CVE List - 2024 / July
Showing 3001 - 3100 of 3115 CVEs for July 2024 (Page 31 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-7273 | 2024-07-30 | itsourcecode Alton Management System search.php sql injection |
| CVE-2024-7274 | 2024-07-30 | itsourcecode Alton Management System reservation_status.php sql injection |
| CVE-2024-37281 | 2024-07-30 | Kibana Denial of Service issue |
| CVE-2024-7275 | 2024-07-30 | itsourcecode Alton Management System category_save.php sql injection |
| CVE-2024-7276 | 2024-07-30 | itsourcecode Alton Management System member_save.php sql injection |
| CVE-2024-7277 | 2024-07-30 | itsourcecode Alton Management System Add a Menu menu.php unrestricted upload |
| CVE-2023-28149 | 2024-07-31 | An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that... |
| CVE-2024-40464 | 2024-07-31 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file |
| CVE-2024-40465 | 2024-07-31 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file |
| CVE-2024-41253 | 2024-07-31 | goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. |
| CVE-2024-41254 | 2024-07-31 | An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack. |
| CVE-2024-41255 | 2024-07-31 | filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. |
| CVE-2024-41262 | 2024-07-31 | mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack. |
| CVE-2024-41630 | 2024-07-31 | Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. |
| CVE-2024-42381 | 2024-07-31 | os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom... |
| CVE-2024-41256 | 2024-07-31 | Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access... |
| CVE-2024-41258 | 2024-07-31 | An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack. |
| CVE-2024-7278 | 2024-07-31 | itsourcecode Alton Management System team_save.php sql injection |
| CVE-2024-6255 | 2024-07-31 | Path Traversal in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-7279 | 2024-07-31 | SourceCodester Lot Reservation Management System sql injection |
| CVE-2024-7280 | 2024-07-31 | SourceCodester Lot Reservation Management System view_reserved.php sql injection |
| CVE-2024-7281 | 2024-07-31 | SourceCodester Lot Reservation Management System sql injection |
| CVE-2024-7282 | 2024-07-31 | SourceCodester Lot Reservation Management System manage_model.php sql injection |
| CVE-2024-7283 | 2024-07-31 | SourceCodester Lot Reservation Management System manage_user.php sql injection |
| CVE-2024-7284 | 2024-07-31 | SourceCodester Lot Reservation Management System cross site scripting |
| CVE-2024-39944 | 2024-07-31 | A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. |
| CVE-2024-39945 | 2024-07-31 | A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing... |
| CVE-2024-39946 | 2024-07-31 | A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device... |
| CVE-2024-39947 | 2024-07-31 | A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing... |
| CVE-2024-7285 | 2024-07-31 | SourceCodester Establishment Billing Management System cross site scripting |
| CVE-2024-39948 | 2024-07-31 | A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. |
| CVE-2024-39949 | 2024-07-31 | A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. |
| CVE-2024-39950 | 2024-07-31 | A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. |
| CVE-2024-7286 | 2024-07-31 | SourceCodester Establishment Billing Management System Login sql injection |
| CVE-2024-7287 | 2024-07-31 | SourceCodester Establishment Billing Management System manage_user.php sql injection |
| CVE-2024-7288 | 2024-07-31 | SourceCodester Establishment Billing Management System sql injection |
| CVE-2024-6770 | 2024-07-31 | Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-7289 | 2024-07-31 | SourceCodester Establishment Billing Management System manage_payment.php sql injection |
| CVE-2024-7205 | 2024-07-31 | sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user |
| CVE-2024-6165 | 2024-07-31 | WANotifier < 2.6.1 - Admin+ Stored XSS |
| CVE-2024-6272 | 2024-07-31 | SpiderContacts <= 1.1.7 - Reflected XSS |
| CVE-2024-6408 | 2024-07-31 | Slider by 10Web < 1.2.57 - Editor+ Stored XSS |
| CVE-2024-6412 | 2024-07-31 | HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF |
| CVE-2024-6695 | 2024-07-31 | profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation |
| CVE-2024-7290 | 2024-07-31 | SourceCodester Establishment Billing Management System manage_tenant.php sql injection |
| CVE-2024-7299 | 2024-07-31 | Bolt CMS Entry Preview page cross site scripting |
| CVE-2024-6980 | 2024-07-31 | Verbose error handling issue in GravityZone Update Server proxy service |
| CVE-2024-7300 | 2024-07-31 | Bolt CMS Showcase Creation showcases cross site scripting |
| CVE-2024-7303 | 2024-07-31 | itsourcecode Online Blood Bank Management System Send Blood Request Page request.php cross site scripting |
| CVE-2023-28074 | 2024-07-31 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local... |
| CVE-2024-7306 | 2024-07-31 | SourceCodester Establishment Billing Management System manage_block.php sql injection |
| CVE-2024-7264 | 2024-07-31 | ASN.1 date parser overread |
| CVE-2024-37142 | 2024-07-31 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading... |
| CVE-2024-37127 | 2024-07-31 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading... |
| CVE-2024-2508 | 2024-07-31 | WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification |
| CVE-2024-7307 | 2024-07-31 | SourceCodester Establishment Billing Management System manage_billing.php sql injection |
| CVE-2024-32857 | 2024-07-31 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading... |
| CVE-2024-37129 | 2024-07-31 | Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. |
| CVE-2024-7308 | 2024-07-31 | SourceCodester Establishment Billing Management System view_bill.php sql injection |
| CVE-2024-7309 | 2024-07-31 | SourceCodester Record Management System entry.php cross site scripting |
| CVE-2024-7310 | 2024-07-31 | SourceCodester Record Management System sort_user.php cross site scripting |
| CVE-2024-7311 | 2024-07-31 | code-projects Online Bus Reservation Site register.php sql injection |
| CVE-2024-6725 | 2024-07-31 | Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-7135 | 2024-07-31 | Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-7320 | 2024-07-31 | itsourcecode Online Blood Bank Management System Admin Login index.php sql injection |
| CVE-2024-7321 | 2024-07-31 | itsourcecode Online Blood Bank Management System User Registration signup.php cross site scripting |
| CVE-2024-6208 | 2024-07-31 | Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-39379 | 2024-07-31 | Acrobat for Edge | Out-of-bounds Read (CWE-125) |
| CVE-2024-3082 | 2024-07-31 | A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures... |
| CVE-2024-3083 | 2024-07-31 | A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page. |
| CVE-2024-31199 | 2024-07-31 | A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code. |
| CVE-2024-31200 | 2024-07-31 | A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an... |
| CVE-2024-31201 | 2024-07-31 | A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a... |
| CVE-2024-31202 | 2024-07-31 | A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation. |
| CVE-2024-31203 | 2024-07-31 | A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component. |
| CVE-2024-37135 | 2024-07-31 | DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be... |
| CVE-2024-7340 | 2024-07-31 | W&B Weave server remote arbitrary file leak and privilege escalation |
| CVE-2024-37898 | 2024-07-31 | XWiki Platform vulnerable to document deletion and overwrite from edit |
| CVE-2024-37900 | 2024-07-31 | XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader |
| CVE-2024-37901 | 2024-07-31 | XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet |
| CVE-2024-41947 | 2024-07-31 | XWiki Platform XSS through conflict resolution |
| CVE-2024-39318 | 2024-07-31 | Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget |
| CVE-2024-39694 | 2024-07-31 | Duende IdentityServer Open Redirect vulnerability |
| CVE-2024-41950 | 2024-07-31 | Insecure Jinja2 templates rendered in Haystack Components can lead to RCE |
| CVE-2024-41952 | 2024-07-31 | Zitadel has an "Ignoring unknown usernames" vulnerability |
| CVE-2024-41953 | 2024-07-31 | Zitadel improperly sanitizes HTML in emails and Console UI |
| CVE-2024-6973 | 2024-07-31 | Remote Code Execution in Cato Windows SDP client via crafted URLs |
| CVE-2024-6974 | 2024-07-31 | Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade |
| CVE-2024-6975 | 2024-07-31 | Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file |
| CVE-2024-6977 | 2024-07-31 | Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover |
| CVE-2024-6978 | 2024-07-31 | Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users |
| CVE-2024-23444 | 2024-07-31 | Elasticsearch elasticsearch-certutil csr fails to encrypt private key |
| CVE-2024-7324 | 2024-07-31 | IObit iTop Data Recovery Pro BPL madbasic_.bpl uncontrolled search path |
| CVE-2024-40645 | 2024-07-31 | FOG Authenticated File Upload RCE |
| CVE-2024-41108 | 2024-07-31 | FOG Sensitive Information Disclosure |
| CVE-2024-41955 | 2024-07-31 | Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect |
| CVE-2024-41954 | 2024-07-31 | FOG Weak file permissions |
| CVE-2024-41951 | 2024-07-31 | PheonixAppAPI has visible Encoding Maps |
| CVE-2024-7325 | 2024-07-31 | IObit Driver Booster BPL VCL120.BPL uncontrolled search path |
| CVE-2024-41660 | 2024-07-31 | slpd-lite unauthenticated memory corruption |