VULNMAP - Security Vulnerabilities

CVE List - 2024 / August

Showing 1701 - 1800 of 2898 CVEs for August 2024 (Page 18 of 29)

CVE ID Date Title
CVE-2024-43238 2024-08-18 WordPress weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43335 2024-08-18 WordPress Responsive Blocks – WordPress Gutenberg Blocks plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43330 2024-08-18 WordPress PowerPack for Beaver Builder plugin < 2.37.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43329 2024-08-18 WordPress Allegiant theme <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43327 2024-08-18 WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43324 2024-08-18 WordPress Clever Addons for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43321 2024-08-18 WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43320 2024-08-18 WordPress WPBakery Page Builder Addons plugin <= 3.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43318 2024-08-18 WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43313 2024-08-18 WordPress FormFacade – WordPress plugin for Google Forms plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43309 2024-08-18 WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43308 2024-08-18 WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43307 2024-08-18 WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43306 2024-08-18 WordPress WP-Lister Lite for eBay plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43305 2024-08-18 WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.11 - Cross Site Scripting (XSS) vulnerability
CVE-2024-7907 2024-08-18 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection
CVE-2024-7908 2024-08-18 TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
CVE-2024-7909 2024-08-18 TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
CVE-2024-7910 2024-08-18 CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload
CVE-2024-6221 2024-08-18 Improper Access Control in corydolphin/flask-cors
CVE-2024-7911 2024-08-18 SourceCodester Simple Online Bidding System index.php file inclusion
CVE-2024-43304 2024-08-18 WordPress Cryptocurrency Widgets plugin <= 2.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43303 2024-08-18 WordPress White Label CMS plugin <= 2.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43294 2024-08-18 WordPress Bold Timeline Lite plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43292 2024-08-18 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43291 2024-08-18 WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43284 2024-08-18 WordPress WP Travel Gutenberg Blocks plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43279 2024-08-18 WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43278 2024-08-18 WordPress Meta Field Block plugin <= 1.2.13 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43267 2024-08-18 WordPress Mega Addons For Elementor plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43263 2024-08-18 WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43262 2024-08-18 WordPress Busiprof theme <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43246 2024-08-18 WordPress WHMpress plugin <= 6.2-revision-5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43244 2024-08-18 WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43241 2024-08-18 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43350 2024-08-18 WordPress Propovoice CRM plugin <= 1.7.6.4 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-7912 2024-08-18 CodeAstro Online Railway Reservation System assets exposure of information through directory listing
CVE-2024-43322 2024-08-18 WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-43315 2024-08-18 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-43288 2024-08-18 WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-43266 2024-08-18 WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.6 - Insecure Direct Object References (IDOR) vulnerability
CVE-2024-43239 2024-08-18 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability
CVE-2024-43286 2024-08-18 WordPress Squirrly SEO plugin <= 12.3.19 - SQL Injection vulnerability
CVE-2024-43282 2024-08-18 WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability
CVE-2024-43207 2024-08-18 WordPress Unite Gallery Lite plugin <= 1.7.62 - SQL Injection vulnerability
CVE-2024-43145 2024-08-18 WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability
CVE-2024-35686 2024-08-18 WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability
CVE-2024-7913 2024-08-18 itsourcecode Billing System addclient1.php sql injection
CVE-2024-7914 2024-08-18 SourceCodester Yoga Class Registration System SystemSettings.php cross site scripting
CVE-2024-7916 2024-08-18 nafisulbari/itsourcecode Insurance Management System Add Nominee Page addNominee.php cross site scripting
CVE-2024-7917 2024-08-18 DouPHP Favicon system.php unrestricted upload
CVE-2024-23729 2024-08-19 The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows...
CVE-2024-35538 2024-08-19 Typecho v1.3.0 was discovered to contain a Client IP Spoofing...
CVE-2024-35539 2024-08-19 Typecho v1.3.0 was discovered to contain a race condition vulnerability...
CVE-2024-42633 2024-08-19 A Command Injection vulnerability exists in the do_upgrade_post function of...
CVE-2024-42657 2024-08-19 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows...
CVE-2024-42658 2024-08-19 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows...
CVE-2024-42813 2024-08-19 In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability...
CVE-2024-42815 2024-08-19 In the TP-Link RE365 V1_180213, there is a buffer overflow...
CVE-2024-44067 2024-08-19 The T-Head XuanTie C910 CPU in the TH1520 SoC and...
CVE-2024-44069 2024-08-19 Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the...
CVE-2024-44073 2024-08-19 The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows...
CVE-2024-44076 2024-08-19 In Microcks before 1.10.0, the POST /api/import and POST /api/export...
CVE-2024-42812 2024-08-19 In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability...
CVE-2024-44070 2024-08-19 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap...
CVE-2024-44083 2024-08-19 ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there...
CVE-2024-7919 2024-08-19 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
CVE-2024-7920 2024-08-19 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control
CVE-2024-7921 2024-08-19 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
CVE-2024-6330 2024-08-19 GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
CVE-2024-6451 2024-08-19 AI Engine < 2.5.1 - Admin+ RCE
CVE-2024-6843 2024-08-19 SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS
CVE-2024-25582 2024-08-19 Module savepoints could be abused to inject references to malicious...
CVE-2024-43379 2024-08-19 TruffleHog has a Blind SSRF in some Detectors
CVE-2024-43380 2024-08-19 fugit parse and parse_nat stall on lengthy input
CVE-2024-43399 2024-08-19 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
CVE-2024-7922 2024-08-19 D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection
CVE-2024-6348 2024-08-19 Predictable seed generation after ECU reset
CVE-2024-43401 2024-08-19 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
CVE-2024-43400 2024-08-19 XWiki Platform allows XSS through XClass name in string properties
CVE-2024-32928 2024-08-19 The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of...
CVE-2024-32927 2024-08-19 In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after...
CVE-2024-37099 2024-08-19 WordPress GiveWP plugin <= 3.14.1 - Unauthenticated PHP Object Injection vulnerability
CVE-2024-43221 2024-08-19 WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
CVE-2024-43232 2024-08-19 WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability
CVE-2024-43236 2024-08-19 WordPress Easy PayPal & Stripe Buy Now Button plugin <= 1.9 - Open Redirection vulnerability
CVE-2024-43240 2024-08-19 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-43242 2024-08-19 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated PHP Object Injection vulnerability
CVE-2024-43245 2024-08-19 WordPress JobSearch plugin <= 2.3.4 - Unauthenticated Account Takeover vulnerability
CVE-2024-43247 2024-08-19 WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability
CVE-2024-43248 2024-08-19 WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability
CVE-2024-43249 2024-08-19 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability
CVE-2024-43250 2024-08-19 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability
CVE-2024-43252 2024-08-19 WordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerability
CVE-2024-43256 2024-08-19 WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability
CVE-2024-43261 2024-08-19 WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability
CVE-2024-43271 2024-08-19 WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.0 - Local File Inclusion vulnerability
CVE-2024-43272 2024-08-19 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability
CVE-2024-43280 2024-08-19 WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability
CVE-2024-43281 2024-08-19 WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.3 - Local File Inclusion vulnerability