 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2024-55917 | 2024-12-31 | An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability... |
| CVE-2024-55955 | 2024-12-31 | An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note:... |
| CVE-2024-13074 | 2024-12-31 | PHPGurukul Land Record System index.php cross site scripting |
| CVE-2024-13075 | 2024-12-31 | PHPGurukul Land Record System add-propertytype.php cross site scripting |
| CVE-2024-13076 | 2024-12-31 | PHPGurukul Land Record System edit-propertytype.php cross site scripting |
| CVE-2024-13077 | 2024-12-31 | PHPGurukul Land Record System add-property.php cross site scripting |
| CVE-2024-13078 | 2024-12-31 | PHPGurukul Land Record System index.php sql injection |
| CVE-2024-13079 | 2024-12-31 | PHPGurukul Land Record System property-details.php sql injection |
| CVE-2024-13080 | 2024-12-31 | PHPGurukul Land Record System aboutus.php cross site scripting |
| CVE-2024-13081 | 2024-12-31 | PHPGurukul Land Record System contactus.php cross site scripting |
| CVE-2024-13082 | 2024-12-31 | PHPGurukul Land Record System search-property.php cross site scripting |
| CVE-2024-13083 | 2024-12-31 | PHPGurukul Land Record System admin-profile.php cross site scripting |
| CVE-2024-13084 | 2024-12-31 | PHPGurukul Land Record System search-property.php sql injection |
| CVE-2024-13085 | 2024-12-31 | PHPGurukul Land Record System login.php sql injection |
| CVE-2024-56803 | 2024-12-31 | Ghostty improperly handles window title sequences which can lead to arbitrary command execution |
| CVE-2024-56063 | 2024-12-31 | WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56062 | 2024-12-31 | WordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56021 | 2024-12-31 | WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56020 | 2024-12-31 | WordPress SvegliaT Buttons Plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-11846 | 2025-01-01 | Travel Tour < 5.2.4 - Reflected XSS |
| CVE-2025-0168 | 2025-01-01 | code-projects Job Recruitment _feedback_system.php sql injection |
| CVE-2002-20002 | 2025-01-02 | The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys. |
| CVE-2024-48197 | 2025-01-02 | Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. |
| CVE-2024-56829 | 2025-01-02 | Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. |
| CVE-2025-22214 | 2025-01-02 | Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection. |
| CVE-2024-56830 | 2025-01-02 | The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present. |
| CVE-2024-11184 | 2025-01-02 | WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG |
| CVE-2024-11357 | 2025-01-02 | Goodlayers Core < 2.0.10 - Contributor+ Stored XSS |
| CVE-2024-12595 | 2025-01-02 | AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI |
| CVE-2024-13092 | 2025-01-02 | code-projects Job Recruitment Job Post search_ajax.php sql injection |
| CVE-2024-13093 | 2025-01-02 | code-projects Job Recruitment Seeker Profile _call_main_search_ajax.php sql injection |
| CVE-2024-12912 | 2025-01-02 | An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security... |
| CVE-2024-13062 | 2025-01-02 | An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on... |
| CVE-2024-56069 | 2025-01-02 | WordPress WP SuperBackup plugin <= 2.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56060 | 2025-01-02 | WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56038 | 2025-01-02 | WordPress SendSMS Plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56037 | 2025-01-02 | WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56036 | 2025-01-02 | WordPress odPhotogallery plugin <= 0.5.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56035 | 2025-01-02 | WordPress Upload Scanner plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56034 | 2025-01-02 | WordPress Services updates for customers plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56019 | 2025-01-02 | WordPress Inline Footnotes Plugin <= 2.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56033 | 2025-01-02 | WordPress FAQs plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56032 | 2025-01-02 | WordPress FV Descriptions plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56030 | 2025-01-02 | WordPress 10CentMail plugin <= 2.1.50 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56029 | 2025-01-02 | WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56028 | 2025-01-02 | WordPress Lemonade Social Networks Autoposter Pinterest plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56027 | 2025-01-02 | WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13102 | 2025-01-02 | D-Link DIR-816 A2 DDNS Service access control |
| CVE-2024-13103 | 2025-01-02 | D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control |
| CVE-2024-13104 | 2025-01-02 | D-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access control |
| CVE-2024-13105 | 2025-01-02 | D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control |
| CVE-2024-13106 | 2025-01-02 | D-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access control |
| CVE-2023-44258 | 2025-01-02 | WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability |
| CVE-2023-44988 | 2025-01-02 | WordPress WP Custom Admin Interface plugin <= 7.32 - Broken Access Control vulnerability |
| CVE-2023-45002 | 2025-01-02 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability |
| CVE-2023-45045 | 2025-01-02 | WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2023-45061 | 2025-01-02 | WordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerability |
| CVE-2023-45101 | 2025-01-02 | WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability |
| CVE-2023-45104 | 2025-01-02 | WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-45110 | 2025-01-02 | WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2023-45271 | 2025-01-02 | WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-45275 | 2025-01-02 | WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability |
| CVE-2023-45631 | 2025-01-02 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-45636 | 2025-01-02 | WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2023-45649 | 2025-01-02 | WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability |
| CVE-2023-45760 | 2025-01-02 | WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability |
| CVE-2023-45765 | 2025-01-02 | WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability |
| CVE-2023-45766 | 2025-01-02 | WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2023-45828 | 2025-01-02 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability |
| CVE-2023-46073 | 2025-01-02 | WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF |
| CVE-2023-46079 | 2025-01-02 | WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46080 | 2025-01-02 | WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2023-46082 | 2025-01-02 | WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability |
| CVE-2023-46083 | 2025-01-02 | WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability |
| CVE-2023-46188 | 2025-01-02 | WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-46195 | 2025-01-02 | WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2023-46196 | 2025-01-02 | WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability |
| CVE-2023-46203 | 2025-01-02 | WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability |
| CVE-2023-46206 | 2025-01-02 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability |
| CVE-2024-13107 | 2025-01-02 | D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control |
| CVE-2023-46309 | 2025-01-02 | WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability |
| CVE-2023-46605 | 2025-01-02 | WordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-46606 | 2025-01-02 | WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2023-46607 | 2025-01-02 | WordPress WP iCal Availability plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2023-46608 | 2025-01-02 | WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability |
| CVE-2023-46609 | 2025-01-02 | WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-46610 | 2025-01-02 | WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability |