CVE List - 2024 / December
Showing 301 - 400 of 3433 CVEs for December 2024 (Page 4 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-54675 | 2024-12-04 | app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the... |
| CVE-2024-11479 | 2024-12-04 | Authenticated HTML Injection in Issuetrak Ticket Comment Function |
| CVE-2024-42449 | 2024-12-04 | From the VSPC management agent machine, under condition that the... |
| CVE-2024-42455 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows a low-privileged... |
| CVE-2024-42456 | 2024-12-04 | A vulnerability in Veeam Backup & Replication platform allows a... |
| CVE-2024-40717 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows a low-privileged... |
| CVE-2024-45205 | 2024-12-04 | An Improper Certificate Validation on the UniFi iOS App managing... |
| CVE-2024-45206 | 2024-12-04 | A vulnerability in Veeam Service Provider Console has been identified,... |
| CVE-2024-42452 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows a low-privileged... |
| CVE-2024-42457 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows users with... |
| CVE-2024-45207 | 2024-12-04 | DLL injection in Veeam Agent for Windows can occur if... |
| CVE-2024-42453 | 2024-12-04 | A vulnerability Veeam Backup & Replication allows low-privileged users to... |
| CVE-2024-42451 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows low-privileged users... |
| CVE-2024-45204 | 2024-12-04 | A vulnerability exists where a low-privileged user can exploit insufficient... |
| CVE-2024-11985 | 2024-12-04 | An improper input validation vulnerability leads to device crashes in... |
| CVE-2024-10832 | 2024-12-04 | Posti Shipping <= 3.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via generate_notices_html Function |
| CVE-2024-10587 | 2024-12-04 | Funnelforms Free <= 3.7.4.1 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-10952 | 2024-12-04 | Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax |
| CVE-2024-11093 | 2024-12-04 | SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-11897 | 2024-12-04 | Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11813 | 2024-12-04 | Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-10663 | 2024-12-04 | Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission |
| CVE-2024-11747 | 2024-12-04 | Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11807 | 2024-12-04 | NPS computy <= 2.8.0 - Reflected Cross-Site Scripting |
| CVE-2024-12123 | 2024-12-04 | Unauthorized Modification of Ticket Requester |
| CVE-2024-10885 | 2024-12-04 | SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12099 | 2024-12-04 | Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-9404 | 2024-12-04 | Denial-of-Service Vulnerability |
| CVE-2024-11398 | 2024-12-04 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2023-52943 | 2024-12-04 | Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance... |
| CVE-2023-52944 | 2024-12-04 | Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance... |
| CVE-2024-45717 | 2024-12-04 | SolarWinds Platform Cross- Site Scripting Vulnerability |
| CVE-2024-11466 | 2024-12-04 | Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting |
| CVE-2024-10664 | 2024-12-04 | Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update |
| CVE-2024-11293 | 2024-12-04 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2024-11769 | 2024-12-04 | Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2023-6978 | 2024-12-04 | WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting |
| CVE-2024-11903 | 2024-12-04 | WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10567 | 2024-12-04 | TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access |
| CVE-2024-10787 | 2024-12-04 | LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11952 | 2024-12-04 | Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion |
| CVE-2024-5020 | 2024-12-04 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library |
| CVE-2024-11880 | 2024-12-04 | B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11814 | 2024-12-04 | Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-52276 | 2024-12-04 | PDF Document Spoofing in DocuSign |
| CVE-2024-52277 | 2024-12-04 | PDF Document Spoofing in DocuSeal |
| CVE-2024-52272 | 2024-12-04 | Denial of Service on Tenda AC6V2 Due To Stack Overflow |
| CVE-2024-52273 | 2024-12-04 | Denial of Service on Tenda AC6V2 Due To Stack Overflow |
| CVE-2024-52274 | 2024-12-04 | Denial of Service on Tenda AC6V2 Due To Stack Overflow |
| CVE-2024-52275 | 2024-12-04 | Denial of Service on Tenda AC6V2 Due To Stack Overflow |
| CVE-2024-12107 | 2024-12-04 | Double Free in µD3TN |
| CVE-2024-11854 | 2024-12-04 | Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter |
| CVE-2024-8962 | 2024-12-04 | WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-54153 | 2024-12-04 | In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was... |
| CVE-2024-54154 | 2024-12-04 | In JetBrains YouTrack before 2024.3.51866 system takeover was possible through... |
| CVE-2024-54155 | 2024-12-04 | In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing... |
| CVE-2024-54156 | 2024-12-04 | In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable... |
| CVE-2024-54157 | 2024-12-04 | In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due... |
| CVE-2024-54158 | 2024-12-04 | In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible... |
| CVE-2024-52269 | 2024-12-04 | AI Assistant PDF Document Spoofing in DocuSign |
| CVE-2024-8894 | 2024-12-04 | Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10 |
| CVE-2024-10576 | 2024-12-04 | Unauthorized factory reset of Infinix devices |
| CVE-2024-11935 | 2024-12-04 | Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter |
| CVE-2024-12138 | 2024-12-04 | horilla create_skills deserialization |
| CVE-2024-7488 | 2024-12-04 | Business Logic Error in RestApp Inc.'s Online Ordering System |
| CVE-2024-51465 | 2024-12-04 | IBM App Connect Enterprise Certified Container command execution |
| CVE-2024-53125 | 2024-12-04 | bpf: sync_linked_regs() must preserve subreg_def |
| CVE-2024-53126 | 2024-12-04 | vdpa: solidrun: Fix UB bug with devres |
| CVE-2024-53127 | 2024-12-04 | Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" |
| CVE-2024-53128 | 2024-12-04 | sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers |
| CVE-2024-53129 | 2024-12-04 | drm/rockchip: vop: Fix a dereferenced before check warning |
| CVE-2024-53130 | 2024-12-04 | nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint |
| CVE-2024-53131 | 2024-12-04 | nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint |
| CVE-2024-53132 | 2024-12-04 | drm/xe/oa: Fix "Missing outer runtime PM protection" warning |
| CVE-2024-53133 | 2024-12-04 | drm/amd/display: Handle dml allocation failure to avoid crash |
| CVE-2024-53134 | 2024-12-04 | pmdomain: imx93-blk-ctrl: correct remove path |
| CVE-2024-53135 | 2024-12-04 | KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN |
| CVE-2024-53136 | 2024-12-04 | mm: revert "mm: shmem: fix data-race in shmem_getattr()" |
| CVE-2024-53137 | 2024-12-04 | ARM: fix cacheflush with PAN |
| CVE-2024-53138 | 2024-12-04 | net/mlx5e: kTLS, Fix incorrect page refcounting |
| CVE-2024-53139 | 2024-12-04 | sctp: fix possible UAF in sctp_v6_available() |
| CVE-2024-53140 | 2024-12-04 | netlink: terminate outstanding dump on socket close |
| CVE-2024-12056 | 2024-12-04 | Client Secret not checked with OAuth Password grant type |
| CVE-2024-40744 | 2024-12-04 | Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8 |
| CVE-2024-40745 | 2024-12-04 | Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component for Joomla < 4.4.8 |
| CVE-2024-54134 | 2024-12-04 | @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material |
| CVE-2024-11643 | 2024-12-04 | Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update |
| CVE-2024-54132 | 2024-12-04 | GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability |
| CVE-2024-54002 | 2024-12-04 | Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint |
| CVE-2024-20397 | 2024-12-04 | Cisco NX-OS Software Image Verification Bypass Vulnerability |
| CVE-2018-9392 | 2024-12-04 | In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of... |
| CVE-2024-12196 | 2024-12-04 | Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0... |
| CVE-2018-9393 | 2024-12-04 | In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write... |
| CVE-2024-12151 | 2024-12-04 | Incorrect permission assignment in the user migration feature in Devolutions... |
| CVE-2024-12149 | 2024-12-04 | Incorrect permission assignment in temporary access requests component in Devolutions... |
| CVE-2024-12148 | 2024-12-04 | Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0... |
| CVE-2018-9394 | 2024-12-04 | In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write... |
| CVE-2018-9395 | 2024-12-04 | In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible... |
| CVE-2024-12147 | 2024-12-04 | Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow |
| CVE-2024-38829 | 2024-12-04 | Spring LDAP sensitive data exposure for case-sensitive comparisons |