CVE List - 2024 / July
Showing 2201 - 2300 of 3115 CVEs for July 2024 (Page 23 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-37120 | 2024-07-22 | WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37117 | 2024-07-22 | WordPress Uncanny Automator Pro plugin <= 5.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37116 | 2024-07-22 | WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37114 | 2024-07-22 | WordPress My Favorites plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38503 | 2024-07-22 | Apache Syncope: HTML tags can be injected into Console or Enduser text fields |
| CVE-2024-34457 | 2024-07-22 | Apache StreamPark IDOR Vulnerability |
| CVE-2024-6542 | 2024-07-22 | Livestatus injection in mknotifyd |
| CVE-2024-37101 | 2024-07-22 | WordPress WP Post Author plugin <= 3.6.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37100 | 2024-07-22 | WordPress Elegant Themes Icons plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37097 | 2024-07-22 | WordPress Shortcodes by United Themes plugin < 5.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-35656 | 2024-07-22 | WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33933 | 2024-07-22 | WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38788 | 2024-07-22 | WordPress UiPress lite plugin <= 3.4.06 - SQL Injection vulnerability |
| CVE-2024-38773 | 2024-07-22 | WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability |
| CVE-2024-38755 | 2024-07-22 | WordPress DirectoryPress plugin <= 3.6.10 - SQL Injection vulnerability |
| CVE-2024-38708 | 2024-07-22 | WordPress Barcode Scanner and Inventory manager plugin <= 1.6.1 - SQL Injection vulnerability |
| CVE-2024-38692 | 2024-07-22 | WordPress spiffy-calendar plugin <= 4.9.11 - SQL Injection vulnerability |
| CVE-2024-38701 | 2024-07-22 | WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2024-38730 | 2024-07-22 | WordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-38728 | 2024-07-22 | WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-38723 | 2024-07-22 | WordPress Get Use APIs – JSON Content Importer plugin <= 1.5.6 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-37942 | 2024-07-22 | WordPress BerqWP plugin <= 1.7.5 - Unauthenticated Non-Blind Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-38759 | 2024-07-22 | WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability |
| CVE-2024-37998 | 2024-07-22 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can... |
| CVE-2024-39601 | 2024-07-22 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated... |
| CVE-2024-25638 | 2024-07-22 | DNSJava DNSSEC Bypass |
| CVE-2024-39902 | 2024-07-22 | Tuleap's recursive permissions to document manager folder are not properly applied |
| CVE-2024-21552 | 2024-07-22 | All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and... |
| CVE-2024-41129 | 2024-07-22 | The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command |
| CVE-2024-32484 | 2024-07-22 | An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and... |
| CVE-2024-32152 | 2024-07-22 | A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An... |
| CVE-2024-26020 | 2024-07-22 | An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious... |
| CVE-2024-29073 | 2024-07-22 | An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many... |
| CVE-2024-41131 | 2024-07-22 | Out-of-bounds Write in SixLabors ImageSharp |
| CVE-2024-41132 | 2024-07-22 | SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder |
| CVE-2024-41824 | 2024-07-22 | In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases |
| CVE-2024-41825 | 2024-07-22 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab |
| CVE-2024-41826 | 2024-07-22 | In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page |
| CVE-2024-41827 | 2024-07-22 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration |
| CVE-2024-41828 | 2024-07-22 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time |
| CVE-2024-41829 | 2024-07-22 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection |
| CVE-2024-39685 | 2024-07-22 | fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function |
| CVE-2024-39686 | 2024-07-22 | fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function |
| CVE-2024-39688 | 2024-07-22 | fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function |
| CVE-2024-40634 | 2024-07-22 | Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint |
| CVE-2024-41130 | 2024-07-22 | llama.cpp null pointer dereference in gguf_init_from_file |
| CVE-2024-37380 | 2024-07-22 | A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Affected Products: UniFi U6+ Access Point (Version 6.6.65... |
| CVE-2024-6122 | 2024-07-22 | Incorrect Default Directory Permissions for NI SystemLink Redis Service |
| CVE-2024-6121 | 2024-07-22 | NI SystemLink Server Ships Out of Date Redis Version |
| CVE-2024-6638 | 2024-07-22 | Integer Overflow Vulnerability Reading TDMS Files in LabVIEW |
| CVE-2024-6675 | 2024-07-22 | Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File |
| CVE-2024-6791 | 2024-07-22 | Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files |
| CVE-2024-6911 | 2024-07-22 | Unauthenticated Local File Inclusion |
| CVE-2024-6793 | 2024-07-22 | Deserialization of Untrusted Data in NI VeriStand DataLogging Server |
| CVE-2024-6794 | 2024-07-22 | Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server |
| CVE-2024-6912 | 2024-07-22 | Hardcoded MSSQL Credentials |
| CVE-2024-6913 | 2024-07-22 | Execution with Unnecessary Privileges |
| CVE-2024-6805 | 2024-07-22 | Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources |
| CVE-2024-6806 | 2024-07-22 | Missing Authorization Checks In NI VeriStand Gateway For Project Resources |
| CVE-2024-39702 | 2024-07-23 | In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during... |
| CVE-2024-40060 | 2024-07-23 | go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function. |
| CVE-2024-41319 | 2024-07-23 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. |
| CVE-2024-6717 | 2024-07-23 | Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking |
| CVE-2024-1575 | 2024-07-23 | The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a... |
| CVE-2024-6828 | 2024-07-23 | Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting |
| CVE-2024-6885 | 2024-07-23 | MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles <= 1.9.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-4260 | 2024-07-23 | CoBlocks < 3.1.12 - Contributor+ SSRF |
| CVE-2024-6231 | 2024-07-23 | Request a Quote < 2.4.1 - Admin+ Stored XSS |
| CVE-2024-6420 | 2024-07-23 | Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure |
| CVE-2024-41012 | 2024-07-23 | filelock: Remove locks reliably when fcntl/close race is detected |
| CVE-2024-29070 | 2024-07-23 | Apache StreamPark: session not invalidated after logout |
| CVE-2024-7014 | 2024-07-23 | Improper multimedia file attachment validation in Telegram for Android app |
| CVE-2024-34128 | 2024-07-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41839 | 2024-07-23 | Adobe Experience Manager | Improper Input Validation (CWE-20) |
| CVE-2024-41836 | 2024-07-23 | InDesign Desktop | NULL Pointer Dereference (CWE-476) |
| CVE-2024-5602 | 2024-07-23 | Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool |
| CVE-2024-4079 | 2024-07-23 | Out of Bounds Read Due to Missing Bounds Check in LabVIEW |
| CVE-2024-4080 | 2024-07-23 | Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll |
| CVE-2024-4081 | 2024-07-23 | Memory Corruption Due to Improper Length Check in NI LabVIEW |
| CVE-2024-0760 | 2024-07-23 | A flood of DNS messages over TCP may make the server unstable |
| CVE-2024-1737 | 2024-07-23 | BIND's database will be slow if a very large number of RRs exist at the same name |
| CVE-2024-1975 | 2024-07-23 | SIG(0) can be used to exhaust CPU resources |
| CVE-2024-4076 | 2024-07-23 | Assertion failure when serving both stale cache data and authoritative zone content |
| CVE-2024-41655 | 2024-07-23 | TF2 Item Format Regular Expression Denial of Service vulnerability |
| CVE-2024-6783 | 2024-07-23 | Vue client-side XSS via prototype pollution |
| CVE-2024-6714 | 2024-07-23 | An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. |
| CVE-2024-41663 | 2024-07-23 | Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting |
| CVE-2024-41178 | 2024-07-23 | Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files |
| CVE-2024-41664 | 2024-07-23 | Blind SSRF via Canarytoken Webhook |
| CVE-2024-41665 | 2024-07-23 | Ampache Stored Cross-site Scripting Vulnerability |
| CVE-2020-11639 | 2024-07-23 | Insufficient access control on Inter process communication, |
| CVE-2020-11640 | 2024-07-23 | Elevation of Privilege |
| CVE-2024-41668 | 2024-07-23 | cBioPortal Proxy Endpoint Vulnerabliity |
| CVE-2024-0981 | 2024-07-23 | Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A... |
| CVE-2024-38176 | 2024-07-23 | GroupMe Elevation of Privilege Vulnerability |
| CVE-2024-38164 | 2024-07-23 | GroupMe Elevation of Privilege Vulnerability |
| CVE-2024-41656 | 2024-07-23 | Sentry vulnerable to stored Cross-Site Scripting (XSS) |
| CVE-2024-31970 | 2024-07-24 | AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of... |
| CVE-2024-31971 | 2024-07-24 | Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html,... |
| CVE-2024-31977 | 2024-07-24 | Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. |