CVE List - 2024 / July
Showing 2401 - 2500 of 3117 CVEs for July 2024 (Page 25 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-37084 | 2024-07-25 | CVE-2024-37084: Remote code execution in Spring Cloud Data Flow |
| CVE-2024-6589 | 2024-07-25 | LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-39673 | 2024-07-25 | Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful... |
| CVE-2024-39674 | 2024-07-25 | Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation... |
| CVE-2024-39670 | 2024-07-25 | Privilege escalation vulnerability in the account synchronisation module. Impact: Successful... |
| CVE-2023-7271 | 2024-07-25 | Privilege escalation vulnerability in the NMS module Impact: Successful exploitation... |
| CVE-2024-39671 | 2024-07-25 | Access control vulnerability in the security verification module. Impact: Successful... |
| CVE-2024-39672 | 2024-07-25 | Memory request logic vulnerability in the memory module. Impact: Successful... |
| CVE-2024-36111 | 2024-07-25 | KubePi's JWT token validation has a defect |
| CVE-2024-41806 | 2024-07-25 | Open edX Platform's instructor upload CSV for cohort creation not Private by Default |
| CVE-2024-7101 | 2024-07-25 | ForIP Tecnologia Administração PABX Authentication Form login sql injection |
| CVE-2024-41800 | 2024-07-25 | Craft CMS Allows TOTP Token To Stay Valid After Use |
| CVE-2024-7007 | 2024-07-25 | Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005 |
| CVE-2024-41801 | 2024-07-25 | OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration |
| CVE-2024-40872 | 2024-07-25 | Elevation of privilege in Absolute Secure Access clients and servers |
| CVE-2022-32759 | 2024-07-25 | IBM Security Directory Server information disclosure |
| CVE-2024-28772 | 2024-07-25 | IBM Security Directory Integrator cross-site scripting |
| CVE-2024-40873 | 2024-07-25 | XSS in Secure Access administrative console |
| CVE-2024-1724 | 2024-07-25 | snapd allows $HOME/bin symlink |
| CVE-2024-29068 | 2024-07-25 | snapd non-regular file indefinite blocking read |
| CVE-2024-29069 | 2024-07-25 | snapd will follow archived symlinks when unpacking a filesystem |
| CVE-2024-6558 | 2024-07-25 | HMS Industrial Networks Anybus-CompactCom 30 Cross-site Scripting |
| CVE-2024-41808 | 2024-07-25 | OpenObserve stored XSS vulnerability may lead to complete account takeover |
| CVE-2024-41809 | 2024-07-25 | OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue` |
| CVE-2024-7105 | 2024-07-25 | ForIP Tecnologia Administração PABX Lista Ura Page detalheIdUra sql injection |
| CVE-2024-7106 | 2024-07-25 | Spina CMS media_folders cross-site request forgery |
| CVE-2024-3938 | 2024-07-25 | The "reset password" login page accepted an HTML injection via... |
| CVE-2024-38103 | 2024-07-25 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-24621 | 2024-07-25 | Softaculous Webuzo Authentication Bypass |
| CVE-2024-24623 | 2024-07-25 | Softaculous Webuzo FTP Management Command Injection |
| CVE-2024-24622 | 2024-07-25 | Softaculous Webuzo Password Reset Command Injection |
| CVE-2023-50700 | 2024-07-26 | Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows... |
| CVE-2024-24257 | 2024-07-26 | An issue in skteco.com Central Control Attendance Machine web management... |
| CVE-2024-26520 | 2024-07-26 | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant... |
| CVE-2024-27357 | 2024-07-26 | An issue was discovered in WithSecure Elements Agent through 23.x... |
| CVE-2024-27358 | 2024-07-26 | An issue was discovered in WithSecure Elements Agent through 23.x... |
| CVE-2024-40117 | 2024-07-26 | Incorrect access control in Solar-Log 1000 before v2.8.2 and build... |
| CVE-2024-40433 | 2024-07-26 | Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker... |
| CVE-2024-41353 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-41354 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-41355 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-41356 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-41373 | 2024-07-26 | ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. |
| CVE-2024-41374 | 2024-07-26 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-41375 | 2024-07-26 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-41628 | 2024-07-26 | Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778,... |
| CVE-2024-42007 | 2024-07-26 | SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to... |
| CVE-2024-37034 | 2024-07-26 | An issue was discovered in Couchbase Server before 7.2.5 and... |
| CVE-2024-40116 | 2024-07-26 | An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013... |
| CVE-2024-41357 | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2024-7114 | 2024-07-26 | Tianchoy Blog so.php sql injection |
| CVE-2024-7115 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System designation_viewmore.php sql injection |
| CVE-2024-4447 | 2024-07-26 | In the System → Maintenance tool, the Logged Users tab... |
| CVE-2024-7116 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System branch_viewmore.php sql injection |
| CVE-2024-7117 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System shift_viewmore.php sql injection |
| CVE-2024-7118 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System department_viewmore.php sql injection |
| CVE-2024-7119 | 2024-07-26 | MD-MAFUJUL-HASAN Online-Payroll-Management-System employee_viewmore.php sql injection |
| CVE-2024-7120 | 2024-07-26 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection |
| CVE-2023-49921 | 2024-07-26 | An issue was discovered by Elastic whereby Watcher search input... |
| CVE-2024-6490 | 2024-07-26 | Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion |
| CVE-2024-40897 | 2024-07-26 | Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions... |
| CVE-2024-25090 | 2024-07-26 | Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode |
| CVE-2024-35161 | 2024-07-26 | Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling |
| CVE-2024-35296 | 2024-07-26 | Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests |
| CVE-2023-38522 | 2024-07-26 | Apache Traffic Server: Incomplete field name check allows request smuggling |
| CVE-2024-7062 | 2024-07-26 | Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087 |
| CVE-2024-41684 | 2024-07-26 | Cookie Without Secure Flag Set Vulnerability |
| CVE-2024-41685 | 2024-07-26 | Cookie Without HTTPOnly Flag Set Vulnerability |
| CVE-2024-41686 | 2024-07-26 | Password Policy Bypass Vulnerability |
| CVE-2024-41687 | 2024-07-26 | Cleartext Transmission of Sensitive Information Vulnerability |
| CVE-2024-41688 | 2024-07-26 | Cleartext Storage of Sensitive Information Vulnerability |
| CVE-2024-41689 | 2024-07-26 | Hard-coded Credentials Vulnerability |
| CVE-2024-41690 | 2024-07-26 | Default Credential Storage in Plaintext Vulnerability |
| CVE-2024-41691 | 2024-07-26 | Insecure Storage of Sensitive Information Vulnerability |
| CVE-2024-41692 | 2024-07-26 | Incorrect Access Control Vulnerability |
| CVE-2024-40689 | 2024-07-26 | IBM InfoSphere Information Server SQL injection |
| CVE-2024-7128 | 2024-07-26 | Openshift-console: unauthenticated data exposure |
| CVE-2024-6922 | 2024-07-26 | Server-Side Request Forgery in Automation 360 |
| CVE-2024-41670 | 2024-07-26 | PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard |
| CVE-2024-41805 | 2024-07-26 | Tracks vulnerable to reflected cross-site scripting |
| CVE-2024-7050 | 2024-07-26 | Improper Authentication vulnerability in OpenText OpenText Directory Services may allow... |
| CVE-2024-41812 | 2024-07-26 | txtdot SSRF vulnerability in /get |
| CVE-2024-41813 | 2024-07-26 | txtdot SSRF vulnerability in /proxy |
| CVE-2024-38871 | 2024-07-26 | SQL Injection |
| CVE-2024-38872 | 2024-07-26 | SQL Injection |
| CVE-2024-39304 | 2024-07-26 | ChurchCRM SQL Injection Vulnerability |
| CVE-2024-38508 | 2024-07-26 | A privilege escalation vulnerability was discovered in the web interface... |
| CVE-2024-38509 | 2024-07-26 | A privilege escalation vulnerability was discovered in XCC that could... |
| CVE-2024-38510 | 2024-07-26 | A privilege escalation vulnerability was discovered in the SSH captive... |
| CVE-2024-38511 | 2024-07-26 | A privilege escalation vulnerability was discovered in an upload processing... |
| CVE-2024-38512 | 2024-07-26 | A privilege escalation vulnerability was discovered in XCC that could... |
| CVE-2024-4786 | 2024-07-26 | An improper validation vulnerability was reported in the Lenovo Tab... |
| CVE-2024-41112 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette |
| CVE-2024-41113 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params |
| CVE-2024-41114 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option |
| CVE-2024-41115 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette |
| CVE-2024-41116 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params |
| CVE-2024-41117 | 2024-07-26 | Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py |
| CVE-2024-41118 | 2024-07-26 | streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py |
| CVE-2024-41119 | 2024-07-26 | streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py |