CVE List - 2024 / July
Showing 2301 - 2400 of 3117 CVEs for July 2024 (Page 24 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31970 | 2024-07-24 | AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed... |
| CVE-2024-31971 | 2024-07-24 | Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120... |
| CVE-2024-31977 | 2024-07-24 | Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1,... |
| CVE-2024-36533 | 2024-07-24 | Insecure permissions in volcano v1.8.2 allows attackers to access sensitive... |
| CVE-2024-36534 | 2024-07-24 | Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive... |
| CVE-2024-36535 | 2024-07-24 | Insecure permissions in meshery v0.7.51 allows attackers to access sensitive... |
| CVE-2024-36536 | 2024-07-24 | Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive... |
| CVE-2024-36537 | 2024-07-24 | Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive... |
| CVE-2024-36538 | 2024-07-24 | Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive... |
| CVE-2024-36539 | 2024-07-24 | Insecure permissions in contour v1.28.3 allows attackers to access sensitive... |
| CVE-2024-36541 | 2024-07-24 | Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive... |
| CVE-2024-39345 | 2024-07-24 | AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service... |
| CVE-2024-40137 | 2024-07-24 | Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a... |
| CVE-2024-41459 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41460 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41461 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41462 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41463 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41464 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41465 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41466 | 2024-07-24 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer... |
| CVE-2024-41550 | 2024-07-24 | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection... |
| CVE-2024-41551 | 2024-07-24 | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection... |
| CVE-2024-36540 | 2024-07-24 | Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive... |
| CVE-2024-40422 | 2024-07-24 | The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika... |
| CVE-2024-40495 | 2024-07-24 | A vulnerability was discovered in Linksys Router E2500 with firmware... |
| CVE-2024-40575 | 2024-07-24 | An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0... |
| CVE-2024-40767 | 2024-07-24 | In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29... |
| CVE-2024-6756 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-6750 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions |
| CVE-2024-6752 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-6753 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-6754 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template |
| CVE-2024-7027 | 2024-07-24 | WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor |
| CVE-2024-6751 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions |
| CVE-2024-6755 | 2024-07-24 | Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-5861 | 2024-07-24 | WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection |
| CVE-2024-3246 | 2024-07-24 | LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-6836 | 2024-07-24 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update |
| CVE-2024-6094 | 2024-07-24 | WP ULike < 4.7.1 - Admin+ Stored XSS |
| CVE-2024-6553 | 2024-07-24 | WP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path Disclosure |
| CVE-2024-6571 | 2024-07-24 | Optimize Images ALT Text (alt tag) & names for SEO using AI <= 3.1.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-6629 | 2024-07-24 | All-in-One Video Gallery <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode |
| CVE-2023-32466 | 2024-07-24 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an... |
| CVE-2023-32471 | 2024-07-24 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an... |
| CVE-2024-6197 | 2024-07-24 | freeing stack buffer in utf8asn1str |
| CVE-2024-6930 | 2024-07-24 | WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode |
| CVE-2024-6874 | 2024-07-24 | macidn punycode buffer overread |
| CVE-2024-39676 | 2024-07-24 | Apache Pinot: Unauthorized endpoint exposed sensitive information |
| CVE-2023-48362 | 2024-07-24 | Apache Drill: XXE Vulnerability in XML Format Reader |
| CVE-2024-3454 | 2024-07-24 | In-Fabric Matter Cluster Attribute Disclosure |
| CVE-2024-3297 | 2024-07-24 | Session establishment lock-up during replay of CASE Sigma1 messages |
| CVE-2024-7065 | 2024-07-24 | Spina CMS cross-site request forgery |
| CVE-2024-7066 | 2024-07-24 | F-logic DataCube3 HTTP POST Request config_time_sync.php os command injection |
| CVE-2024-6896 | 2024-07-24 | AMP for WP – Accelerated Mobile Pages <= 1.0.96.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-3896 | 2024-07-24 | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Title |
| CVE-2024-5818 | 2024-07-24 | Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget |
| CVE-2024-6327 | 2024-07-24 | Progress Telerik Report Server Deserialization |
| CVE-2024-7067 | 2024-07-24 | kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization |
| CVE-2024-6096 | 2024-07-24 | Unsafe Deserialization Vulnerability |
| CVE-2023-45249 | 2024-07-24 | Remote command execution due to use of default passwords. The... |
| CVE-2024-41914 | 2024-07-24 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN... |
| CVE-2024-7068 | 2024-07-24 | SourceCodester Insurance Management System update_sub_category cross site scripting |
| CVE-2024-22443 | 2024-07-24 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN... |
| CVE-2024-22444 | 2024-07-24 | A vulnerability within the web-based management interface of EdgeConnect SD-WAN... |
| CVE-2024-7069 | 2024-07-24 | SourceCodester Employee and Visitor Gate Pass Logging System sql injection |
| CVE-2024-7079 | 2024-07-24 | Openshift-console: unauthenticated installation of helm charts |
| CVE-2024-41110 | 2024-07-24 | Moby authz zero length regression |
| CVE-2024-41662 | 2024-07-24 | VNote vulnerable to Markdown XSS, which leads to RCE |
| CVE-2024-37533 | 2024-07-24 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-41666 | 2024-07-24 | The Argo CD web terminal session does not handle the revocation of user permissions properly. |
| CVE-2024-41667 | 2024-07-24 | OpenAM FreeMarker template injection |
| CVE-2024-41672 | 2024-07-24 | DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled |
| CVE-2024-21684 | 2024-07-24 | There is a low severity open redirect vulnerability within affected... |
| CVE-2024-33519 | 2024-07-24 | Authenticated Server-Side prototype pollution Leading to Information Disclosure |
| CVE-2024-7080 | 2024-07-24 | SourceCodester Insurance Management System direct request |
| CVE-2024-41133 | 2024-07-24 | Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface |
| CVE-2024-41134 | 2024-07-24 | Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface |
| CVE-2024-41135 | 2024-07-24 | Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface |
| CVE-2024-41136 | 2024-07-24 | Authenticated Command Injection in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface |
| CVE-2024-7081 | 2024-07-24 | itsourcecode Tailoring Management System expcatadd.php sql injection |
| CVE-2024-7091 | 2024-07-24 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-7060 | 2024-07-24 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-5067 | 2024-07-24 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-0231 | 2024-07-24 | Improper Control of Resource Identifiers ('Resource Injection') in GitLab |
| CVE-2024-38287 | 2024-07-25 | The password-reset mechanism in the Forgot Password functionality in R-HUB... |
| CVE-2024-38288 | 2024-07-25 | A command-injection issue in the Certificate Signing Request (CSR) functionality... |
| CVE-2024-38289 | 2024-07-25 | A boolean-based SQL injection issue in the Virtual Meeting Password... |
| CVE-2024-40318 | 2024-07-25 | An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows... |
| CVE-2024-40324 | 2024-07-25 | A CRLF injection vulnerability in E-Staff v5.1 allows attackers to... |
| CVE-2024-41468 | 2024-07-25 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection... |
| CVE-2024-41473 | 2024-07-25 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection... |
| CVE-2024-41705 | 2024-07-25 | A stored XSS issue was discovered in Archer Platform 6.8... |
| CVE-2024-41706 | 2024-07-25 | A stored XSS issue was discovered in Archer Platform 6... |
| CVE-2024-36542 | 2024-07-25 | Insecure permissions in kuma v2.7.0 allows attackers to access sensitive... |
| CVE-2024-41707 | 2024-07-25 | An issue was discovered in Archer Platform 6 before 2024.06.... |
| CVE-2024-7047 | 2024-07-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-7057 | 2024-07-25 | Improper Access Control in GitLab |
| CVE-2024-4811 | 2024-07-25 | In affected versions of Octopus Server under certain conditions, a... |
| CVE-2024-6972 | 2024-07-25 | In affected versions of Octopus Server under certain circumstances it... |