CVE List - 2024 / August
Showing 2801 - 2898 of 2898 CVEs for August 2024 (Page 29 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-43935 | 2024-08-29 | WordPress WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43934 | 2024-08-29 | WordPress Collapsing Archives plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43926 | 2024-08-29 | WordPress Beaver Builder plugin <= 2.8.3.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43921 | 2024-08-29 | WordPress Generate Images – Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43920 | 2024-08-29 | WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43947 | 2024-08-29 | WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34019 | 2024-08-29 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. |
| CVE-2024-34017 | 2024-08-29 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. |
| CVE-2024-34018 | 2024-08-29 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. |
| CVE-2024-45302 | 2024-08-29 | CRLF Injection in RestSharp's `RestRequest.AddHeader` method |
| CVE-2024-6670 | 2024-08-29 | WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability |
| CVE-2024-6671 | 2024-08-29 | WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability |
| CVE-2024-2502 | 2024-08-29 | Failure to update the tamper reset cause register when a tamper event occurs |
| CVE-2024-6672 | 2024-08-29 | WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability |
| CVE-2024-1543 | 2024-08-29 | AES T-Table sub-cache-line leakage |
| CVE-2024-1545 | 2024-08-29 | Fault Injection of RSA encryption in WolfCrypt |
| CVE-2024-2881 | 2024-08-29 | Fault Injection of EdDSA signature in WolfCrypt |
| CVE-2024-44916 | 2024-08-30 | Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. |
| CVE-2024-44918 | 2024-08-30 | A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-44682 | 2024-08-30 | ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. |
| CVE-2024-44683 | 2024-08-30 | Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. |
| CVE-2024-44684 | 2024-08-30 | TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. |
| CVE-2024-45488 | 2024-08-30 | One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions... |
| CVE-2024-45490 | 2024-08-30 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
| CVE-2024-45491 | 2024-08-30 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
| CVE-2024-45492 | 2024-08-30 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
| CVE-2024-8234 | 2024-08-30 | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute... |
| CVE-2024-8327 | 2024-08-30 | HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection |
| CVE-2024-8328 | 2024-08-30 | HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - Reflected XSS |
| CVE-2024-8329 | 2024-08-30 | Gether Technology 6SHR System - SQL Injection |
| CVE-2024-8330 | 2024-08-30 | Gether Technology 6SHR System - Unrestricted File Upload |
| CVE-2024-5061 | 2024-08-30 | Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters |
| CVE-2024-5024 | 2024-08-30 | MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters |
| CVE-2024-5784 | 2024-08-30 | Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-4401 | 2024-08-30 | Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters |
| CVE-2024-3998 | 2024-08-30 | Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-2694 | 2024-08-30 | Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-5879 | 2024-08-30 | HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget |
| CVE-2024-3673 | 2024-08-30 | Web Directory Free < 1.7.3 - Unauthenticated LFI |
| CVE-2024-42412 | 2024-08-30 | Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to... |
| CVE-2024-34577 | 2024-08-30 | Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to... |
| CVE-2024-39300 | 2024-08-30 | Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication... |
| CVE-2024-8016 | 2024-08-30 | The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution |
| CVE-2024-8319 | 2024-08-30 | Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2024-44944 | 2024-08-30 | netfilter: ctnetlink: use helper function to calculate expect ID |
| CVE-2024-7122 | 2024-08-30 | Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-8274 | 2024-08-30 | WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting |
| CVE-2024-8252 | 2024-08-30 | Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-7858 | 2024-08-30 | Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions |
| CVE-2022-48944 | 2024-08-30 | sched: Fix yet more sched_fork() races |
| CVE-2024-8331 | 2024-08-30 | OpenRapid RapidCMS user-move-run.php sql injection |
| CVE-2024-8332 | 2024-08-30 | master-nan Sweet-CMS index sql injection |
| CVE-2024-8260 | 2024-08-30 | OPA SMB Force-Authentication |
| CVE-2024-8334 | 2024-08-30 | master-nan Sweet-CMS log.go LogHandler neutralization for logs |
| CVE-2024-8335 | 2024-08-30 | OpenRapid RapidCMS runlogon.php sql injection |
| CVE-2024-8336 | 2024-08-30 | SourceCodester Music Gallery Site Master.php sql injection |
| CVE-2024-8337 | 2024-08-30 | SourceCodester Contact Manager with Export to VCF index.html cross site scripting |
| CVE-2024-8338 | 2024-08-30 | HFO4 shudong-share File Extension fileReceive.php unrestricted upload |
| CVE-2024-8339 | 2024-08-30 | SourceCodester Electric Billing Management System Connection Code ?page=tracks sql injection |
| CVE-2024-8340 | 2024-08-30 | SourceCodester Electric Billing Management System Actions.php sql injection |
| CVE-2024-8341 | 2024-08-30 | SourceCodester Petshop Management System add_user.php unrestricted upload |
| CVE-2024-8342 | 2024-08-30 | SourceCodester Petshop Management System add_client.php unrestricted upload |
| CVE-2024-8343 | 2024-08-30 | SourceCodester Sentiment Based Movie Rating System User Registration Users.php sql injection |
| CVE-2024-8235 | 2024-08-30 | Libvirt: crash of virtinterfaced via virconnectlistinterfaces() |
| CVE-2024-8344 | 2024-08-30 | Campcodes Supplier Management System edit_area.php sql injection |
| CVE-2024-45047 | 2024-08-30 | Potential mXSS vulnerability due to improper HTML escaping in svelte |
| CVE-2024-8345 | 2024-08-30 | SourceCodester Music Gallery Site Users.php sql injection |
| CVE-2024-6204 | 2024-08-30 | SQL injection |
| CVE-2024-21658 | 2024-08-30 | Insufficient control of region value length in discourse-calendar |
| CVE-2024-38868 | 2024-08-30 | Incorrect Authorization |
| CVE-2024-8346 | 2024-08-30 | SourceCodester Computer Laboratory Management System SystemSettings.php update_settings_info sql injection |
| CVE-2024-8285 | 2024-08-30 | Kroxylicious: missing upstream kafka tls hostname verification |
| CVE-2024-8347 | 2024-08-30 | SourceCodester Computer Laboratory Management System Master.php delete_record sql injection |
| CVE-2024-8348 | 2024-08-30 | SourceCodester Computer Laboratory Management System Master.php delete_category sql injection |
| CVE-2024-6585 | 2024-08-30 | Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web... |
| CVE-2024-6586 | 2024-08-30 | Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat... |
| CVE-2023-7256 | 2024-08-30 | Double-free in libpcap before 1.10.5 with remote packet capture support. |
| CVE-2024-45304 | 2024-08-30 | OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts |
| CVE-2024-8006 | 2024-08-30 | NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support |
| CVE-2024-39747 | 2024-08-31 | IBM Sterling Connect:Direct Web Services information disclosure |
| CVE-2024-7435 | 2024-08-31 | Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-5212 | 2024-08-31 | tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] |
| CVE-2024-3886 | 2024-08-31 | tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] |
| CVE-2024-44945 | 2024-08-31 | netfilter: nfnetlink: Initialise extack before use in ACKs |
| CVE-2024-39578 | 2024-08-31 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service,... |
| CVE-2024-8276 | 2024-08-31 | WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2024-39579 | 2024-08-31 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. |
| CVE-2024-0109 | 2024-08-31 | NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may... |
| CVE-2024-0110 | 2024-08-31 | NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability... |
| CVE-2024-0111 | 2024-08-31 | NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of... |
| CVE-2022-4100 | 2024-08-31 | WP Cerber Security <= 9.4 - IP Protection Bypass |
| CVE-2024-8108 | 2024-08-31 | Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter |
| CVE-2022-4536 | 2024-08-31 | IP Vault – WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-7717 | 2024-08-31 | WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection |
| CVE-2022-4539 | 2024-08-31 | Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-44946 | 2024-08-31 | kcm: Serialise kcm_sendmsg() for the same socket. |
| CVE-2024-8366 | 2024-08-31 | code-projects Pharmacy Management System Update My Profile Page index.php cross site scripting |
| CVE-2024-45508 | 2024-09-01 | HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. |
| CVE-2024-45509 | 2024-09-01 | In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. |
| CVE-2024-45522 | 2024-09-01 | Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. |