CVE List - 2024 / August
Showing 1701 - 1800 of 2898 CVEs for August 2024 (Page 18 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-43335 | 2024-08-18 | WordPress Responsive Blocks – WordPress Gutenberg Blocks plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43330 | 2024-08-18 | WordPress PowerPack for Beaver Builder plugin < 2.37.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43329 | 2024-08-18 | WordPress Allegiant theme <= 1.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43327 | 2024-08-18 | WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43324 | 2024-08-18 | WordPress Clever Addons for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43321 | 2024-08-18 | WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43320 | 2024-08-18 | WordPress WPBakery Page Builder Addons plugin <= 3.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43318 | 2024-08-18 | WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43313 | 2024-08-18 | WordPress FormFacade – WordPress plugin for Google Forms plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43309 | 2024-08-18 | WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43308 | 2024-08-18 | WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43307 | 2024-08-18 | WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43306 | 2024-08-18 | WordPress WP-Lister Lite for eBay plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43305 | 2024-08-18 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-7907 | 2024-08-18 | TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection |
| CVE-2024-7908 | 2024-08-18 | TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow |
| CVE-2024-7909 | 2024-08-18 | TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow |
| CVE-2024-7910 | 2024-08-18 | CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload |
| CVE-2024-6221 | 2024-08-18 | Improper Access Control in corydolphin/flask-cors |
| CVE-2024-7911 | 2024-08-18 | SourceCodester Simple Online Bidding System index.php file inclusion |
| CVE-2024-43304 | 2024-08-18 | WordPress Cryptocurrency Widgets plugin <= 2.8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43303 | 2024-08-18 | WordPress White Label CMS plugin <= 2.7.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43294 | 2024-08-18 | WordPress Bold Timeline Lite plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43292 | 2024-08-18 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43291 | 2024-08-18 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43284 | 2024-08-18 | WordPress WP Travel Gutenberg Blocks plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43279 | 2024-08-18 | WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43278 | 2024-08-18 | WordPress Meta Field Block plugin <= 1.2.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43267 | 2024-08-18 | WordPress Mega Addons For Elementor plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43263 | 2024-08-18 | WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43262 | 2024-08-18 | WordPress Busiprof theme <= 2.4.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43246 | 2024-08-18 | WordPress WHMpress plugin <= 6.2-revision-5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43244 | 2024-08-18 | WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43241 | 2024-08-18 | WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43350 | 2024-08-18 | WordPress Propovoice CRM plugin <= 1.7.6.4 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-7912 | 2024-08-18 | CodeAstro Online Railway Reservation System assets exposure of information through directory listing |
| CVE-2024-43322 | 2024-08-18 | WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-43315 | 2024-08-18 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-43288 | 2024-08-18 | WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-43266 | 2024-08-18 | WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.6 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-43239 | 2024-08-18 | WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability |
| CVE-2024-43286 | 2024-08-18 | WordPress Squirrly SEO plugin <= 12.3.19 - SQL Injection vulnerability |
| CVE-2024-43282 | 2024-08-18 | WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability |
| CVE-2024-43207 | 2024-08-18 | WordPress Unite Gallery Lite plugin <= 1.7.62 - SQL Injection vulnerability |
| CVE-2024-43145 | 2024-08-18 | WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability |
| CVE-2024-35686 | 2024-08-18 | WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability |
| CVE-2024-7913 | 2024-08-18 | itsourcecode Billing System addclient1.php sql injection |
| CVE-2024-7914 | 2024-08-18 | SourceCodester Yoga Class Registration System SystemSettings.php cross site scripting |
| CVE-2024-7916 | 2024-08-18 | nafisulbari/itsourcecode Insurance Management System Add Nominee Page addNominee.php cross site scripting |
| CVE-2024-7917 | 2024-08-18 | DouPHP Favicon system.php unrestricted upload |
| CVE-2024-23729 | 2024-08-19 | The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. |
| CVE-2024-35538 | 2024-08-19 | Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip... |
| CVE-2024-35539 | 2024-08-19 | Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the... |
| CVE-2024-42633 | 2024-08-19 | A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. |
| CVE-2024-42657 | 2024-08-19 | An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process |
| CVE-2024-42658 | 2024-08-19 | An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter |
| CVE-2024-42813 | 2024-08-19 | In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can... |
| CVE-2024-42815 | 2024-08-19 | In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability... |
| CVE-2024-44067 | 2024-08-19 | The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical... |
| CVE-2024-44069 | 2024-08-19 | Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the... |
| CVE-2024-44073 | 2024-08-19 | The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. |
| CVE-2024-44076 | 2024-08-19 | In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. |
| CVE-2024-42812 | 2024-08-19 | In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can... |
| CVE-2024-44070 | 2024-08-19 | An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. |
| CVE-2024-44083 | 2024-08-19 | ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual... |
| CVE-2024-7919 | 2024-08-19 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control |
| CVE-2024-7920 | 2024-08-19 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control |
| CVE-2024-7921 | 2024-08-19 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control |
| CVE-2024-6330 | 2024-08-19 | GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI |
| CVE-2024-6451 | 2024-08-19 | AI Engine < 2.5.1 - Admin+ RCE |
| CVE-2024-6843 | 2024-08-19 | SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS |
| CVE-2024-25582 | 2024-08-19 | Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting... |
| CVE-2024-43379 | 2024-08-19 | TruffleHog has a Blind SSRF in some Detectors |
| CVE-2024-43380 | 2024-08-19 | fugit parse and parse_nat stall on lengthy input |
| CVE-2024-43399 | 2024-08-19 | Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files |
| CVE-2024-7922 | 2024-08-19 | D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection |
| CVE-2024-6348 | 2024-08-19 | Predictable seed generation after ECU reset |
| CVE-2024-43401 | 2024-08-19 | In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them |
| CVE-2024-43400 | 2024-08-19 | XWiki Platform allows XSS through XClass name in string properties |
| CVE-2024-32928 | 2024-08-19 | The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any... |
| CVE-2024-32927 | 2024-08-19 | In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-37099 | 2024-08-19 | WordPress GiveWP plugin <= 3.14.1 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-43221 | 2024-08-19 | WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability |
| CVE-2024-43232 | 2024-08-19 | WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability |
| CVE-2024-43236 | 2024-08-19 | WordPress Easy PayPal & Stripe Buy Now Button plugin <= 1.9 - Open Redirection vulnerability |
| CVE-2024-43240 | 2024-08-19 | WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-43242 | 2024-08-19 | WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-43245 | 2024-08-19 | WordPress JobSearch plugin <= 2.3.4 - Unauthenticated Account Takeover vulnerability |
| CVE-2024-43247 | 2024-08-19 | WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability |
| CVE-2024-43248 | 2024-08-19 | WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-43249 | 2024-08-19 | WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability |
| CVE-2024-43250 | 2024-08-19 | WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability |
| CVE-2024-43252 | 2024-08-19 | WordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerability |
| CVE-2024-43256 | 2024-08-19 | WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability |
| CVE-2024-43261 | 2024-08-19 | WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability |
| CVE-2024-43271 | 2024-08-19 | WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.0 - Local File Inclusion vulnerability |
| CVE-2024-43272 | 2024-08-19 | WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability |
| CVE-2024-43280 | 2024-08-19 | WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability |
| CVE-2024-43281 | 2024-08-19 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.3 - Local File Inclusion vulnerability |
| CVE-2024-7924 | 2024-08-19 | ZZCMS list.php path traversal |