CVE List - 2024 / August
Showing 2501 - 2600 of 2898 CVEs for August 2024 (Page 26 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8170 | 2024-08-26 | SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload |
| CVE-2024-8171 | 2024-08-26 | itsourcecode Tailoring Management System staffcatedit.php sql injection |
| CVE-2024-8172 | 2024-08-26 | SourceCodester QR Code Attendance System delete-student.php cross site scripting |
| CVE-2024-8173 | 2024-08-26 | code-projects Blood Bank System Login Page login.php sql injection |
| CVE-2024-43319 | 2024-08-26 | WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability |
| CVE-2024-43289 | 2024-08-26 | WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability |
| CVE-2024-43283 | 2024-08-26 | WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability |
| CVE-2024-8174 | 2024-08-26 | code-projects Blood Bank System Login Page login.php cross site scripting |
| CVE-2024-7401 | 2024-08-26 | Client Enrollment Process Bypass |
| CVE-2024-43806 | 2024-08-26 | `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion |
| CVE-2024-43802 | 2024-08-26 | heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 |
| CVE-2024-8105 | 2024-08-26 | Insecure Platform Key (PK) used in UEFI system firmware signature |
| CVE-2024-43264 | 2024-08-26 | WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability |
| CVE-2024-43259 | 2024-08-26 | WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability |
| CVE-2024-43258 | 2024-08-26 | WordPress Store Locator Plus® for WordPress plugin <= 2311.17.01 - Sensitive Data Exposure vulnerability |
| CVE-2024-43257 | 2024-08-26 | WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability |
| CVE-2024-43251 | 2024-08-26 | WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability |
| CVE-2024-43230 | 2024-08-26 | WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability |
| CVE-2024-43214 | 2024-08-26 | WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability |
| CVE-2024-43916 | 2024-08-26 | WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-43339 | 2024-08-26 | WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43255 | 2024-08-26 | WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.3.9 - CSRF to XSS vulnerability |
| CVE-2024-43356 | 2024-08-26 | WordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-43915 | 2024-08-26 | WordPress Zephyr Project Manager plugin <=3.3.102 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43340 | 2024-08-26 | WordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43337 | 2024-08-26 | WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43336 | 2024-08-26 | WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43325 | 2024-08-26 | WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability |
| CVE-2024-43316 | 2024-08-26 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43301 | 2024-08-26 | WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability |
| CVE-2024-43299 | 2024-08-26 | WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43295 | 2024-08-26 | WordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43287 | 2024-08-26 | WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43269 | 2024-08-26 | WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43265 | 2024-08-26 | WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability |
| CVE-2024-43117 | 2024-08-26 | WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43116 | 2024-08-26 | WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39657 | 2024-08-26 | WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39645 | 2024-08-26 | WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39641 | 2024-08-26 | WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39628 | 2024-08-26 | WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43798 | 2024-08-26 | Chisel AUTH environment variable not respected in server entrypoint |
| CVE-2024-45036 | 2024-08-26 | Improper Access Control Vulnerability When Accessing a Maliciously Crafted Tophat Link |
| CVE-2022-39996 | 2024-08-27 | Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows... |
| CVE-2022-39997 | 2024-08-27 | A weak password requirement issue was discovered in Teldats Router... |
| CVE-2024-36068 | 2024-08-27 | An incorrect access control vulnerability in Rubrik CDM versions prior... |
| CVE-2024-41622 | 2024-08-27 | D-Link DIR-846W A1 FW100A43 was discovered to contain a remote... |
| CVE-2024-42851 | 2024-08-27 | Buffer Overflow vulnerability in open source exiftags v.1.01 allows a... |
| CVE-2024-44340 | 2024-08-27 | D-Link DIR-846W A1 FW100A43 was discovered to contain a remote... |
| CVE-2024-44341 | 2024-08-27 | D-Link DIR-846W A1 FW100A43 was discovered to contain a remote... |
| CVE-2024-44342 | 2024-08-27 | D-Link DIR-846W A1 FW100A43 was discovered to contain a remote... |
| CVE-2024-45264 | 2024-08-27 | A cross-site request forgery (CSRF) vulnerability in the admin panel... |
| CVE-2024-45321 | 2024-08-27 | The App::cpanminus package through 1.7047 for Perl downloads code via... |
| CVE-2024-40395 | 2024-08-27 | An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0... |
| CVE-2024-7125 | 2024-08-27 | Authentication Bypass Vulnerability in Hitachi Ops Center Common Services |
| CVE-2024-6688 | 2024-08-27 | Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update |
| CVE-2024-6804 | 2024-08-27 | Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File |
| CVE-2024-7304 | 2024-08-27 | Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8046 | 2024-08-27 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-7608 | 2024-08-27 | An authenticated user can access the restricted files from NX,... |
| CVE-2024-41173 | 2024-08-27 | Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD |
| CVE-2024-41174 | 2024-08-27 | Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD |
| CVE-2024-41175 | 2024-08-27 | Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package |
| CVE-2024-41176 | 2024-08-27 | Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD |
| CVE-2024-6789 | 2024-08-27 | Path traversal in M-Files API |
| CVE-2024-7791 | 2024-08-27 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget |
| CVE-2024-8207 | 2024-08-27 | MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths |
| CVE-2024-4872 | 2024-08-27 | A vulnerability exists in the query validation of the MicroSCADA... |
| CVE-2024-3980 | 2024-08-27 | The MicroSCADA Pro/X SYS600 product allows an authenticated user input... |
| CVE-2024-3982 | 2024-08-27 | An attacker with local access to machine where MicroSCADA X... |
| CVE-2024-7940 | 2024-08-27 | The product exposes a service that is intended for local... |
| CVE-2024-7941 | 2024-08-27 | An HTTP parameter may contain a URL value and could... |
| CVE-2024-8182 | 2024-08-27 | Flowise Denial of Service |
| CVE-2024-8181 | 2024-08-27 | Flowise Authentication Bypass |
| CVE-2024-7071 | 2024-08-27 | Unauthenticate SQLi in Brain Information Technologies' Brain Low-Code |
| CVE-2024-6633 | 2024-08-27 | Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier) |
| CVE-2024-6632 | 2024-08-27 | SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier) |
| CVE-2024-8200 | 2024-08-27 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery |
| CVE-2024-8199 | 2024-08-27 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2024-43788 | 2024-08-27 | DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS) |
| CVE-2024-43783 | 2024-08-27 | Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies |
| CVE-2024-43414 | 2024-08-27 | Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries |
| CVE-2024-7720 | 2024-08-27 | HP Security Manager - Potential Remote Code Execution |
| CVE-2024-8208 | 2024-08-27 | nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting |
| CVE-2024-8209 | 2024-08-27 | nafisulbari/itsourcecode Insurance Management System addClient.php cross site scripting |
| CVE-2024-8210 | 2024-08-27 | D-Link DNS-1550-04 hd_config.cgi sprintf command injection |
| CVE-2024-5991 | 2024-08-27 | Buffer overread in domain name matching |
| CVE-2024-45037 | 2024-08-27 | AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template |
| CVE-2024-5288 | 2024-08-27 | Safe-error attack on TLS 1.3 Protocol |
| CVE-2024-5814 | 2024-08-27 | Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade |
| CVE-2024-1544 | 2024-08-27 | ECDSA nonce bias caused by truncation |
| CVE-2024-8211 | 2024-08-27 | D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R1_DiskMGR command injection |
| CVE-2024-8212 | 2024-08-27 | D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_2nd_DiskMGR command injection |
| CVE-2024-8213 | 2024-08-27 | D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_1st_DiskMGR command injection |
| CVE-2024-8214 | 2024-08-27 | D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R5_2nd_DiskMGR command injection |
| CVE-2024-8216 | 2024-08-27 | nafisulbari/itsourcecode Insurance Management System Payment editPayment.php access control |
| CVE-2024-8217 | 2024-08-27 | SourceCodester E-Commerce Website registration.php sql injection |
| CVE-2024-45049 | 2024-08-27 | Nix Hydra Missing authentication when triggering evaluations |
| CVE-2024-45038 | 2024-08-27 | Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware |
| CVE-2024-8218 | 2024-08-27 | code-projects Online Quiz Site index.php sql injection |