VULNMAP - Security Vulnerabilities

CVE List - 2024 / August

Showing 101 - 200 of 2898 CVEs for August 2024 (Page 2 of 29)

CVE ID Date Title
CVE-2024-39663 2024-08-01 WordPress WP Fast Total Search plugin <= 1.68.232 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39662 2024-08-01 WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39661 2024-08-01 WordPress Kubio AI Page Builder plugin <= 2.2.4 - Authenticated Cross Site Scripting (XSS) vulnerability
CVE-2024-41957 2024-08-01 Vim double free in src/alloc.c:616
CVE-2024-39660 2024-08-01 WordPress Photo Engine (Media Organizer & Lightroom) plugin <= 6.3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-41965 2024-08-01 Vim < v9.1.0648 has a double-free in dialog_changed()
CVE-2024-39659 2024-08-01 WordPress WP-PostRatings plugin <= 1.91.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39656 2024-08-01 WordPress Tin Canny Reporting for LearnDash plugin <= 4.3.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-39655 2024-08-01 WordPress LiquidPoll plugin <= 3.3.77 - Unauthenticated Cross Site Scripting (XSS) vulnerability
CVE-2024-32758 2024-08-01 exacqVision - Key exchanges
CVE-2024-39652 2024-08-01 WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-39649 2024-08-01 WordPress Essential Addons for Elementor plugin <= 5.9.26 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39648 2024-08-01 WordPress Eventin plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32862 2024-08-01 exacqVision CORS
CVE-2024-7369 2024-08-01 SourceCodester Simple Realtime Quiz System Login ajax.php sql injection
CVE-2024-41949 2024-08-01 biscuit-rust vulnerable to public key confusion in third party block
CVE-2024-41948 2024-08-01 biscuit-java vulnerable to public key confusion in third party block
CVE-2024-41956 2024-08-01 Soft Serve allows arbitrary code execution by crafting git-lfs requests
CVE-2024-39647 2024-08-01 WordPress Message Filter for Contact Form 7 plugin <= 1.6.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39646 2024-08-01 WordPress Custom 404 Pro plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-39644 2024-08-01 WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39643 2024-08-01 WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39631 2024-08-01 WordPress Contest Gallery plugin <= 23.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39629 2024-08-01 WordPress Himalayas theme <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-39627 2024-08-01 WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 3.59.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-7370 2024-08-01 SourceCodester Simple Realtime Quiz System manage_quiz.php sql injection
CVE-2024-39626 2024-08-01 WordPress Pretty Simple Popup Builder plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-7371 2024-08-01 SourceCodester Simple Realtime Quiz System quiz_view.php sql injection
CVE-2024-7372 2024-08-01 SourceCodester Simple Realtime Quiz System quiz_board.php sql injection
CVE-2024-28297 2024-08-02 SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users...
CVE-2024-28298 2024-08-02 SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated...
CVE-2024-33892 2024-08-02 Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x...
CVE-2024-33893 2024-08-02 Cosy+ devices running a firmware 21.x below 21.2s10 or a...
CVE-2024-33894 2024-08-02 Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x...
CVE-2024-38881 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38882 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38883 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38884 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38885 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38886 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38887 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38888 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38889 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-38890 2024-08-02 An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663...
CVE-2024-38891 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through...
CVE-2024-41517 2024-08-02 An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <=...
CVE-2024-41518 2024-08-02 An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <=...
CVE-2024-41519 2024-08-02 Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS)...
CVE-2024-42458 2024-08-02 server.c in Neat VNC (aka neatvnc) before 0.8.1 does not...
CVE-2024-42459 2024-08-02 In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability...
CVE-2024-42460 2024-08-02 In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability...
CVE-2024-42461 2024-08-02 In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability...
CVE-2024-33895 2024-08-02 Cosy+ devices running a firmware 21.x below 21.2s10 or a...
CVE-2024-33896 2024-08-02 Cosy+ devices running a firmware 21.x below 21.2s10 or a...
CVE-2024-41310 2024-08-02 AndServer 2.1.12 is vulnerable to Directory Traversal.
CVE-2024-7373 2024-08-02 SourceCodester Simple Realtime Quiz System ajax.php sql injection
CVE-2024-7374 2024-08-02 SourceCodester Simple Realtime Quiz System manage_user.php sql injection
CVE-2024-22278 2024-08-02 Harbor fails to validate the user permissions when updating project configurations
CVE-2024-7375 2024-08-02 SourceCodester Simple Realtime Quiz System my_quiz_result.php sql injection
CVE-2024-7376 2024-08-02 SourceCodester Simple Realtime Quiz System print_quiz_records.php sql injection
CVE-2024-6567 2024-08-02 Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure
CVE-2024-7377 2024-08-02 SourceCodester Simple Realtime Quiz System view_result.php sql injection
CVE-2024-7378 2024-08-02 SourceCodester Simple Realtime Quiz System manage_question.php sql injection
CVE-2024-38482 2024-08-02 CloudLink, versions 7.1.x and 8.x, contain an Improper check or...
CVE-2024-7389 2024-08-02 Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure
CVE-2024-3827 2024-08-02 Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs
CVE-2024-5595 2024-08-02 Essential Blocks < 4.7.0 - Contributor+ Stored XSS
CVE-2024-3238 2024-08-02 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion
CVE-2024-39396 2024-08-02 Adobe Indesign 2024 PCX File Parsing Out Of Bound Read
CVE-2024-39392 2024-08-02 Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability
CVE-2024-38776 2024-08-02 WordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerability
CVE-2024-27181 2024-08-02 Apache Linkis Basic management services: Privilege Escalation Attack vulnerability
CVE-2024-27182 2024-08-02 Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
CVE-2024-4643 2024-08-02 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-36268 2024-08-02 Apache InLong TubeMQ Client: Remote Code Execution vulnerability
CVE-2024-40719 2024-08-02 CHANGING Information Technology TCBServiSign Windows Version - Inadequate Encryption Strength
CVE-2024-40720 2024-08-02 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
CVE-2024-40721 2024-08-02 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
CVE-2024-40722 2024-08-02 CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow
CVE-2024-40723 2024-08-02 CHANGING Information Technology HWATAIServiSign Windows Version - Stack-based Buffer Overflow
CVE-2024-7204 2024-08-02 Ai3 QbiBot - Stored XSS
CVE-2024-38876 2024-08-02 A vulnerability has been identified in Omnivise T3000 Application Server...
CVE-2024-38877 2024-08-02 A vulnerability has been identified in Omnivise T3000 Application Server...
CVE-2024-38878 2024-08-02 A vulnerability has been identified in Omnivise T3000 Application Server...
CVE-2024-38879 2024-08-02 A vulnerability has been identified in Omnivise T3000 Application Server...
CVE-2024-7323 2024-08-02 Digiwin EasyFlow .NET - Arbitrary File Download
CVE-2024-6704 2024-08-02 Comments – wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection
CVE-2024-41127 2024-08-02 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
CVE-2024-7029 2024-08-02 Command Injection in AVTech AVM1203 (IP Camera)
CVE-2024-7314 2024-08-02 anji-plus AJ-Report Authentication Bypass
CVE-2024-22169 2024-08-02 Misconfiguration in node.js causing a code execution in WD Discovery
CVE-2024-42348 2024-08-02 FOG leaks sensitive information (AD domain, username and password)
CVE-2024-42349 2024-08-02 FOG has a Log Information Disclosure
CVE-2024-7319 2024-08-02 Openstack-heat: incomplete fix for cve-2023-1625
CVE-2024-3056 2024-08-02 Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack
CVE-2024-6390 2024-08-03 Quiz and Survey Master (QSM) < 9.1.0 - Contributor+ Stored XSS
CVE-2024-6477 2024-08-03 UsersWP < 1.2.12 - Users Information Disclosure
CVE-2024-7291 2024-08-03 JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
CVE-2024-7031 2024-08-03 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update
CVE-2024-7257 2024-08-03 YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function