CVE List - 2024 / July
Showing 2501 - 2600 of 3117 CVEs for July 2024 (Page 26 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-41120 | 2024-07-26 | streamlit-geospatial blind SSRF in pages/9_🔲_Vector_Data_Visualization.py |
| CVE-2024-41815 | 2024-07-26 | Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands |
| CVE-2024-42029 | 2024-07-27 | xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before... |
| CVE-2024-6547 | 2024-07-27 | Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure |
| CVE-2024-4410 | 2024-07-27 | IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization |
| CVE-2024-1804 | 2024-07-27 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml |
| CVE-2024-1798 | 2024-07-27 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml |
| CVE-2024-6152 | 2024-07-27 | Flipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-6548 | 2024-07-27 | Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure |
| CVE-2024-6591 | 2024-07-27 | Ultimate WordPress Auction Plugin <= 4.2.6 - Missing Authorization to Unauthenticated Email Creation |
| CVE-2024-6431 | 2024-07-27 | Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-6545 | 2024-07-27 | Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-6573 | 2024-07-27 | Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure |
| CVE-2024-6549 | 2024-07-27 | Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-6566 | 2024-07-27 | Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure |
| CVE-2024-6661 | 2024-07-27 | ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6634 | 2024-07-27 | Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode |
| CVE-2024-6546 | 2024-07-27 | One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-5969 | 2024-07-27 | AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending |
| CVE-2024-6569 | 2024-07-27 | Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure |
| CVE-2024-6458 | 2024-07-27 | WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-5614 | 2024-07-27 | Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure |
| CVE-2024-6627 | 2024-07-27 | Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget |
| CVE-2024-6521 | 2024-07-27 | fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6897 | 2024-07-27 | aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-6520 | 2024-07-27 | fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6518 | 2024-07-27 | fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6703 | 2024-07-27 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields |
| CVE-2024-7151 | 2024-07-27 | Tenda O3 setMacFilter fromMacFilterSet stack-based overflow |
| CVE-2024-7152 | 2024-07-27 | Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow |
| CVE-2024-7153 | 2024-07-27 | Netgear WN604 siteSurvey.php direct request |
| CVE-2024-42049 | 2024-07-28 | TightVNC (Server for Windows) before 2.8.84 allows attackers to connect... |
| CVE-2024-42050 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.7.0.0... |
| CVE-2024-42051 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.6.2.0... |
| CVE-2024-42053 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.6.0.0... |
| CVE-2024-42054 | 2024-07-28 | Cervantes through 0.5-alpha accepts insecure file uploads. |
| CVE-2024-42055 | 2024-07-28 | Cervantes through 0.5-alpha allows stored XSS. |
| CVE-2024-42052 | 2024-07-28 | The MSI installer for Splashtop Streamer for Windows before 3.5.8.0... |
| CVE-2024-7154 | 2024-07-28 | TOTOLINK A3700R Password Reset wizard.html access control |
| CVE-2024-7155 | 2024-07-28 | TOTOLINK A3300R shadow.sample hard-coded password |
| CVE-2024-7156 | 2024-07-28 | TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure |
| CVE-2024-7157 | 2024-07-28 | TOTOLINK A3100R getSaveConfig buffer overflow |
| CVE-2024-7158 | 2024-07-28 | TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection |
| CVE-2024-7159 | 2024-07-28 | TOTOLINK A3600R Telnet Service product.ini hard-coded password |
| CVE-2024-7160 | 2024-07-28 | TOTOLINK A3700R cstecgi.cgi setWanCfg command injection |
| CVE-2024-7161 | 2024-07-28 | SeaCMS Password Change cross-site request forgery |
| CVE-2024-7162 | 2024-07-28 | SeaCMS cross site scripting |
| CVE-2024-7163 | 2024-07-28 | SeaCMS index.php cross site scripting |
| CVE-2024-7164 | 2024-07-28 | SourceCodester School Fees Payment System sql injection |
| CVE-2024-7165 | 2024-07-28 | SourceCodester School Fees Payment System view_payment.php sql injection |
| CVE-2024-7166 | 2024-07-28 | SourceCodester School Fees Payment System receipt.php sql injection |
| CVE-2024-7167 | 2024-07-28 | SourceCodester School Fees Payment System manage_course.php sql injection |
| CVE-2024-7168 | 2024-07-28 | SourceCodester School Fees Payment System manage_user.php sql injection |
| CVE-2024-7169 | 2024-07-28 | SourceCodester School Fees Payment System ajax.php cross-site request forgery |
| CVE-2024-7170 | 2024-07-28 | TOTOLINK A3000RU product.ini hard-coded password |
| CVE-2024-7171 | 2024-07-28 | TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection |
| CVE-2024-7172 | 2024-07-28 | TOTOLINK A3600R getSaveConfig buffer overflow |
| CVE-2024-7173 | 2024-07-28 | TOTOLINK A3600R cstecgi.cgi loginauth buffer overflow |
| CVE-2024-28804 | 2024-07-29 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored... |
| CVE-2024-28806 | 2024-07-29 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote... |
| CVE-2024-33365 | 2024-07-29 | Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a... |
| CVE-2024-37856 | 2024-07-29 | Cross Site Scripting vulnerability in Lost and Found Information System... |
| CVE-2024-37857 | 2024-07-29 | SQL Injection vulnerability in Lost and Found Information System 1.0... |
| CVE-2024-37858 | 2024-07-29 | SQL Injection vulnerability in Lost and Found Information System 1.0... |
| CVE-2024-37859 | 2024-07-29 | Cross Site Scripting vulnerability in Lost and Found Information System... |
| CVE-2024-40576 | 2024-07-29 | Cross Site Scripting vulnerability in Best House Rental Management System... |
| CVE-2024-41624 | 2024-07-29 | Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version... |
| CVE-2024-41637 | 2024-07-29 | RaspAP before 3.1.5 allows an attacker to escalate privileges: the... |
| CVE-2024-41640 | 2024-07-29 | Cross Site Scripting (XSS) vulnerability in AML Surety Eco up... |
| CVE-2024-28805 | 2024-07-29 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There... |
| CVE-2024-41631 | 2024-07-29 | Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote... |
| CVE-2024-7174 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setdeviceName buffer overflow |
| CVE-2024-7175 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection |
| CVE-2024-7176 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow |
| CVE-2024-7177 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow |
| CVE-2024-7178 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow |
| CVE-2024-5670 | 2024-07-29 | Softnext Mail SQR Expert and Mail Archiving Expert - OS Command Injection |
| CVE-2024-7179 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow |
| CVE-2024-32671 | 2024-07-29 | Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript... |
| CVE-2024-7201 | 2024-07-29 | Simopro Technology WinMatrix3 Web package - SQL Injection |
| CVE-2024-7180 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow |
| CVE-2024-7202 | 2024-07-29 | Simopro Technology WinMatrix3 Web package - SQL Injection |
| CVE-2024-7181 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection |
| CVE-2024-7182 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow |
| CVE-2024-7183 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow |
| CVE-2024-7184 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow |
| CVE-2024-7185 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow |
| CVE-2024-37381 | 2024-07-29 | An unspecified SQL Injection vulnerability in Core server of Ivanti... |
| CVE-2024-4483 | 2024-07-29 | Email Encoder < 2.2.2 - Admin+ Stored XSS |
| CVE-2024-5285 | 2024-07-29 | WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF |
| CVE-2024-5882 | 2024-07-29 | Ultimate Classified Listings < 1.3 - Unauthenticated LFI |
| CVE-2024-5883 | 2024-07-29 | Ultimate Classified Listings < 1.3 - Reflected XSS |
| CVE-2024-6362 | 2024-07-29 | Ultimate Blocks < 3.2.0 - Contributor+ Stored XSS |
| CVE-2024-6366 | 2024-07-29 | User Profile Builder < 3.11.8 - Unauthenticated Media Upload |
| CVE-2024-6487 | 2024-07-29 | Inline Related Posts < 3.8.0 - Admin+ Stored XSS |
| CVE-2024-7186 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow |
| CVE-2024-41090 | 2024-07-29 | tap: add missing verification for short frame |
| CVE-2024-41091 | 2024-07-29 | tun: add missing verification for short frame |
| CVE-2024-7187 | 2024-07-29 | TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow |
| CVE-2024-41013 | 2024-07-29 | xfs: don't walk off the end of a directory data block |