CVE List - 2024 / July
Showing 2501 - 2600 of 3115 CVEs for July 2024 (Page 26 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-6547 | 2024-07-27 | Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure |
| CVE-2024-4410 | 2024-07-27 | IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization |
| CVE-2024-1804 | 2024-07-27 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml |
| CVE-2024-1798 | 2024-07-27 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml |
| CVE-2024-6152 | 2024-07-27 | Flipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-6548 | 2024-07-27 | Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure |
| CVE-2024-6591 | 2024-07-27 | Ultimate WordPress Auction Plugin <= 4.2.6 - Missing Authorization to Unauthenticated Email Creation |
| CVE-2024-6431 | 2024-07-27 | Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-6545 | 2024-07-27 | Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-6573 | 2024-07-27 | Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure |
| CVE-2024-6549 | 2024-07-27 | Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-6566 | 2024-07-27 | Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure |
| CVE-2024-6661 | 2024-07-27 | ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6634 | 2024-07-27 | Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode |
| CVE-2024-6546 | 2024-07-27 | One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-5969 | 2024-07-27 | AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending |
| CVE-2024-6569 | 2024-07-27 | Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure |
| CVE-2024-6458 | 2024-07-27 | WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-5614 | 2024-07-27 | Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure |
| CVE-2024-6627 | 2024-07-27 | Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget |
| CVE-2024-6521 | 2024-07-27 | fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6897 | 2024-07-27 | aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-6520 | 2024-07-27 | fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6518 | 2024-07-27 | fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6703 | 2024-07-27 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields |
| CVE-2024-7151 | 2024-07-27 | Tenda O3 setMacFilter fromMacFilterSet stack-based overflow |
| CVE-2024-7152 | 2024-07-27 | Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow |
| CVE-2024-7153 | 2024-07-27 | Netgear WN604 siteSurvey.php direct request |
| CVE-2024-42049 | 2024-07-28 | TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection. |
| CVE-2024-42050 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM... |
| CVE-2024-42051 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM... |
| CVE-2024-42053 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM... |
| CVE-2024-42054 | 2024-07-28 | Cervantes through 0.5-alpha accepts insecure file uploads. |
| CVE-2024-42055 | 2024-07-28 | Cervantes through 0.5-alpha allows stored XSS. |
| CVE-2024-42052 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM... |
| CVE-2024-7154 | 2024-07-28 | TOTOLINK A3700R Password Reset wizard.html access control |
| CVE-2024-7155 | 2024-07-28 | TOTOLINK A3300R shadow.sample hard-coded password |
| CVE-2024-7156 | 2024-07-28 | TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure |
| CVE-2024-7157 | 2024-07-28 | TOTOLINK A3100R getSaveConfig buffer overflow |
| CVE-2024-7158 | 2024-07-28 | TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection |
| CVE-2024-7159 | 2024-07-28 | TOTOLINK A3600R Telnet Service product.ini hard-coded password |
| CVE-2024-7160 | 2024-07-28 | TOTOLINK A3700R cstecgi.cgi setWanCfg command injection |
| CVE-2024-7161 | 2024-07-28 | SeaCMS Password Change cross-site request forgery |
| CVE-2024-7162 | 2024-07-28 | SeaCMS cross site scripting |
| CVE-2024-7163 | 2024-07-28 | SeaCMS index.php cross site scripting |
| CVE-2024-7164 | 2024-07-28 | SourceCodester School Fees Payment System sql injection |
| CVE-2024-7165 | 2024-07-28 | SourceCodester School Fees Payment System view_payment.php sql injection |
| CVE-2024-7166 | 2024-07-28 | SourceCodester School Fees Payment System receipt.php sql injection |
| CVE-2024-7167 | 2024-07-28 | SourceCodester School Fees Payment System manage_course.php sql injection |
| CVE-2024-7168 | 2024-07-28 | SourceCodester School Fees Payment System manage_user.php sql injection |
| CVE-2024-7169 | 2024-07-28 | SourceCodester School Fees Payment System ajax.php cross-site request forgery |
| CVE-2024-7170 | 2024-07-28 | TOTOLINK A3000RU product.ini hard-coded password |
| CVE-2024-7171 | 2024-07-28 | TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection |
| CVE-2024-7172 | 2024-07-28 | TOTOLINK A3600R getSaveConfig buffer overflow |
| CVE-2024-7173 | 2024-07-28 | TOTOLINK A3600R cstecgi.cgi loginauth buffer overflow |
| CVE-2024-28804 | 2024-07-29 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST. |
| CVE-2024-28806 | 2024-07-29 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path. |
| CVE-2024-33365 | 2024-07-29 | Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. |
| CVE-2024-37856 | 2024-07-29 | Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. |
| CVE-2024-37857 | 2024-07-29 | SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. |
| CVE-2024-37858 | 2024-07-29 | SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. |
| CVE-2024-37859 | 2024-07-29 | Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. |
| CVE-2024-40576 | 2024-07-29 | Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page... |
| CVE-2024-41624 | 2024-07-29 | Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact. |
| CVE-2024-41637 | 2024-07-29 | RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without... |
| CVE-2024-41640 | 2024-07-29 | Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter. |
| CVE-2024-28805 | 2024-07-29 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. |
| CVE-2024-41631 | 2024-07-29 | Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component. |
| CVE-2024-7174 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setdeviceName buffer overflow |
| CVE-2024-7175 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection |
| CVE-2024-7176 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow |
| CVE-2024-7177 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow |
| CVE-2024-7178 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow |
| CVE-2024-5670 | 2024-07-29 | Softnext Mail SQR Expert and Mail Archiving Expert - OS Command Injection |
| CVE-2024-7179 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow |
| CVE-2024-32671 | 2024-07-29 | Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. |
| CVE-2024-7201 | 2024-07-29 | Simopro Technology WinMatrix3 Web package - SQL Injection |
| CVE-2024-7180 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow |
| CVE-2024-7202 | 2024-07-29 | Simopro Technology WinMatrix3 Web package - SQL Injection |
| CVE-2024-7181 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection |
| CVE-2024-7182 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow |
| CVE-2024-7183 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow |
| CVE-2024-7184 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow |
| CVE-2024-7185 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow |
| CVE-2024-37381 | 2024-07-29 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. |
| CVE-2024-4483 | 2024-07-29 | Email Encoder < 2.2.2 - Admin+ Stored XSS |
| CVE-2024-5285 | 2024-07-29 | WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF |
| CVE-2024-5882 | 2024-07-29 | Ultimate Classified Listings < 1.3 - Unauthenticated LFI |
| CVE-2024-5883 | 2024-07-29 | Ultimate Classified Listings < 1.3 - Reflected XSS |
| CVE-2024-6362 | 2024-07-29 | Ultimate Blocks < 3.2.0 - Contributor+ Stored XSS |
| CVE-2024-6366 | 2024-07-29 | User Profile Builder < 3.11.8 - Unauthenticated Media Upload |
| CVE-2024-6487 | 2024-07-29 | Inline Related Posts < 3.8.0 - Admin+ Stored XSS |
| CVE-2024-7186 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow |
| CVE-2024-41090 | 2024-07-29 | tap: add missing verification for short frame |
| CVE-2024-41091 | 2024-07-29 | tun: add missing verification for short frame |
| CVE-2024-7187 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow |
| CVE-2024-41013 | 2024-07-29 | xfs: don't walk off the end of a directory data block |
| CVE-2024-41014 | 2024-07-29 | xfs: add bounds checking to xlog_recover_process_data |
| CVE-2024-41015 | 2024-07-29 | ocfs2: add bounds checking to ocfs2_check_dir_entry() |
| CVE-2024-41016 | 2024-07-29 | ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() |