CVE List - 2024 / August
Showing 1 - 100 of 2898 CVEs for August 2024 (Page 1 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-41260 | 2024-08-01 | A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information. |
| CVE-2024-41264 | 2024-08-01 | An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. |
| CVE-2024-41265 | 2024-08-01 | A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. |
| CVE-2024-7331 | 2024-08-01 | TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow |
| CVE-2024-7332 | 2024-08-01 | TOTOLINK CP450 Telnet Service product.ini hard-coded password |
| CVE-2024-7333 | 2024-08-01 | TOTOLINK N350RT cstecgi.cgi setParentalRules buffer overflow |
| CVE-2024-34021 | 2024-08-01 | Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with... |
| CVE-2024-39607 | 2024-08-01 | OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to... |
| CVE-2024-40883 | 2024-08-01 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed... |
| CVE-2024-7334 | 2024-08-01 | TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow |
| CVE-2024-6687 | 2024-08-01 | CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory |
| CVE-2024-7335 | 2024-08-01 | TOTOLINK EX200 getSaveConfig buffer overflow |
| CVE-2024-7336 | 2024-08-01 | TOTOLINK EX200 cstecgi.cgi loginauth buffer overflow |
| CVE-2024-7337 | 2024-08-01 | TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow |
| CVE-2024-6698 | 2024-08-01 | FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-7338 | 2024-08-01 | TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow |
| CVE-2024-7339 | 2024-08-01 | TVT DVR TD-2104TS-CL queryDevInfo information disclosure |
| CVE-2024-2090 | 2024-08-01 | Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery |
| CVE-2024-7342 | 2024-08-01 | Baidu UEditor unrestricted upload |
| CVE-2024-7343 | 2024-08-01 | Baidu UEditor cross site scripting |
| CVE-2024-1747 | 2024-08-01 | WooCommerce Customers Manager < 30.2 - Subscriber+ Stored XSS |
| CVE-2024-2843 | 2024-08-01 | WooCommerce Customers Manager < 30.1 - User Deletion via CSRF |
| CVE-2024-2872 | 2024-08-01 | Swift Framework < 2024.04.30 - Contributor+ Stored XSS |
| CVE-2024-3983 | 2024-08-01 | WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF |
| CVE-2024-4090 | 2024-08-01 | My Sticky Bar < 2.7.2 - Admin+ Stored XSS |
| CVE-2024-6496 | 2024-08-01 | Light Poll <= 1.0.0 - Polls Deletion via CSRF |
| CVE-2024-6529 | 2024-08-01 | Ultimate Classified Listings < 1.4 - Reflected XSS |
| CVE-2024-7302 | 2024-08-01 | Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload |
| CVE-2024-5330 | 2024-08-01 | Breakdance <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5331 | 2024-08-01 | Breakdance <= 1.7.2 - Missing Authorization |
| CVE-2024-5678 | 2024-08-01 | SQL Injection |
| CVE-2024-25947 | 2024-08-01 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service... |
| CVE-2024-25948 | 2024-08-01 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service... |
| CVE-2024-38489 | 2024-08-01 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial)... |
| CVE-2024-38490 | 2024-08-01 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service... |
| CVE-2024-38481 | 2024-08-01 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service... |
| CVE-2024-28972 | 2024-08-01 | Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2024-6346 | 2024-08-01 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85a - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget |
| CVE-2024-2455 | 2024-08-01 | Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL |
| CVE-2024-7357 | 2024-08-01 | D-Link DIR-600 soap.cgi soapcgi_main os command injection |
| CVE-2024-7358 | 2024-08-01 | Point B Ltd Getscreen Agent Installation getscreen.msi temp file |
| CVE-2024-6923 | 2024-08-01 | Email header injection due to unquoted newlines |
| CVE-2024-29977 | 2024-08-01 | Malicious remote can create arbitrary reactions on arbitrary posts |
| CVE-2024-36492 | 2024-08-01 | Existing local user overwritten by malicious remote |
| CVE-2024-39274 | 2024-08-01 | Malicious remote can add users to arbitrary teams and channels |
| CVE-2024-39777 | 2024-08-01 | Malicious remote can invite itself to an arbitrary local channel |
| CVE-2024-39832 | 2024-08-01 | Permanently local data deletion by malicious remote |
| CVE-2024-39837 | 2024-08-01 | Malicious remote can create arbitrary channels |
| CVE-2024-39839 | 2024-08-01 | Remote username set to an arbitrary string by remote user |
| CVE-2024-41144 | 2024-08-01 | Malicious remote can create/update/delete arbitrary posts in arbitrary channels |
| CVE-2024-41162 | 2024-08-01 | Malicious remote can make an arbitrary local channel read-only |
| CVE-2024-41926 | 2024-08-01 | Malicious remote can claim that a user was synced from another remote |
| CVE-2024-41123 | 2024-08-01 | REXML DoS vulnerability |
| CVE-2024-41946 | 2024-08-01 | REXML DoS vulnerability |
| CVE-2024-41961 | 2024-08-01 | Elektra vulnerable to remote code execution in universal search |
| CVE-2024-6242 | 2024-08-01 | Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices |
| CVE-2024-6040 | 2024-08-01 | Missing client_id in parisneo/lollms-webui |
| CVE-2024-6873 | 2024-08-01 | Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution. |
| CVE-2024-41962 | 2024-08-01 | Bostr Improper Authorization |
| CVE-2024-7359 | 2024-08-01 | SourceCodester Tracking Monitoring Management System ajax.php cross site scripting |
| CVE-2024-7211 | 2024-08-01 | The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites. |
| CVE-2024-23600 | 2024-08-01 | PingIDM Query Filter Vulnerability |
| CVE-2024-7360 | 2024-08-01 | SourceCodester Tracking Monitoring Management System ajax.php cross-site request forgery |
| CVE-2024-7361 | 2024-08-01 | SourceCodester Tracking Monitoring Management System ajax.php sql injection |
| CVE-2024-6990 | 2024-08-01 | Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium... |
| CVE-2024-7255 | 2024-08-01 | Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium... |
| CVE-2024-7256 | 2024-08-01 | Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-4353 | 2024-08-01 | Stored XSS in Generate Board Name Input Field |
| CVE-2024-7362 | 2024-08-01 | SourceCodester Tracking Monitoring Management System manage_user.php sql injection |
| CVE-2024-7363 | 2024-08-01 | SourceCodester Tracking Monitoring Management System manage_person.php sql injection |
| CVE-2024-7364 | 2024-08-01 | SourceCodester Tracking Monitoring Management System manage_records.php sql injection |
| CVE-2024-7365 | 2024-08-01 | SourceCodester Tracking Monitoring Management System manage_establishment.php sql injection |
| CVE-2024-7366 | 2024-08-01 | SourceCodester Tracking Monitoring Management System Login ajax.php sql injection |
| CVE-2024-39634 | 2024-08-01 | WordPress PowerPack Pro for Elementor plugin <= 2.10.14 - Contributor+ Privilege Escalation vulnerability |
| CVE-2024-39633 | 2024-08-01 | WordPress PowerPack for Beaver Builder plugin <= 2.33.0 - Contributor+ Privilege Escalation vulnerability |
| CVE-2024-39630 | 2024-08-01 | WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability |
| CVE-2024-39624 | 2024-08-01 | WordPress ListingPro theme <= 2.9.3 - Local File Inclusion vulnerability |
| CVE-2024-39621 | 2024-08-01 | WordPress ListingPro plugin <= 2.9.3 - Local File Inclusion vulnerability |
| CVE-2024-39619 | 2024-08-01 | WordPress ListingPro plugin <= 2.9.3 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-38791 | 2024-08-01 | WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-38775 | 2024-08-01 | WordPress CTX Feed plugin <= 6.5.6 - Arbitrary Options Update vulnerability |
| CVE-2024-38772 | 2024-08-01 | WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability |
| CVE-2024-38770 | 2024-08-01 | WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability |
| CVE-2024-38768 | 2024-08-01 | WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability |
| CVE-2024-32863 | 2024-08-01 | exacqVison - CSRF issues with Web Service |
| CVE-2024-7367 | 2024-08-01 | SourceCodester Simple Realtime Quiz System ajax.php cross-site request forgery |
| CVE-2024-38746 | 2024-08-01 | WordPress MakeStories (for Google Web Stories) plugin <= 3.0.3 - Arbitrary File Download and SSRF vulnerability |
| CVE-2023-52209 | 2024-08-01 | WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability |
| CVE-2024-7093 | 2024-08-01 | Server-Side Template Injection in Dispatch Message Templates |
| CVE-2024-32864 | 2024-08-01 | exacqVison - HTTPS Session Establishment |
| CVE-2024-32865 | 2024-08-01 | exacqVison - TLS certificate validation |
| CVE-2024-32931 | 2024-08-01 | exacqVison - Token Disclosed in URL |
| CVE-2024-39637 | 2024-08-01 | WordPress Edubin theme <= 9.2.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-39636 | 2024-08-01 | WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability |
| CVE-2024-38761 | 2024-08-01 | WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability |
| CVE-2024-7368 | 2024-08-01 | SourceCodester Simple Realtime Quiz System ajax.php cross site scripting |
| CVE-2024-39668 | 2024-08-01 | WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-39667 | 2024-08-01 | WordPress Element Pack Elementor Addons plugin <= 5.6.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-39665 | 2024-08-01 | WordPress Filter & Grids plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-39663 | 2024-08-01 | WordPress WP Fast Total Search plugin <= 1.68.232 - Cross Site Scripting (XSS) vulnerability |