CVE List - 2024 / July
Showing 1101 - 1200 of 3117 CVEs for July 2024 (Page 12 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-6447 | 2024-07-10 | FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter |
| CVE-2022-29946 | 2024-07-11 | NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6... |
| CVE-2024-36435 | 2024-07-11 | An issue was discovered on Supermicro BMC firmware in select... |
| CVE-2024-6653 | 2024-07-11 | code-projects Simple Task List Login loginForm.php sql injection |
| CVE-2024-40618 | 2024-07-11 | Whale browser before 3.26.244.21 allows an attacker to execute malicious... |
| CVE-2024-6676 | 2024-07-11 | witmy my-springsecurity-plus user sql injection |
| CVE-2024-6210 | 2024-07-11 | Duplicator <= 1.5.9 - Full Path Disclosure |
| CVE-2016-15039 | 2024-07-11 | mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling |
| CVE-2024-23485 | 2024-07-11 | Improperly Preserved Integrity of Hardware Configuration State During a Power... |
| CVE-2024-22387 | 2024-07-11 | External Control of Critical State Data (CWE-642) in the Controller... |
| CVE-2024-23194 | 2024-07-11 | Improper output Neutralization for Logs (CWE-117) in the Command Centre... |
| CVE-2024-23317 | 2024-07-11 | External Control of File Name or Path (CWE-73) in the... |
| CVE-2024-6554 | 2024-07-11 | Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure |
| CVE-2024-6397 | 2024-07-11 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin |
| CVE-2024-0619 | 2024-07-11 | Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update |
| CVE-2024-22280 | 2024-07-11 | VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280) |
| CVE-2024-1845 | 2024-07-11 | VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery |
| CVE-2024-4655 | 2024-07-11 | Ultimate Blocks < 3.1.9 - Contributor+ Stored XSS |
| CVE-2024-5444 | 2024-07-11 | Bible Text <= 0.2 - Contributor+ Stored XSS |
| CVE-2024-6025 | 2024-07-11 | Quiz and Survey Master < 9.0.5 - Contributor+ Stored XSS |
| CVE-2024-6026 | 2024-07-11 | Slider by 10Web < 1.2.56 - Editor+ Stored XSS |
| CVE-2024-6138 | 2024-07-11 | Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS |
| CVE-2024-6256 | 2024-07-11 | Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-6624 | 2024-07-11 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation |
| CVE-2024-6666 | 2024-07-11 | WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id |
| CVE-2024-6385 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-5470 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-5257 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-2880 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-38433 | 2024-07-11 | Nuvoton - CWE-305: Authentication Bypass by Primary Weakness |
| CVE-2024-5679 | 2024-07-11 | CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,... |
| CVE-2024-5680 | 2024-07-11 | CWE-129: Improper Validation of Array Index vulnerability exists that could... |
| CVE-2024-5681 | 2024-07-11 | CWE-20: Improper Input Validation vulnerability exists that could cause local... |
| CVE-2024-2602 | 2024-07-11 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory... |
| CVE-2024-6528 | 2024-07-11 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site... |
| CVE-2024-6407 | 2024-07-11 | CWE-200: Information Exposure vulnerability exists that could cause disclosure of... |
| CVE-2024-6035 | 2024-07-11 | Stored XSS in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-37151 | 2024-07-11 | Suricata defrag: IP ID reuse can lead to policy bypass |
| CVE-2024-38534 | 2024-07-11 | Suricata modbus: txs without responses are never freed |
| CVE-2024-28872 | 2024-07-11 | Incorrect TLS certificate validation can lead to escalated privileges |
| CVE-2024-38535 | 2024-07-11 | Suricata http2: oom from duplicate headers |
| CVE-2024-38536 | 2024-07-11 | Suricata http/range: NULL-ptr deref when http.memcap is reached |
| CVE-2024-6679 | 2024-07-11 | witmy my-springsecurity-plus role sql injection |
| CVE-2024-39317 | 2024-07-11 | Wagtail regular expression denial-of-service via search query parsing |
| CVE-2024-32753 | 2024-07-11 | TYCO Illustra Pro Gen 4 - JQuery version |
| CVE-2024-39904 | 2024-07-11 | Code Execution Vulnerability via Local File Path Traversal in Vnote |
| CVE-2024-39905 | 2024-07-11 | Red-DiscordBot vulnerable to Incorrect Authorization in commands API |
| CVE-2024-39519 | 2024-07-11 | Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario |
| CVE-2024-39520 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39521 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39522 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-6680 | 2024-07-11 | witmy my-springsecurity-plus build sql injection |
| CVE-2024-39523 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39524 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39528 | 2024-07-11 | Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash |
| CVE-2024-39529 | 2024-07-11 | Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash |
| CVE-2024-39530 | 2024-07-11 | Junos OS: Attempting to access specific sensors on platforms not supporting these will lead to a chassisd crash |
| CVE-2024-39531 | 2024-07-11 | Junos OS Evolved: ACX 7000 Series: Protocol specific DDoS configuration affects other protocols |
| CVE-2024-39532 | 2024-07-11 | Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user |
| CVE-2024-39533 | 2024-07-11 | Junos OS: QFX5000 Series and EX4600 Series: Output firewall filter is not applied if certain match criteria are used |
| CVE-2024-39535 | 2024-07-11 | Junos OS Evolved: ACX 7000 Series: When specific traffic is received in a VPLS scenario evo-pfemand crashes |
| CVE-2024-39536 | 2024-07-11 | Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak |
| CVE-2024-39537 | 2024-07-11 | Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network |
| CVE-2024-39538 | 2024-07-11 | Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes |
| CVE-2024-39539 | 2024-07-11 | Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash |
| CVE-2024-39540 | 2024-07-11 | Junos OS: SRX Series, and MX Series with SPC3: Specific valid TCP traffic can cause a pfe crash |
| CVE-2024-39541 | 2024-07-11 | Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash |
| CVE-2024-39542 | 2024-07-11 | Junos OS and Junos OS Evolved: A malformed CFM packet or specific transit traffic leads to FPC crash |
| CVE-2024-39543 | 2024-07-11 | Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash |
| CVE-2024-39545 | 2024-07-11 | Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash |
| CVE-2024-39546 | 2024-07-11 | Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation |
| CVE-2024-39548 | 2024-07-11 | Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak |
| CVE-2024-39549 | 2024-07-11 | Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak |
| CVE-2024-39550 | 2024-07-11 | Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service |
| CVE-2024-39551 | 2024-07-11 | Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop |
| CVE-2024-39552 | 2024-07-11 | Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash |
| CVE-2024-6681 | 2024-07-11 | witmy my-springsecurity-plus dept sql injection |
| CVE-2024-39553 | 2024-07-11 | Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS). |
| CVE-2024-6484 | 2024-07-11 | XSS in Bootstrap carousel component |
| CVE-2024-6485 | 2024-07-11 | XSS in Bootstrap button component |
| CVE-2024-6531 | 2024-07-11 | XSS in Bootstrap carousel component |
| CVE-2024-6468 | 2024-07-11 | Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior |
| CVE-2024-6392 | 2024-07-11 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update |
| CVE-2024-30213 | 2024-07-12 | StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote... |
| CVE-2024-39340 | 2024-07-12 | The authentication system of Securepoint UTM mishandles OTP keys. This... |
| CVE-2024-40110 | 2024-07-12 | Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote... |
| CVE-2024-40518 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability... |
| CVE-2024-40520 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability... |
| CVE-2024-40539 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection... |
| CVE-2024-40540 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection... |
| CVE-2024-40541 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection... |
| CVE-2024-40542 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection... |
| CVE-2024-40543 | 2024-07-12 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery... |
| CVE-2024-40545 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of... |
| CVE-2024-40546 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of... |
| CVE-2024-40548 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of... |
| CVE-2024-40550 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of... |
| CVE-2024-40551 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of... |
| CVE-2024-31947 | 2024-07-12 | StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory... |
| CVE-2024-40519 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability... |