CVE List - 2024 / December
Showing 401 - 500 of 3433 CVEs for December 2024 (Page 5 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-9396 | 2024-12-04 | In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a... |
| CVE-2024-12180 | 2024-12-04 | DedeCMS article_add.php cross site scripting |
| CVE-2024-12181 | 2024-12-04 | DedeCMS SWF File uploads_add.php cross site scripting |
| CVE-2024-53982 | 2024-12-04 | Arbitrary file download in Zoo-Project Echo Example |
| CVE-2024-12182 | 2024-12-04 | DedeCMS soft_add.php cross site scripting |
| CVE-2024-12183 | 2024-12-04 | DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting |
| CVE-2018-9397 | 2024-12-04 | In WMT_unlocked_ioctl of MTK WMT device driver, there is a... |
| CVE-2018-9398 | 2024-12-04 | In fm_set_stat of mediatek FM radio driver, there is a... |
| CVE-2018-9399 | 2024-12-04 | In /proc/driver/wmt_dbg driver, there are several possible out of bounds... |
| CVE-2018-9400 | 2024-12-04 | In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is... |
| CVE-2024-54221 | 2024-12-04 | WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability |
| CVE-2018-9402 | 2024-12-04 | In multiple functions of gl_proc.c, there is a buffer overwrite... |
| CVE-2018-9403 | 2024-12-04 | In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a... |
| CVE-2024-12185 | 2024-12-04 | code-projects Hotel Management System Administrator Login Password stack-based overflow |
| CVE-2024-12186 | 2024-12-04 | code-projects Hotel Management System Available Room hotelnew.c stack-based overflow |
| CVE-2018-9404 | 2024-12-04 | In oemCallback of ril.cpp, there is a possible out of... |
| CVE-2018-9407 | 2024-12-04 | In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due... |
| CVE-2018-9408 | 2024-12-04 | In m3326_gps_write and m3326_gps_read of gps.s, there is a possible... |
| CVE-2018-9416 | 2024-12-04 | In sg_remove_scat of scsi/sg.c, there is a possible memory corruption... |
| CVE-2018-9439 | 2024-12-04 | In __unregister_prot_hook and packet_release of af_packet.c, there is a possible... |
| CVE-2018-9462 | 2024-12-04 | In store_cmd of ftm4_pdc.c, there is a possible out of... |
| CVE-2018-9463 | 2024-12-04 | In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of... |
| CVE-2023-48010 | 2024-12-05 | STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate... |
| CVE-2023-50913 | 2024-12-05 | Oxide control plane software before 5 allows SSRF. |
| CVE-2024-30961 | 2024-12-05 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2... |
| CVE-2024-30962 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2... |
| CVE-2024-30963 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2... |
| CVE-2024-30964 | 2024-12-05 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2... |
| CVE-2024-37860 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2... |
| CVE-2024-37861 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble... |
| CVE-2024-37862 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2... |
| CVE-2024-37863 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble... |
| CVE-2024-38910 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble... |
| CVE-2024-38920 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble... |
| CVE-2024-41579 | 2024-12-05 | DTStack Taier 1.4.0 allows remote attackers to specify the jobName... |
| CVE-2024-53442 | 2024-12-05 | whapa v1.59 is vulnerable to Command Injection via a crafted... |
| CVE-2024-53457 | 2024-12-05 | A stored cross-site scripting (XSS) vulnerability in the Device Settings... |
| CVE-2024-53470 | 2024-12-05 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php... |
| CVE-2024-53471 | 2024-12-05 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php... |
| CVE-2024-53472 | 2024-12-05 | WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-53490 | 2024-12-05 | Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. |
| CVE-2024-53523 | 2024-12-05 | JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the... |
| CVE-2024-54679 | 2024-12-05 | CyberPanel (aka Cyber Panel) before 6778ad1 does not require the... |
| CVE-2024-53589 | 2024-12-05 | GNU objdump 2.43 is vulnerable to Buffer Overflow in the... |
| CVE-2024-12187 | 2024-12-05 | 1000 Projects Library Management System showbook.php sql injection |
| CVE-2024-12188 | 2024-12-05 | 1000 Projects Library Management System stu.php sql injection |
| CVE-2024-54014 | 2024-12-05 | Improper authorization in handler for custom URL scheme issue in... |
| CVE-2024-10881 | 2024-12-05 | LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-10178 | 2024-12-05 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-42195 | 2024-12-05 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection |
| CVE-2024-11429 | 2024-12-05 | Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-10937 | 2024-12-05 | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure |
| CVE-2024-11420 | 2024-12-05 | Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11341 | 2024-12-05 | Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect |
| CVE-2024-10848 | 2024-12-05 | NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11779 | 2024-12-05 | WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10056 | 2024-12-05 | Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode |
| CVE-2024-10777 | 2024-12-05 | AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11324 | 2024-12-05 | Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting |
| CVE-2024-45841 | 2024-12-05 | Incorrect permission assignment for critical resource issue exists in UD-LT1... |
| CVE-2024-47133 | 2024-12-05 | UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and... |
| CVE-2024-52564 | 2024-12-05 | Inclusion of undocumented features or chicken bits issue exists in... |
| CVE-2022-41137 | 2024-12-05 | Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore |
| CVE-2024-52270 | 2024-12-05 | PDF Document Spoofing in DropBox Sign(HelloSign) |
| CVE-2024-54126 | 2024-12-05 | Insufficient Integrity Verification Vulnerability in TP-Link Archer C50 |
| CVE-2024-54127 | 2024-12-05 | Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50 |
| CVE-2024-6515 | 2024-12-05 | unauthorized file access |
| CVE-2024-6516 | 2024-12-05 | Cross Site Scripting XSS |
| CVE-2024-6784 | 2024-12-05 | SSRF Server Side Request Forgery |
| CVE-2024-11316 | 2024-12-05 | Filesize Check |
| CVE-2024-12094 | 2024-12-05 | Information Disclosure Vulnerability in Tinxy |
| CVE-2024-11317 | 2024-12-05 | PHP Session Fixation |
| CVE-2024-48839 | 2024-12-05 | Remote Code Execution, RCE |
| CVE-2024-48840 | 2024-12-05 | Unauthorized Access |
| CVE-2024-48843 | 2024-12-05 | Denial of Service, DoS |
| CVE-2024-48844 | 2024-12-05 | Denial of Service, DoS |
| CVE-2024-48845 | 2024-12-05 | Weak Password Rules/Strength |
| CVE-2024-48846 | 2024-12-05 | Cross Side Request Forgery, CSRF |
| CVE-2024-48847 | 2024-12-05 | MD5 bypass operation |
| CVE-2024-51541 | 2024-12-05 | Local File Inclusion |
| CVE-2024-51542 | 2024-12-05 | Configuration Download |
| CVE-2024-51543 | 2024-12-05 | Information Disclosure |
| CVE-2024-51544 | 2024-12-05 | Service Control |
| CVE-2024-51545 | 2024-12-05 | Username Enumeration |
| CVE-2024-51546 | 2024-12-05 | Credentails Disclosure |
| CVE-2024-51548 | 2024-12-05 | Dangerous File Upload |
| CVE-2024-51549 | 2024-12-05 | Absolute Path Traversal |
| CVE-2024-51550 | 2024-12-05 | Data Validation / Sanitization |
| CVE-2024-51551 | 2024-12-05 | Default Credentials |
| CVE-2024-51554 | 2024-12-05 | off-by-one-error |
| CVE-2024-51555 | 2024-12-05 | Force Change of Default Credentials |
| CVE-2024-12227 | 2024-12-05 | MSI Dragon Center IOCTL NTIOLib_X64.sys MmUnMapIoSpace null pointer dereference |
| CVE-2024-12228 | 2024-12-05 | PHPGurukul Complaint Management System user-search.php sql injection |
| CVE-2024-40763 | 2024-12-05 | Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due... |
| CVE-2024-45318 | 2024-12-05 | A vulnerability in the SonicWall SMA100 SSLVPN web management interface... |
| CVE-2024-45319 | 2024-12-05 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and... |
| CVE-2024-53702 | 2024-12-05 | Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in... |
| CVE-2024-52271 | 2024-12-05 | PDF Document Spoofing in Documenso |
| CVE-2024-53703 | 2024-12-05 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and... |
| CVE-2024-12229 | 2024-12-05 | PHPGurukul Complaint Management System complaint-search.php sql injection |