CVE List - 2024 / September
Showing 1 - 100 of 2518 CVEs for September 2024 (Page 1 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45508 | 2024-09-01 | HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in... |
| CVE-2024-45509 | 2024-09-01 | In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... |
| CVE-2024-45522 | 2024-09-01 | Linen before cd37c3e does not verify that the domain is... |
| CVE-2024-8367 | 2024-09-01 | HM Courts & Tribunals Service Probate Back Office Markdown NotificationService.java injection |
| CVE-2024-8368 | 2024-09-01 | code-projects Hospital Management System Login index.php sql injection |
| CVE-2024-5053 | 2024-09-01 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification |
| CVE-2024-8370 | 2024-09-01 | Grocy SVG File Upload recipepictures cross site scripting |
| CVE-2024-45269 | 2024-09-01 | WordPress plugin "Carousel Slider" provided by Sayful Islam contains a... |
| CVE-2024-45270 | 2024-09-01 | WordPress plugin "Carousel Slider" provided by Sayful Islam contains a... |
| CVE-2024-45527 | 2024-09-02 | REDCap 14.7.0 allows HTML injection via the project title of... |
| CVE-2024-45528 | 2024-09-02 | CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows... |
| CVE-2024-45622 | 2024-09-02 | ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through... |
| CVE-2024-45623 | 2024-09-02 | D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to... |
| CVE-2024-45621 | 2024-09-02 | The Electron desktop application of Rocket.Chat through 6.3.4 allows stored... |
| CVE-2024-8365 | 2024-09-02 | Vault Leaks AppRole Client Tokens And Accessor in Audit Log |
| CVE-2024-20084 | 2024-09-02 | In power, there is a possible out of bounds read... |
| CVE-2024-20085 | 2024-09-02 | In power, there is a possible out of bounds read... |
| CVE-2024-20086 | 2024-09-02 | In vdec, there is a possible out of bounds write... |
| CVE-2024-20087 | 2024-09-02 | In vdec, there is a possible out of bounds write... |
| CVE-2024-20088 | 2024-09-02 | In keyinstall, there is a possible out of bounds read... |
| CVE-2024-20089 | 2024-09-02 | In wlan, there is a possible denial of service due... |
| CVE-2024-28044 | 2024-09-02 | Liteos-A has an integer overflow vulnerability |
| CVE-2024-38382 | 2024-09-02 | Ability Runtime has an out-of-bounds read permission bypass vulnerability |
| CVE-2024-38386 | 2024-09-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-39612 | 2024-09-02 | Background Task Manager has an out-of-bounds read permission bypass vulnerability |
| CVE-2024-39775 | 2024-09-02 | Net Manager has an out-of-bounds read permission bypass vulnerability |
| CVE-2024-39816 | 2024-09-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-41157 | 2024-09-02 | Liteos-A has an use after free vulnerability |
| CVE-2024-41160 | 2024-09-02 | Liteos-A has an use after free vulnerability |
| CVE-2024-7871 | 2024-09-02 | Huachu Easytest Online Learning Test Platform - SQL Injection |
| CVE-2024-43772 | 2024-09-02 | Huachu Easytest Online Learning Test Platform - SQL Injection |
| CVE-2024-43773 | 2024-09-02 | Huachu Easytest Online Learning Test Platform - SQL Injection |
| CVE-2024-43774 | 2024-09-02 | Huachu Easytest Online Learning Test Platform - SQL Injection |
| CVE-2024-43775 | 2024-09-02 | Huachu Easytest Online Learning Test Platform - SQL Injection |
| CVE-2024-43776 | 2024-09-02 | Huachu Easytest Online Learning Test Platform - SQL Injection |
| CVE-2024-7354 | 2024-09-02 | Ninja Forms 3.8.6-3.8.10 - Reflected XSS |
| CVE-2024-7690 | 2024-09-02 | DN Popup <= 1.2.2 - Settings Update via CSRF |
| CVE-2024-7691 | 2024-09-02 | Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS |
| CVE-2024-7692 | 2024-09-02 | Flaming Forms <= 1.0.1 - Reflected XSS |
| CVE-2024-38858 | 2024-09-02 | Cross-site scripting in Robotmk logs view |
| CVE-2024-23358 | 2024-09-02 | Buffer Over-read in Multi Mode Call Processor |
| CVE-2024-23359 | 2024-09-02 | Buffer Over-read in Multi Mode Call Processor |
| CVE-2024-23362 | 2024-09-02 | Improper Input Validation in Trusted Execution Environment |
| CVE-2024-23364 | 2024-09-02 | Buffer Over-read in WLAN Firmware |
| CVE-2024-23365 | 2024-09-02 | Use After Free in SCE-Mink |
| CVE-2024-33016 | 2024-09-02 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Storage |
| CVE-2024-33035 | 2024-09-02 | Integer Overflow or Wraparound in Display |
| CVE-2024-33038 | 2024-09-02 | Untrusted Pointer Dereference in Computer Vision |
| CVE-2024-33042 | 2024-09-02 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host |
| CVE-2024-33043 | 2024-09-02 | Buffer Over-read in FM Host |
| CVE-2024-33045 | 2024-09-02 | Return of Stack Variable Address in Buses |
| CVE-2024-33047 | 2024-09-02 | Buffer Over-read in Display |
| CVE-2024-33048 | 2024-09-02 | Buffer Over-read in WLAN Host |
| CVE-2024-33050 | 2024-09-02 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-33051 | 2024-09-02 | Buffer Over-read in WLAN Firmware |
| CVE-2024-33052 | 2024-09-02 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host |
| CVE-2024-33054 | 2024-09-02 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Computer Vision |
| CVE-2024-33057 | 2024-09-02 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-33060 | 2024-09-02 | Use After Free in DSP Service |
| CVE-2024-38401 | 2024-09-02 | Use After Free in Qualcomm IPC |
| CVE-2024-38402 | 2024-09-02 | Use After Free in DSP Services |
| CVE-2024-5148 | 2024-09-02 | Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate |
| CVE-2024-7932 | 2024-09-02 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x |
| CVE-2024-7938 | 2024-09-02 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x |
| CVE-2024-7939 | 2024-09-02 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x |
| CVE-2024-8004 | 2024-09-02 | Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-6919 | 2024-09-02 | SQLi in NAC Telecommunication's NACPremium |
| CVE-2024-6920 | 2024-09-02 | Stored XSS in NAC Telecommunication's NACPremium |
| CVE-2024-6921 | 2024-09-02 | Cleartext Username and Password in NAC Telecommunication's NACPremium |
| CVE-2023-7279 | 2024-09-02 | Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos |
| CVE-2020-36830 | 2024-09-02 | nescalante urlregex Backtracking index.js redos |
| CVE-2024-45388 | 2024-09-02 | Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) |
| CVE-2024-28100 | 2024-09-02 | Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw |
| CVE-2024-42471 | 2024-09-02 | Arbitrary File Write via artifact extraction in actions/artifact |
| CVE-2024-43792 | 2024-09-02 | Halo's editor has a stored Cross-Site Scripting vulnerability |
| CVE-2024-43797 | 2024-09-02 | Path Traversal in audiobookshelf |
| CVE-2024-43801 | 2024-09-02 | Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin |
| CVE-2024-45305 | 2024-09-02 | gix-path uses local config across repos when it is the highest scope |
| CVE-2024-45306 | 2024-09-02 | heap-buffer-overflow in Vim |
| CVE-2024-45308 | 2024-09-02 | MySQL & free URL mode allows to hide existing notes in hedgedoc |
| CVE-2024-45311 | 2024-09-02 | Denial of service in quinn-proto when using `Endpoint::retry()` |
| CVE-2024-45312 | 2024-09-02 | Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf |
| CVE-2024-45313 | 2024-09-02 | Insecure default setting for Server Pro installed via Overleaf toolkit |
| CVE-2024-44947 | 2024-09-02 | fuse: Initialize beyond-EOF page contents before setting uptodate |
| CVE-2024-1621 | 2024-09-02 | uniFLOW Online device registration susceptible to compromise |
| CVE-2023-49233 | 2024-09-03 | Insufficient access checks in Visual Planning Admin Center 8 before... |
| CVE-2024-34463 | 2024-09-03 | BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information... |
| CVE-2024-38456 | 2024-09-03 | HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from... |
| CVE-2024-41433 | 2024-09-03 | PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow... |
| CVE-2024-41434 | 2024-09-03 | PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow... |
| CVE-2024-41435 | 2024-09-03 | YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via... |
| CVE-2024-41436 | 2024-09-03 | ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via... |
| CVE-2024-42901 | 2024-09-03 | A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers... |
| CVE-2024-42902 | 2024-09-03 | An issue in the js_localize.php function of LimeSurvey v6.6.2 and... |
| CVE-2024-42991 | 2024-09-03 | MCMS v5.4.1 has front-end file upload vulnerability which can lead... |
| CVE-2024-44809 | 2024-09-03 | A remote code execution (RCE) vulnerability exists in the Pi... |
| CVE-2024-44920 | 2024-09-03 | A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of... |
| CVE-2024-44921 | 2024-09-03 | SeaCMS v12.9 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-42903 | 2024-09-03 | A Host header injection vulnerability in the password reset function... |
| CVE-2024-42904 | 2024-09-03 | A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers... |