CVE List - 2024 / August
Showing 601 - 700 of 2898 CVEs for August 2024 (Page 7 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20451 | 2024-08-07 | Multiple vulnerabilities in the web-based management interface of Cisco Small... |
| CVE-2024-7143 | 2024-08-07 | Pulpcore: rbac permissions incorrectly assigned in tasks that create objects |
| CVE-2024-7585 | 2024-08-07 | Tenda i22 apPortalAuth formApPortalWebAuth buffer overflow |
| CVE-2024-41912 | 2024-08-07 | A vulnerability was discovered in the firmware builds up to... |
| CVE-2024-6706 | 2024-08-07 | Open WebUI Stored Cross-Site Scripting |
| CVE-2024-6707 | 2024-08-07 | Open WebUI Arbitrary File Upload + Path Traversal |
| CVE-2024-6890 | 2024-08-07 | Journyx Unauthenticated Password Reset Bruteforce |
| CVE-2024-6891 | 2024-08-07 | Journyx Authenticated Remote Code Execution |
| CVE-2024-6892 | 2024-08-07 | Journyx Reflected Cross Site Scripting |
| CVE-2024-6893 | 2024-08-07 | Journyx Unauthenticated XML External Entities Injection |
| CVE-2023-28865 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0... |
| CVE-2023-33206 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0... |
| CVE-2024-37382 | 2024-08-08 | An issue discovered in import host feature in Ab Initio... |
| CVE-2024-40473 | 2024-08-08 | A Stored Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-40474 | 2024-08-08 | A Reflected Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-40475 | 2024-08-08 | SourceCodester Best House Rental Management System v1.0 is vulnerable to... |
| CVE-2024-40476 | 2024-08-08 | A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester... |
| CVE-2024-40477 | 2024-08-08 | A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age... |
| CVE-2024-40481 | 2024-08-08 | A Stored Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-40482 | 2024-08-08 | An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of... |
| CVE-2024-40484 | 2024-08-08 | A Reflected Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-40486 | 2024-08-08 | A SQL injection vulnerability in "/index.php" of Kashipara Live Membership... |
| CVE-2024-40487 | 2024-08-08 | A Stored Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-40488 | 2024-08-08 | A Cross-Site Request Forgery (CSRF) vulnerability was found in the... |
| CVE-2024-41238 | 2024-08-08 | A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School... |
| CVE-2023-24062 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0... |
| CVE-2023-24063 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails... |
| CVE-2023-24064 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails... |
| CVE-2023-40261 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0... |
| CVE-2024-41481 | 2024-08-08 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS)... |
| CVE-2024-41482 | 2024-08-08 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS)... |
| CVE-2024-7561 | 2024-08-08 | The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-7560 | 2024-08-08 | News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection |
| CVE-2024-7486 | 2024-08-08 | MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-21302 | 2024-08-08 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-38202 | 2024-08-08 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-7350 | 2024-08-08 | Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover |
| CVE-2024-7492 | 2024-08-08 | MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-6254 | 2024-08-08 | Brizy – Page Builder <= 2.5.1 - Cross-Site Request Forgery |
| CVE-2024-6552 | 2024-08-08 | Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure |
| CVE-2024-6987 | 2024-08-08 | Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation |
| CVE-2024-6869 | 2024-08-08 | Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure |
| CVE-2024-5668 | 2024-08-08 | Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes |
| CVE-2024-5226 | 2024-08-08 | Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload |
| CVE-2024-7548 | 2024-08-08 | LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter |
| CVE-2024-7150 | 2024-08-08 | Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter |
| CVE-2024-6824 | 2024-08-08 | Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update |
| CVE-2024-6481 | 2024-08-08 | Search Filter Pro < 2.5.18 - Admin+ Stored XSS |
| CVE-2024-6884 | 2024-08-08 | Gutenberg Blocks with AI by Kadence WP < 3.2.39 - Contributor+ Stored XSS |
| CVE-2024-22069 | 2024-08-08 | Permission and Access Control Vulnerability in ZXV10 XT802/ET301 |
| CVE-2023-7265 | 2024-08-08 | Permission verification vulnerability in the lock screen module Impact: Successful... |
| CVE-2024-42030 | 2024-08-08 | Access permission verification vulnerability in the content sharing pop-up module... |
| CVE-2024-42251 | 2024-08-08 | mm: page_ref: remove folio_try_get_rcu() |
| CVE-2024-42252 | 2024-08-08 | closures: Change BUG_ON() to WARN_ON() |
| CVE-2024-42253 | 2024-08-08 | gpio: pca953x: fix pca953x_irq_bus_sync_unlock race |
| CVE-2024-42254 | 2024-08-08 | io_uring: fix error pbuf checking |
| CVE-2024-42255 | 2024-08-08 | tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() |
| CVE-2024-42256 | 2024-08-08 | cifs: Fix server re-repick on subrequest retry |
| CVE-2024-42257 | 2024-08-08 | ext4: use memtostr_pad() for s_volume_name |
| CVE-2024-42031 | 2024-08-08 | Access permission verification vulnerability in the Settings module. Impact: Successful... |
| CVE-2024-42032 | 2024-08-08 | Access permission verification vulnerability in the Contacts module Impact: Successful... |
| CVE-2024-42033 | 2024-08-08 | Access control vulnerability in the security verification module mpact: Successful... |
| CVE-2024-42034 | 2024-08-08 | LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of... |
| CVE-2024-42035 | 2024-08-08 | Permission control vulnerability in the App Multiplier module Impact:Successful exploitation... |
| CVE-2024-42036 | 2024-08-08 | Access permission verification vulnerability in the Notepad module Impact: Successful... |
| CVE-2024-42037 | 2024-08-08 | Vulnerability of uncaught exceptions in the Graphics module Impact: Successful... |
| CVE-2024-42038 | 2024-08-08 | Vulnerability of PIN enhancement failures in the screen lock module... |
| CVE-2024-6329 | 2024-08-08 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2024-4784 | 2024-08-08 | Authentication Bypass by Primary Weakness in GitLab |
| CVE-2024-4210 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-7610 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-7554 | 2024-08-08 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-5423 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-4207 | 2024-08-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-3958 | 2024-08-08 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2024-3114 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-3035 | 2024-08-08 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2024-2800 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-3659 | 2024-08-08 | Command injection in KAON AR2140 routers |
| CVE-2024-7348 | 2024-08-08 | PostgreSQL relation replacement during pg_dump executes arbitrary SQL |
| CVE-2024-41942 | 2024-08-08 | JupyterHub has a privilege escalation vulnerability with the `admin:users` scope |
| CVE-2024-42354 | 2024-08-08 | Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api |
| CVE-2024-42355 | 2024-08-08 | Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag |
| CVE-2024-42356 | 2024-08-08 | Shopware vulnerable to Server Side Template Injection in Twig using Context functions |
| CVE-2024-42357 | 2024-08-08 | Shopware vulnerable to blind SQL-injection in DAL aggregations |
| CVE-2024-7490 | 2024-08-08 | Remote Code Execution in Advanced Software Framework DHCP server |
| CVE-2024-7477 | 2024-08-08 | Avaya Aura System Manager SQL injection vulnerability |
| CVE-2024-7480 | 2024-08-08 | Improper access control in Avaya Aura System Manager |
| CVE-2024-0102 | 2024-08-08 | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in... |
| CVE-2024-0108 | 2024-08-08 | NVIDIA Jetson Linux contains a vulnerability in NvGPU where error... |
| CVE-2024-42365 | 2024-08-08 | Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan |
| CVE-2024-7394 | 2024-08-08 | Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName() |
| CVE-2024-42366 | 2024-08-08 | VR Overlay RCE |
| CVE-2024-0107 | 2024-08-08 | NVIDIA GPU Display Driver for Windows contains a vulnerability in... |
| CVE-2024-0101 | 2024-08-08 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain... |
| CVE-2024-0104 | 2024-08-08 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain... |
| CVE-2024-42493 | 2024-08-08 | Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor |
| CVE-2024-39287 | 2024-08-08 | Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor |
| CVE-2024-42408 | 2024-08-08 | Dorsett Controls InfoScan Path Traversal |
| CVE-2024-41161 | 2024-08-08 | Vonets WiFi Bridges Use of Hard-coded Credentials |