CVE List - 2024 / July
Showing 2401 - 2500 of 3115 CVEs for July 2024 (Page 25 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-39674 | 2024-07-25 | Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-39670 | 2024-07-25 | Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-7271 | 2024-07-25 | Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-39671 | 2024-07-25 | Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-39672 | 2024-07-25 | Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. |
| CVE-2024-36111 | 2024-07-25 | KubePi's JWT token validation has a defect |
| CVE-2024-41806 | 2024-07-25 | Open edX Platform's instructor upload CSV for cohort creation not Private by Default |
| CVE-2024-7101 | 2024-07-25 | ForIP Tecnologia Administração PABX Authentication Form login sql injection |
| CVE-2024-41800 | 2024-07-25 | Craft CMS Allows TOTP Token To Stay Valid After Use |
| CVE-2024-7007 | 2024-07-25 | Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005 |
| CVE-2024-41801 | 2024-07-25 | OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration |
| CVE-2024-40872 | 2024-07-25 | Elevation of privilege in Absolute Secure Access clients and servers |
| CVE-2022-32759 | 2024-07-25 | IBM Security Directory Server information disclosure |
| CVE-2024-28772 | 2024-07-25 | IBM Security Directory Integrator cross-site scripting |
| CVE-2024-40873 | 2024-07-25 | XSS in Secure Access administrative console |
| CVE-2024-1724 | 2024-07-25 | snapd allows $HOME/bin symlink |
| CVE-2024-29068 | 2024-07-25 | snapd non-regular file indefinite blocking read |
| CVE-2024-29069 | 2024-07-25 | snapd will follow archived symlinks when unpacking a filesystem |
| CVE-2024-6558 | 2024-07-25 | HMS Industrial Networks Anybus-CompactCom 30 Cross-site Scripting |
| CVE-2024-41808 | 2024-07-25 | OpenObserve stored XSS vulnerability may lead to complete account takeover |
| CVE-2024-41809 | 2024-07-25 | OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue` |
| CVE-2024-7105 | 2024-07-25 | ForIP Tecnologia Administração PABX Lista Ura Page detalheIdUra sql injection |
| CVE-2024-7106 | 2024-07-25 | Spina CMS media_folders cross-site request forgery |
| CVE-2024-3938 | 2024-07-25 | The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link.... |
| CVE-2024-38103 | 2024-07-25 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-24621 | 2024-07-25 | Softaculous Webuzo Authentication Bypass |
| CVE-2024-24623 | 2024-07-25 | Softaculous Webuzo FTP Management Command Injection |
| CVE-2024-24622 | 2024-07-25 | Softaculous Webuzo Password Reset Command Injection |
| CVE-2023-50700 | 2024-07-26 | Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method. |
| CVE-2024-24257 | 2024-07-26 | An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. |
| CVE-2024-26520 | 2024-07-26 | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. |
| CVE-2024-27357 | 2024-07-26 | An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation... |
| CVE-2024-27358 | 2024-07-26 | An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an... |
| CVE-2024-40117 | 2024-07-26 | Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200,... |
| CVE-2024-40433 | 2024-07-26 | Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. |
| CVE-2024-41353 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php |
| CVE-2024-41354 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php |
| CVE-2024-41355 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. |
| CVE-2024-41356 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. |
| CVE-2024-41373 | 2024-07-26 | ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. |
| CVE-2024-41374 | 2024-07-26 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php |
| CVE-2024-41375 | 2024-07-26 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php |
| CVE-2024-41628 | 2024-07-26 | Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP... |
| CVE-2024-42007 | 2024-07-26 | SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. |
| CVE-2024-37034 | 2024-07-26 | An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote... |
| CVE-2024-40116 | 2024-07-26 | An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL... |
| CVE-2024-41357 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. |
| CVE-2024-7114 | 2024-07-26 | Tianchoy Blog so.php sql injection |
| CVE-2024-7115 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System designation_viewmore.php sql injection |
| CVE-2024-4447 | 2024-07-26 | In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would... |
| CVE-2024-7116 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System branch_viewmore.php sql injection |
| CVE-2024-7117 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System shift_viewmore.php sql injection |
| CVE-2024-7118 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System department_viewmore.php sql injection |
| CVE-2024-7119 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System employee_viewmore.php sql injection |
| CVE-2024-7120 | 2024-07-26 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection |
| CVE-2023-49921 | 2024-07-26 | An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch... |
| CVE-2024-6490 | 2024-07-26 | Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion |
| CVE-2024-40897 | 2024-07-26 | Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an... |
| CVE-2024-25090 | 2024-07-26 | Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode |
| CVE-2024-35161 | 2024-07-26 | Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling |
| CVE-2024-35296 | 2024-07-26 | Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests |
| CVE-2023-38522 | 2024-07-26 | Apache Traffic Server: Incomplete field name check allows request smuggling |
| CVE-2024-7062 | 2024-07-26 | Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087 |
| CVE-2024-41684 | 2024-07-26 | Cookie Without Secure Flag Set Vulnerability |
| CVE-2024-41685 | 2024-07-26 | Cookie Without HTTPOnly Flag Set Vulnerability |
| CVE-2024-41686 | 2024-07-26 | Password Policy Bypass Vulnerability |
| CVE-2024-41687 | 2024-07-26 | Cleartext Transmission of Sensitive Information Vulnerability |
| CVE-2024-41688 | 2024-07-26 | Cleartext Storage of Sensitive Information Vulnerability |
| CVE-2024-41689 | 2024-07-26 | Hard-coded Credentials Vulnerability |
| CVE-2024-41690 | 2024-07-26 | Default Credential Storage in Plaintext Vulnerability |
| CVE-2024-41691 | 2024-07-26 | Insecure Storage of Sensitive Information Vulnerability |
| CVE-2024-41692 | 2024-07-26 | Incorrect Access Control Vulnerability |
| CVE-2024-40689 | 2024-07-26 | IBM InfoSphere Information Server SQL injection |
| CVE-2024-7128 | 2024-07-26 | Openshift-console: unauthenticated data exposure |
| CVE-2024-6922 | 2024-07-26 | Server-Side Request Forgery in Automation 360 |
| CVE-2024-41670 | 2024-07-26 | PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard |
| CVE-2024-41805 | 2024-07-26 | Tracks vulnerable to reflected cross-site scripting |
| CVE-2024-7050 | 2024-07-26 | Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2. |
| CVE-2024-41812 | 2024-07-26 | txtdot SSRF vulnerability in /get |
| CVE-2024-41813 | 2024-07-26 | txtdot SSRF vulnerability in /proxy |
| CVE-2024-38871 | 2024-07-26 | SQL Injection |
| CVE-2024-38872 | 2024-07-26 | SQL Injection |
| CVE-2024-39304 | 2024-07-26 | ChurchCRM SQL Injection Vulnerability |
| CVE-2024-38508 | 2024-07-26 | A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform... |
| CVE-2024-38509 | 2024-07-26 | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. |
| CVE-2024-38510 | 2024-07-26 | A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted... |
| CVE-2024-38511 | 2024-07-26 | A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted... |
| CVE-2024-38512 | 2024-07-26 | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. |
| CVE-2024-4786 | 2024-07-26 | An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. |
| CVE-2024-41112 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette |
| CVE-2024-41113 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params |
| CVE-2024-41114 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option |
| CVE-2024-41115 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette |
| CVE-2024-41116 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params |
| CVE-2024-41117 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py |
| CVE-2024-41118 | 2024-07-26 | streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py |
| CVE-2024-41119 | 2024-07-26 | streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py |
| CVE-2024-41120 | 2024-07-26 | streamlit-geospatial blind SSRF in pages/9_🔲_Vector_Data_Visualization.py |
| CVE-2024-41815 | 2024-07-26 | Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands |
| CVE-2024-42029 | 2024-07-27 | xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and... |