CVE List - 2024 / August
Showing 1901 - 2000 of 2898 CVEs for August 2024 (Page 20 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-5763 | 2024-08-20 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget |
| CVE-2024-6575 | 2024-08-20 | The Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget |
| CVE-2024-7780 | 2024-08-20 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection |
| CVE-2022-1206 | 2024-08-20 | AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload |
| CVE-2024-7782 | 2024-08-20 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion |
| CVE-2024-38810 | 2024-08-20 | Missing Authorization When Using @AuthorizeReturnObject |
| CVE-2024-6864 | 2024-08-20 | WP Last Modified Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via lmt-post-modified-info Shortcode |
| CVE-2024-5576 | 2024-08-20 | Tutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget |
| CVE-2024-6847 | 2024-08-20 | SmartSearch WP <= 2.4.4 - Unauthenticated SQLi |
| CVE-2024-38808 | 2024-08-20 | CVE-2024-38808: Spring Expression DoS Vulnerability |
| CVE-2024-43202 | 2024-08-20 | Apache DolphinScheduler: Remote Code Execution Vulnerability |
| CVE-2024-28829 | 2024-08-20 | Privilege escalation in mk_informix plugin |
| CVE-2024-21689 | 2024-08-20 | This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code... |
| CVE-2024-7054 | 2024-08-20 | Popup Maker <= 1.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-41697 | 2024-08-20 | Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| CVE-2024-41698 | 2024-08-20 | Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-41699 | 2024-08-20 | Priority – CWE-552: Files or Directories Accessible to External Parties |
| CVE-2024-25009 | 2024-08-20 | Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability |
| CVE-2024-41700 | 2024-08-20 | Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-6918 | 2024-08-20 | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port... |
| CVE-2024-42335 | 2024-08-20 | 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-42336 | 2024-08-20 | Servision - CWE-287: Improper Authentication |
| CVE-2024-8003 | 2024-08-20 | Go-Tribe gotribe-admin Log routes.go InitRoutes deserialization |
| CVE-2024-6379 | 2024-08-20 | Reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-6378 | 2024-08-20 | Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-6377 | 2024-08-20 | URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-8005 | 2024-08-20 | demozx gf_cms JWT Authentication auth.go init hard-coded credentials |
| CVE-2024-39690 | 2024-08-20 | Capsule tenant owner with "patch namespace" permission can hijack system namespaces |
| CVE-2024-42369 | 2024-08-20 | A room with itself as a its predecessor will freeze matrix-js-sdk |
| CVE-2024-43376 | 2024-08-20 | Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information |
| CVE-2024-43377 | 2024-08-20 | Umbraco CMS Improper Access Control vulnerability |
| CVE-2024-43397 | 2024-08-20 | Potential unauthorized access issue in apollo-portal |
| CVE-2024-43404 | 2024-08-20 | Remote Code Execution Vulnerability in MEGABOT |
| CVE-2024-43406 | 2024-08-20 | LF Edge eKuiper has a SQL Injection in sqlKvStore |
| CVE-2024-43409 | 2024-08-20 | Ghost's improper authentication allows access to member information and actions |
| CVE-2024-27187 | 2024-08-20 | [20240804] - Core - Improper ACL for backend profile view |
| CVE-2024-40743 | 2024-08-20 | [20240805] - Core - XSS vectors in Outputfilter::strip* methods |
| CVE-2024-27184 | 2024-08-20 | [20240801] - Core - Inadequate validation of internal URLs |
| CVE-2024-27186 | 2024-08-20 | [20240803] - Core - XSS in HTML Mail Templates |
| CVE-2024-27185 | 2024-08-20 | [20240802] - Core - Cache Poisoning in Pagination |
| CVE-2024-43408 | 2024-08-20 | Discourse Placeholder Forms has a XSS stopped by CSP |
| CVE-2024-35214 | 2024-08-20 | Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows |
| CVE-2024-6322 | 2024-08-20 | Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other... |
| CVE-2024-38175 | 2024-08-20 | Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability |
| CVE-2024-7711 | 2024-08-20 | An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only... |
| CVE-2024-6337 | 2024-08-20 | Incorrect Authorization allows read access to issues in GitHub Enterprise Server |
| CVE-2024-6800 | 2024-08-20 | An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed... |
| CVE-2024-41773 | 2024-08-20 | IBM Global Configuration Management incorrect ownership assignment |
| CVE-2024-41659 | 2024-08-20 | GHSL-2024-034: memos CORS Misconfiguration in server.go |
| CVE-2024-41657 | 2024-08-20 | GHSL-2024-035: Casdoor CORS misconfiguration |
| CVE-2024-41658 | 2024-08-20 | GHSL-2024-036: Reflected XSS in QrCodePage.js |
| CVE-2024-42363 | 2024-08-20 | GHSL-2023-136_Samson |
| CVE-2024-43396 | 2024-08-20 | Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) |
| CVE-2024-42361 | 2024-08-20 | GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull} |
| CVE-2024-42362 | 2024-08-20 | GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import |
| CVE-2024-43403 | 2024-08-20 | Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation |
| CVE-2024-43861 | 2024-08-20 | net: usb: qmi_wwan: fix memory leak for not ip packets |
| CVE-2024-22281 | 2024-08-20 | Apache Helix Front (UI): Helix front hard-coded secret in the express-session |
| CVE-2024-8022 | 2024-08-20 | Genexis Tilgin Home Gateway cross site scripting |
| CVE-2024-8023 | 2024-08-20 | chillzhuang SpringBlade list sql injection |
| CVE-2024-43862 | 2024-08-20 | net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex |
| CVE-2024-43863 | 2024-08-20 | drm/vmwgfx: Fix a deadlock in dma buf fence polling |
| CVE-2024-43864 | 2024-08-20 | net/mlx5e: Fix CT entry update leaks of modify header context |
| CVE-2024-43865 | 2024-08-20 | s390/fpu: Re-add exception handling in load_fpu_state() |
| CVE-2024-43866 | 2024-08-20 | net/mlx5: Always drain health in shutdown callback |
| CVE-2024-43867 | 2024-08-20 | drm/nouveau: prime: fix refcount underflow |
| CVE-2024-43868 | 2024-08-20 | riscv/purgatory: align riscv_kernel_entry |
| CVE-2023-29929 | 2024-08-21 | Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library. |
| CVE-2024-39344 | 2024-08-21 | An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a... |
| CVE-2024-40453 | 2024-08-21 | squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. |
| CVE-2024-42550 | 2024-08-21 | A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2024-42777 | 2024-08-21 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-42779 | 2024-08-21 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-42780 | 2024-08-21 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-42781 | 2024-08-21 | A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. |
| CVE-2024-42782 | 2024-08-21 | A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. |
| CVE-2024-42783 | 2024-08-21 | Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter. |
| CVE-2024-42784 | 2024-08-21 | A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. |
| CVE-2024-42785 | 2024-08-21 | A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. |
| CVE-2024-42786 | 2024-08-21 | A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. |
| CVE-2024-42939 | 2024-08-21 | A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks... |
| CVE-2024-43022 | 2024-08-21 | An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. |
| CVE-2024-43027 | 2024-08-21 | DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. |
| CVE-2024-41572 | 2024-08-21 | Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can... |
| CVE-2024-42778 | 2024-08-21 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-43869 | 2024-08-21 | perf: Fix event leak upon exec and file release |
| CVE-2024-43870 | 2024-08-21 | perf: Fix event leak upon exit |
| CVE-2024-43871 | 2024-08-21 | devres: Fix memory leakage caused by driver API devm_free_percpu() |
| CVE-2024-43872 | 2024-08-21 | RDMA/hns: Fix soft lockup under heavy CEQE load |
| CVE-2024-43873 | 2024-08-21 | vhost/vsock: always initialize seqpacket_allow |
| CVE-2024-43874 | 2024-08-21 | crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked |
| CVE-2024-43875 | 2024-08-21 | PCI: endpoint: Clean up error handling in vpci_scan_bus() |
| CVE-2024-43876 | 2024-08-21 | PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() |
| CVE-2024-43877 | 2024-08-21 | media: pci: ivtv: Add check for DMA map result |
| CVE-2024-43878 | 2024-08-21 | xfrm: Fix input error path memory access |
| CVE-2024-43879 | 2024-08-21 | wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() |
| CVE-2024-43880 | 2024-08-21 | mlxsw: spectrum_acl_erp: Fix object nesting warning |
| CVE-2024-43881 | 2024-08-21 | wifi: ath12k: change DMA direction while mapping reinjected packets |
| CVE-2024-43882 | 2024-08-21 | exec: Fix ToCToU between perm check and set-uid/gid usage |
| CVE-2024-38305 | 2024-08-21 | Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the... |