CVE List - 2024 / September
Showing 1901 - 2000 of 2518 CVEs for September 2024 (Page 20 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-37779 | 2024-09-23 | WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated... |
| CVE-2024-39341 | 2024-09-23 | Entrust Instant Financial Issuance (On Premise) Software (formerly known as... |
| CVE-2024-39342 | 2024-09-23 | Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0,... |
| CVE-2024-39842 | 2024-09-23 | A SQL injection vulnerability in Centreon 24.04.2 allows a remote... |
| CVE-2024-39843 | 2024-09-23 | A SQL injection vulnerability in Centreon 24.04.2 allows a remote... |
| CVE-2024-40441 | 2024-09-23 | An issue in Doccano Open source annotation tools for machine... |
| CVE-2024-40442 | 2024-09-23 | An issue in Doccano Open source annotation tools for machine... |
| CVE-2024-41228 | 2024-09-23 | A symlink following vulnerability in the pouch cp function of... |
| CVE-2024-44540 | 2024-09-23 | Ubiquiti AirMax firmware version firmware version 8 allows attackers with... |
| CVE-2024-46241 | 2024-09-23 | PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to... |
| CVE-2024-46639 | 2024-09-23 | A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers... |
| CVE-2024-42861 | 2024-09-23 | An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing... |
| CVE-2024-47222 | 2024-09-23 | New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8... |
| CVE-2024-47227 | 2024-09-23 | iRedAdmin before 2.6 allows XSS, e.g., via order_name. |
| CVE-2024-9091 | 2024-09-23 | code-projects Student Record System index.php sql injection |
| CVE-2024-43996 | 2024-09-23 | WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability |
| CVE-2024-44048 | 2024-09-23 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability |
| CVE-2024-45453 | 2024-09-23 | WordPress Maintenance Redirect plugin <= 2.0.1 - IP Bypass vulnerability |
| CVE-2024-9092 | 2024-09-23 | SourceCodester Profile Registration without Reload Refresh Registration Form add.php cross site scripting |
| CVE-2024-9093 | 2024-09-23 | SourceCodester Profile Registration without Reload Refresh GET Parameter del.php sql injection |
| CVE-2024-9094 | 2024-09-23 | code-projects Blood Bank System o-.php sql injection |
| CVE-2024-7846 | 2024-09-23 | YITH WooCommerce Ajax Search < 2.7.1 - Contributor+ Stored XSS |
| CVE-2024-8758 | 2024-09-23 | Quiz and Survey Master (QSM) < 9.1.3 - Author+ Stored XSS |
| CVE-2024-8606 | 2024-09-23 | Fix 2FA bypass via RestAPI |
| CVE-2024-45348 | 2024-09-23 | Xiaomi Router AX9000 has a post-authorization command injection vulnerability |
| CVE-2024-8903 | 2024-09-23 | Local active protection service settings manipulation due to unnecessary privileges... |
| CVE-2022-48945 | 2024-09-23 | media: vivid: fix compose size exceed boundary |
| CVE-2024-46544 | 2024-09-23 | Apache Tomcat Connectors: mod_jk: local users can view and modify configuration |
| CVE-2024-7735 | 2024-09-23 | SQLi in Exnet Informatics Software's Ferry Reservation System |
| CVE-2024-7835 | 2024-09-23 | Reflected XSS in Exnet Informatics Software's Ferry Reservation System |
| CVE-2024-23933 | 2024-09-23 | Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23934 | 2024-09-23 | Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23972 | 2024-09-23 | Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23922 | 2024-09-23 | Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability |
| CVE-2024-46985 | 2024-09-23 | DataEase has an XXE vulnerability |
| CVE-2024-46997 | 2024-09-23 | DataEase's H2 datasource has a remote command execution risk |
| CVE-2024-47066 | 2024-09-23 | Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) |
| CVE-2024-47068 | 2024-09-23 | DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS |
| CVE-2024-47069 | 2024-09-23 | Oveleon Cookiebar reflected Cross-site Scripting vulnerability |
| CVE-2024-9014 | 2024-09-23 | OAuth2 client id and secret exposed through the web browser in pgAdmin 4 |
| CVE-2024-0001 | 2024-09-23 | A condition exists in FlashArray Purity whereby a local account... |
| CVE-2024-0002 | 2024-09-23 | A condition exists in FlashArray Purity whereby an attacker can... |
| CVE-2024-0003 | 2024-09-23 | A condition exists in FlashArray Purity whereby a malicious user... |
| CVE-2024-0004 | 2024-09-23 | A condition exists in FlashArray Purity whereby an user with... |
| CVE-2024-0005 | 2024-09-23 | A condition exists in FlashArray and FlashBlade Purity whereby a... |
| CVE-2024-43201 | 2024-09-23 | Planet Fitness Workouts mobile apps do not properly validate TLS certificates |
| CVE-2024-8770 | 2024-09-23 | A Cross-Site Scripting (XSS) vulnerability was identified in the repository... |
| CVE-2024-8263 | 2024-09-23 | An improper privilege management vulnerability allowed arbitrary workflows to be... |
| CVE-2024-7018 | 2024-09-23 | Heap buffer overflow in PDF in Google Chrome prior to... |
| CVE-2024-7019 | 2024-09-23 | Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60... |
| CVE-2024-7020 | 2024-09-23 | Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60... |
| CVE-2024-7022 | 2024-09-23 | Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58... |
| CVE-2023-7281 | 2024-09-23 | Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105... |
| CVE-2023-7282 | 2024-09-23 | Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63... |
| CVE-2021-38023 | 2024-09-23 | Use after free in Extensions in Google Chrome prior to... |
| CVE-2018-20072 | 2024-09-23 | Insufficient data validation in PDF in Google Chrome prior to... |
| CVE-2024-7023 | 2024-09-23 | Insufficient data validation in Updater in Google Chrome prior to... |
| CVE-2024-7024 | 2024-09-23 | Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54... |
| CVE-2023-26686 | 2024-09-24 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers... |
| CVE-2023-26687 | 2024-09-24 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers... |
| CVE-2023-26688 | 2024-09-24 | Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows... |
| CVE-2023-26689 | 2024-09-24 | An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to... |
| CVE-2023-26690 | 2024-09-24 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers... |
| CVE-2023-26691 | 2024-09-24 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers... |
| CVE-2024-42797 | 2024-09-24 | An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in... |
| CVE-2024-46607 | 2024-09-24 | Incorrect access control in IceCMS v3.4.7 and before allows attackers... |
| CVE-2024-46609 | 2024-09-24 | An access control issue in the CheckVip function in UserController.java... |
| CVE-2024-46610 | 2024-09-24 | An access control issue in IceCMS v3.4.7 and before allows... |
| CVE-2024-46612 | 2024-09-24 | IceCMS v3.4.7 and before was discovered to contain a hardcoded... |
| CVE-2024-46957 | 2024-09-24 | Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the... |
| CVE-2024-46934 | 2024-09-24 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is... |
| CVE-2024-46935 | 2024-09-24 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is... |
| CVE-2024-46936 | 2024-09-24 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is... |
| CVE-2024-47048 | 2024-09-24 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows... |
| CVE-2024-38266 | 2024-09-24 | An improper restriction of operations within the bounds of a... |
| CVE-2024-38267 | 2024-09-24 | An improper restriction of operations within the bounds of a... |
| CVE-2024-38268 | 2024-09-24 | An improper restriction of operations within the bounds of a... |
| CVE-2024-38269 | 2024-09-24 | An improper restriction of operations within the bounds of a... |
| CVE-2024-8432 | 2024-09-24 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update |
| CVE-2024-8657 | 2024-09-24 | Garden Gnome Package <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8716 | 2024-09-24 | XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting |
| CVE-2024-8795 | 2024-09-24 | BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover |
| CVE-2024-8662 | 2024-09-24 | Koko Analytics <= 1.3.12 - Reflected Cross-Site Scripting |
| CVE-2024-8738 | 2024-09-24 | Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-8544 | 2024-09-24 | Pixel Cat – Conversion Pixel Manager <= 3.0.5 - Reflected Cross-Site Scripting |
| CVE-2024-8791 | 2024-09-24 | Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation |
| CVE-2024-8794 | 2024-09-24 | BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset |
| CVE-2024-8624 | 2024-09-24 | MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-8623 | 2024-09-24 | MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-8671 | 2024-09-24 | WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite |
| CVE-2024-8628 | 2024-09-24 | Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2022-2439 | 2024-09-24 | Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization |
| CVE-2024-8917 | 2024-09-24 | AnWP Football Leagues <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8267 | 2024-09-24 | Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2024-8919 | 2024-09-24 | Confetti Fall Animation <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode |
| CVE-2024-8103 | 2024-09-24 | WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter |
| CVE-2024-8914 | 2024-09-24 | Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-21545 | 2024-09-24 | Proxmox Virtual Environment is an open-source server management platform for... |
| CVE-2024-39928 | 2024-09-24 | Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability |
| CVE-2023-5359 | 2024-09-24 | W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext |