CVE List - 2024 / December
Showing 601 - 700 of 3433 CVEs for December 2024 (Page 7 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-11728 | 2024-12-06 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection |
| CVE-2024-11289 | 2024-12-06 | Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion |
| CVE-2024-11460 | 2024-12-06 | Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection |
| CVE-2024-10681 | 2024-12-06 | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-53141 | 2024-12-06 | netfilter: ipset: add missing range check in bitmap_ip_uadt |
| CVE-2024-53142 | 2024-12-06 | initramfs: avoid filename buffer overrun |
| CVE-2024-11730 | 2024-12-06 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection |
| CVE-2024-11729 | 2024-12-06 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-11022 | 2024-12-06 | SICK InspectorP61x and SICK InspectorP62x are vulnerable for a replay attack |
| CVE-2024-10771 | 2024-12-06 | SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution |
| CVE-2024-10772 | 2024-12-06 | SICK InspectorP61x and SICK InspectorP62x are vulnerable for firmware modification |
| CVE-2024-10773 | 2024-12-06 | SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks |
| CVE-2024-10774 | 2024-12-06 | SICK InspectorP61x and SICK InspectorP62x have unauthenticated CROWN APIs |
| CVE-2024-10776 | 2024-12-06 | SICK InspectorP61x and SICK InspectorP62x: missing authentication |
| CVE-2024-53805 | 2024-12-06 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability |
| CVE-2024-53824 | 2024-12-06 | WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability |
| CVE-2024-53811 | 2024-12-06 | WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability |
| CVE-2024-53804 | 2024-12-06 | WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability |
| CVE-2024-53817 | 2024-12-06 | WordPress Acowebs Product Labels For Woocommerce plugin <= 1.5.8 - SQL Injection vulnerability |
| CVE-2024-53815 | 2024-12-06 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability |
| CVE-2024-53808 | 2024-12-06 | WordPress NEX-Forms plugin <= 8.7.8 - SQL Injection vulnerability |
| CVE-2024-53807 | 2024-12-06 | WordPress WP Mailster plugin <= 1.8.16.0 - SQL Injection vulnerability |
| CVE-2024-53809 | 2024-12-06 | WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53806 | 2024-12-06 | WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability |
| CVE-2024-51815 | 2024-12-06 | WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-54216 | 2024-12-06 | WordPress ARForms plugin <= 6.4.1 - Arbitrary File Read vulnerability |
| CVE-2024-54214 | 2024-12-06 | WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-51615 | 2024-12-06 | WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability |
| CVE-2024-54205 | 2024-12-06 | WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability |
| CVE-2024-54213 | 2024-12-06 | WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54212 | 2024-12-06 | WordPress Magical Addons For Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54211 | 2024-12-06 | WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54210 | 2024-12-06 | WordPress Advanced Element Bucket Addons for Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54209 | 2024-12-06 | WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54208 | 2024-12-06 | WordPress Block Controller plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54207 | 2024-12-06 | WordPress WordPress Auction Plugin plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54206 | 2024-12-06 | WordPress Z-Downloads plugin <= 1.11.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53823 | 2024-12-06 | WordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53821 | 2024-12-06 | WordPress Pie Register Premium plugin < 3.8.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53820 | 2024-12-06 | WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53812 | 2024-12-06 | WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53802 | 2024-12-06 | WordPress Futurio Extra plugin <= 2.0.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53801 | 2024-12-06 | WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53797 | 2024-12-06 | WordPress Beaver Builder – WordPress Page Builder plugin <= 2.8.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53796 | 2024-12-06 | WordPress Themesflat Addons For Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53794 | 2024-12-06 | WordPress Arkhe Blocks plugin <= 2.27.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53825 | 2024-12-06 | WordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerability |
| CVE-2024-53813 | 2024-12-06 | WordPress wp-travel plugin <= 9.6.0 - Broken Access Control vulnerability |
| CVE-2024-53810 | 2024-12-06 | WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability |
| CVE-2024-53803 | 2024-12-06 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability |
| CVE-2024-53799 | 2024-12-06 | WordPress FloristPress plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2024-53795 | 2024-12-06 | WordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2024-52335 | 2024-12-06 | A vulnerability has been identified in syngo.plaza VB30E (All versions... |
| CVE-2024-53826 | 2024-12-06 | WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-21571 | 2024-12-06 | Snyk has identified a remote code execution (RCE) vulnerability in... |
| CVE-2024-11321 | 2024-12-06 | Reflected XSS in Hi e-learning's Learning Management System (LMS) |
| CVE-2024-10516 | 2024-12-06 | Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify' |
| CVE-2024-4633 | 2024-12-06 | Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-42196 | 2024-12-06 | HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability |
| CVE-2024-11738 | 2024-12-06 | Rustls: rustls network-reachable panic in `acceptor::accept` |
| CVE-2024-54141 | 2024-12-06 | phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available |
| CVE-2024-54136 | 2024-12-06 | Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below |
| CVE-2024-54135 | 2024-12-06 | Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199 |
| CVE-2024-12254 | 2024-12-06 | Unbounded memory buffering in SelectorSocketTransport.writelines() |
| CVE-2024-30129 | 2024-12-06 | HCL Nomad server on Domino is affected by a host header injection vulnerability |
| CVE-2024-54137 | 2024-12-06 | liboqs has a correctness error in HQC decapsulation |
| CVE-2024-54143 | 2024-12-06 | openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection |
| CVE-2024-53691 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-50388 | 2024-12-06 | HBS 3 Hybrid Backup Sync |
| CVE-2024-50387 | 2024-12-06 | SMB Service |
| CVE-2024-50389 | 2024-12-06 | QuRouter |
| CVE-2024-50404 | 2024-12-06 | Qsync Central |
| CVE-2024-48859 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-48865 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-48866 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-48867 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-48868 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-50393 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-50402 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-50403 | 2024-12-06 | QTS, QuTS hero |
| CVE-2024-48863 | 2024-12-06 | License Center |
| CVE-2024-48871 | 2024-12-06 | Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow |
| CVE-2024-52320 | 2024-12-06 | Planet Technology Planet WGS-804HPT Command Injection |
| CVE-2024-52558 | 2024-12-06 | Planet Technology Planet WGS-804HPT Integer Underflow |
| CVE-2024-11220 | 2024-12-06 | Open Automation Software Incorrect Execution-Assigned Permissions |
| CVE-2024-47547 | 2024-12-06 | Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2024-42494 | 2024-12-06 | Ruijie Reyee OS Exposure of Private Personal Information to an Unauthorized Actor |
| CVE-2024-51727 | 2024-12-06 | Ruijie Reyee OS Premature Release of Resource During Expected Lifetime |
| CVE-2024-47043 | 2024-12-06 | Ruijie Reyee OS Insecure Storage of Sensitive Information |
| CVE-2024-45722 | 2024-12-06 | Ruijie Reyee OS Use of Weak Credentials |
| CVE-2024-47791 | 2024-12-06 | Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols |
| CVE-2024-46874 | 2024-12-06 | Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges |
| CVE-2024-48874 | 2024-12-06 | Ruijie Reyee OS Server-Side Request Forgery |
| CVE-2024-52324 | 2024-12-06 | Ruijie Reyee OS Use of Inherently Dangerous Function |
| CVE-2024-47146 | 2024-12-06 | Ruijie Reyee OS Resource Leak |
| CVE-2024-0139 | 2024-12-06 | NVIDIA Base Command Manager and Bright Cluster Manager for Linux... |
| CVE-2024-0130 | 2024-12-06 | NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a... |
| CVE-2024-12326 | 2024-12-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau |
| CVE-2024-7874 | 2024-12-06 | XSS in Tungsten Automation TotalAgility |
| CVE-2024-7875 | 2024-12-06 | XSS in Tungsten Automation TotalAgility |