CVE List - 2024 / July
Showing 1801 - 1900 of 3117 CVEs for July 2024 (Page 19 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-41010 | 2024-07-17 | bpf: Fix too early release of tcx_entry |
| CVE-2024-6033 | 2024-07-17 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import |
| CVE-2024-5254 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5255 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5252 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-6660 | 2024-07-17 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload |
| CVE-2024-5253 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-6669 | 2024-07-17 | AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6467 | 2024-07-17 | BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation |
| CVE-2024-5251 | 2024-07-17 | Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5703 | 2024-07-17 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization |
| CVE-2024-6220 | 2024-07-17 | 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload |
| CVE-2024-5582 | 2024-07-17 | Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute |
| CVE-2024-39863 | 2024-07-17 | Apache Airflow: Potential XSS Vulnerability |
| CVE-2024-39877 | 2024-07-17 | Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler |
| CVE-2023-52291 | 2024-07-17 | Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution |
| CVE-2024-29737 | 2024-07-17 | Apache StreamPark (incubating): maven build params could trigger remote command execution |
| CVE-2024-40617 | 2024-07-17 | Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW... |
| CVE-2024-31070 | 2024-07-17 | Initialization of a resource with an insecure default vulnerability in... |
| CVE-2024-36475 | 2024-07-17 | FutureNet NXR series, VXR series and WXR series provided by... |
| CVE-2024-36491 | 2024-07-17 | FutureNet NXR series, VXR series and WXR series provided by... |
| CVE-2024-30471 | 2024-07-17 | Apache StreamPipes: Potential creation of multiple identical accounts |
| CVE-2024-31979 | 2024-07-17 | Apache StreamPipes: Possibility of SSRF in pipeline element installation process |
| CVE-2024-31411 | 2024-07-17 | Apache StreamPipes: Potential remote code execution (RCE) via file upload |
| CVE-2024-27311 | 2024-07-17 | Arbitrary file writing |
| CVE-2024-5471 | 2024-07-17 | Agent takeover |
| CVE-2024-23474 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
| CVE-2024-23468 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-28992 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-28993 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-23472 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
| CVE-2024-23475 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability |
| CVE-2024-23469 | 2024-07-17 | SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability |
| CVE-2024-23465 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability |
| CVE-2024-23466 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-23467 | 2024-07-17 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-28074 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability |
| CVE-2024-23470 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability |
| CVE-2024-23471 | 2024-07-17 | SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-6833 | 2024-07-17 | Zowe CLI Auto-Init Leaks Credentials Locally |
| CVE-2024-6834 | 2024-07-17 | Imperative Local Command Injection allows Activity Masking |
| CVE-2024-29120 | 2024-07-17 | Apache StreamPark: Information leakage vulnerability |
| CVE-2023-7272 | 2024-07-17 | Eclipse Parsson stack overflow with deeply nested objects |
| CVE-2023-4976 | 2024-07-17 | FlashBlade Authentication Mechanism Vulnerability |
| CVE-2024-6830 | 2024-07-17 | SourceCodester Simple Inventory Management System Order action.php sql injection |
| CVE-2024-20401 | 2024-07-17 | A vulnerability in the content scanning and message filtering features... |
| CVE-2024-20419 | 2024-07-17 | A vulnerability in the authentication system of Cisco Smart Software... |
| CVE-2024-20435 | 2024-07-17 | A vulnerability in the CLI of Cisco AsyncOS for Secure... |
| CVE-2024-20296 | 2024-07-17 | A vulnerability in the web-based management interface of Cisco Identity... |
| CVE-2024-20323 | 2024-07-17 | A vulnerability in Cisco Intelligent Node (iNode) Software could allow... |
| CVE-2024-20416 | 2024-07-17 | A vulnerability in the upload module of Cisco RV340 and... |
| CVE-2024-20429 | 2024-07-17 | A vulnerability in the web-based management interface of Cisco AsyncOS... |
| CVE-2024-20400 | 2024-07-17 | A vulnerability in the web-based management interface of Cisco Expressway... |
| CVE-2024-20395 | 2024-07-17 | A vulnerability in the media retrieval functionality of Cisco Webex... |
| CVE-2024-20396 | 2024-07-17 | A vulnerability in the protocol handlers of Cisco Webex App... |
| CVE-2024-38870 | 2024-07-17 | Stored XSS |
| CVE-2023-42010 | 2024-07-17 | IBM Sterling B2B Integrator Standard Edition information disclosure |
| CVE-2024-40640 | 2024-07-17 | Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac |
| CVE-2024-40641 | 2024-07-17 | Unsigned code template execution through workflows in projectdiscovery/nuclei |
| CVE-2024-40636 | 2024-07-17 | Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness |
| CVE-2024-40633 | 2024-07-17 | Customer data leak via adjustments API endpoint in Sylius |
| CVE-2024-28796 | 2024-07-17 | IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored... |
| CVE-2024-29885 | 2024-07-17 | Reports are still accessible even when `canView()` returns false in silverstripe/reports |
| CVE-2024-32981 | 2024-07-17 | Cross-site Scripting vulnerability with encoded payload in silverstripe/framework |
| CVE-2024-39678 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Get Recipe IDs |
| CVE-2024-39679 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Recipe Template Reset |
| CVE-2024-39680 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template Save |
| CVE-2024-39681 | 2024-07-17 | WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes |
| CVE-2024-39682 | 2024-07-17 | WordPress Cooked Plugin - Authenticated (Contributor+) HTML Injection via Recipe Excerpt |
| CVE-2024-39090 | 2024-07-18 | The PHPGurukul Online Shopping Portal Project version 2.0 contains a... |
| CVE-2024-39173 | 2024-07-18 | calculator-boilerplate v1.0 was discovered to contain a remote code execution... |
| CVE-2024-41184 | 2024-07-18 | In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an... |
| CVE-2024-6175 | 2024-07-18 | Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates |
| CVE-2024-5726 | 2024-07-18 | Timeline Event History <= 3.1 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-5964 | 2024-07-18 | Zenon Lite <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-6705 | 2024-07-18 | RegLevel <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6599 | 2024-07-18 | Meks Video Importer <= 1.0.11 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification |
| CVE-2023-6708 | 2024-07-18 | SVG Support <= 2.5.5 - Authenticated (Author+) Cross-Site Scripting via SVG |
| CVE-2024-6164 | 2024-07-18 | Filter & Grids < 2.8.33 - Unauthenticated LFI |
| CVE-2024-41011 | 2024-07-18 | drm/amdkfd: don't allow mapping the MMIO HDP page with large pages |
| CVE-2024-29014 | 2024-07-18 | Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client... |
| CVE-2024-40764 | 2024-07-18 | Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows... |
| CVE-2024-5554 | 2024-07-18 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3242 | 2024-07-18 | Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-5555 | 2024-07-18 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6504 | 2024-07-18 | Rapid7 InsightVM Protection Mechanism Failure |
| CVE-2024-40898 | 2024-07-18 | Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows |
| CVE-2024-40725 | 2024-07-18 | Apache HTTP Server: source code disclosure with handlers configured via AddType |
| CVE-2024-29178 | 2024-07-18 | Apache StreamPark: FreeMarker SSTI RCE Vulnerability |
| CVE-2024-31143 | 2024-07-18 | double unlock in x86 guest IRQ handling |
| CVE-2024-34013 | 2024-07-18 | Local privilege escalation due to OS command injection vulnerability. The... |
| CVE-2024-39907 | 2024-07-18 | a sqlinjection in 1Panel |
| CVE-2024-39911 | 2024-07-18 | 1Panel SQL injection |
| CVE-2024-30473 | 2024-07-18 | Dell ECS, versions prior to 3.8.1, contain a privilege elevation... |
| CVE-2024-38302 | 2024-07-18 | Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of... |
| CVE-2023-50304 | 2024-07-18 | IBM Engineering Requirements Management DOORS XML external entity injection |
| CVE-2024-5618 | 2024-07-18 | Broken Access Control in PruvaSoft Informatics' Apinizer Management Console |
| CVE-2023-40704 | 2024-07-18 | Philips Vue PACS Use of Default Credentials |
| CVE-2024-40648 | 2024-07-18 | `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk |
| CVE-2024-5619 | 2024-07-18 | IDOR in PruvaSoft Informatics' Apinizer Management Console |