CVE List - 2024 / July
Showing 1801 - 1900 of 3115 CVEs for July 2024 (Page 19 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-5255 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5252 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-6660 | 2024-07-17 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload |
| CVE-2024-5253 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-6669 | 2024-07-17 | AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6467 | 2024-07-17 | BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation |
| CVE-2024-5251 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5703 | 2024-07-17 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization |
| CVE-2024-6220 | 2024-07-17 | 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload |
| CVE-2024-5582 | 2024-07-17 | Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute |
| CVE-2024-39863 | 2024-07-17 | Apache Airflow: Potential XSS Vulnerability |
| CVE-2024-39877 | 2024-07-17 | Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler |
| CVE-2023-52291 | 2024-07-17 | Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution |
| CVE-2024-29737 | 2024-07-17 | Apache StreamPark (incubating): maven build params could trigger remote command execution |
| CVE-2024-40617 | 2024-07-17 | Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product,... |
| CVE-2024-31070 | 2024-07-17 | Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to... |
| CVE-2024-36475 | 2024-07-17 | FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug... |
| CVE-2024-36491 | 2024-07-17 | FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and... |
| CVE-2024-30471 | 2024-07-17 | Apache StreamPipes: Potential creation of multiple identical accounts |
| CVE-2024-31979 | 2024-07-17 | Apache StreamPipes: Possibility of SSRF in pipeline element installation process |
| CVE-2024-31411 | 2024-07-17 | Apache StreamPipes: Potential remote code execution (RCE) via file upload |
| CVE-2024-27311 | 2024-07-17 | Arbitrary file writing |
| CVE-2024-5471 | 2024-07-17 | Agent takeover |
| CVE-2024-23474 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
| CVE-2024-23468 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-28992 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-28993 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-23472 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
| CVE-2024-23475 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-23469 | 2024-07-17 | SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability |
| CVE-2024-23465 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability |
| CVE-2024-23466 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-23467 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-28074 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability |
| CVE-2024-23470 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability |
| CVE-2024-23471 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-6833 | 2024-07-17 | Zowe CLI Auto-Init Leaks Credentials Locally |
| CVE-2024-6834 | 2024-07-17 | Imperative Local Command Injection allows Activity Masking |
| CVE-2024-29120 | 2024-07-17 | Apache StreamPark: Information leakage vulnerability |
| CVE-2023-7272 | 2024-07-17 | Eclipse Parsson stack overflow with deeply nested objects |
| CVE-2023-4976 | 2024-07-17 | FlashBlade Authentication Mechanism Vulnerability |
| CVE-2024-6830 | 2024-07-17 | SourceCodester Simple Inventory Management System Order action.php sql injection |
| CVE-2024-20401 | 2024-07-17 | A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.... |
| CVE-2024-20419 | 2024-07-17 | A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.... |
| CVE-2024-20435 | 2024-07-17 | A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is... |
| CVE-2024-20296 | 2024-07-17 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this... |
| CVE-2024-20323 | 2024-07-17 | A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary... |
| CVE-2024-20416 | 2024-07-17 | A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.... |
| CVE-2024-20429 | 2024-07-17 | A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This... |
| CVE-2024-20400 | 2024-07-17 | A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due... |
| CVE-2024-20395 | 2024-07-17 | A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure... |
| CVE-2024-20396 | 2024-07-17 | A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does... |
| CVE-2024-38870 | 2024-07-17 | Stored XSS |
| CVE-2023-42010 | 2024-07-17 | IBM Sterling B2B Integrator Standard Edition information disclosure |
| CVE-2024-40640 | 2024-07-17 | Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac |
| CVE-2024-40641 | 2024-07-17 | Unsigned code template execution through workflows in projectdiscovery/nuclei |
| CVE-2024-40636 | 2024-07-17 | Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness |
| CVE-2024-40633 | 2024-07-17 | Customer data leak via adjustments API endpoint in Sylius |
| CVE-2024-28796 | 2024-07-17 | IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2024-29885 | 2024-07-17 | Reports are still accessible even when `canView()` returns false in silverstripe/reports |
| CVE-2024-32981 | 2024-07-17 | Cross-site Scripting vulnerability with encoded payload in silverstripe/framework |
| CVE-2024-39678 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Get Recipe IDs |
| CVE-2024-39679 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Recipe Template Reset |
| CVE-2024-39680 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template Save |
| CVE-2024-39681 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes |
| CVE-2024-39682 | 2024-07-17 | WordPress Cooked Plugin - Authenticated (Contributor+) HTML Injection via Recipe Excerpt |
| CVE-2024-39090 | 2024-07-18 | The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability... |
| CVE-2024-39173 | 2024-07-18 | calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload... |
| CVE-2024-41184 | 2024-07-18 | In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured... |
| CVE-2024-6175 | 2024-07-18 | Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates |
| CVE-2024-5726 | 2024-07-18 | Timeline Event History <= 3.1 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-5964 | 2024-07-18 | Zenon Lite <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-6705 | 2024-07-18 | RegLevel <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6599 | 2024-07-18 | Meks Video Importer <= 1.0.11 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification |
| CVE-2023-6708 | 2024-07-18 | SVG Support <= 2.5.5 - Authenticated (Author+) Cross-Site Scripting via SVG |
| CVE-2024-6164 | 2024-07-18 | Filter & Grids < 2.8.33 - Unauthenticated LFI |
| CVE-2024-41011 | 2024-07-18 | drm/amdkfd: don't allow mapping the MMIO HDP page with large pages |
| CVE-2024-29014 | 2024-07-18 | Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. |
| CVE-2024-40764 | 2024-07-18 | Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). |
| CVE-2024-5554 | 2024-07-18 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3242 | 2024-07-18 | Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-5555 | 2024-07-18 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6504 | 2024-07-18 | Rapid7 InsightVM Protection Mechanism Failure |
| CVE-2024-40898 | 2024-07-18 | Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows |
| CVE-2024-40725 | 2024-07-18 | Apache HTTP Server: source code disclosure with handlers configured via AddType |
| CVE-2024-29178 | 2024-07-18 | Apache StreamPark: FreeMarker SSTI RCE Vulnerability |
| CVE-2024-31143 | 2024-07-18 | double unlock in x86 guest IRQ handling |
| CVE-2024-34013 | 2024-07-18 | Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396. |
| CVE-2024-39907 | 2024-07-18 | a sqlinjection in 1Panel |
| CVE-2024-39911 | 2024-07-18 | 1Panel SQL injection |
| CVE-2024-30473 | 2024-07-18 | Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. |
| CVE-2024-38302 | 2024-07-18 | Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability,... |
| CVE-2023-50304 | 2024-07-18 | IBM Engineering Requirements Management DOORS XML external entity injection |
| CVE-2024-5618 | 2024-07-18 | Broken Access Control in PruvaSoft Informatics' Apinizer Management Console |
| CVE-2023-40704 | 2024-07-18 | Philips Vue PACS Use of Default Credentials |
| CVE-2024-40648 | 2024-07-18 | `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk |
| CVE-2024-5619 | 2024-07-18 | IDOR in PruvaSoft Informatics' Apinizer Management Console |
| CVE-2024-40647 | 2024-07-18 | Unintentional exposure of environment variables to subprocesses in sentry-sdk |
| CVE-2024-40644 | 2024-07-18 | gitoxide's gix-path can use a fake program files location |
| CVE-2024-5620 | 2024-07-18 | Authentication Bypass in PruvaSoft Informatics' Apinizer Management Console |