CVE List - 2024 / September
Showing 2001 - 2100 of 2518 CVEs for September 2024 (Page 21 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8437 | 2024-09-24 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation |
| CVE-2024-8436 | 2024-09-24 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-9142 | 2024-09-24 | Local File Inclusion (LFI) in Olgu Computer Systems' e-Belediye |
| CVE-2022-43845 | 2024-09-24 | IBM Aspera Console information disclosure |
| CVE-2021-38963 | 2024-09-24 | IBM Aspera Console CSV injection |
| CVE-2024-38324 | 2024-09-24 | IBM Storage Defender improper certificate validation |
| CVE-2024-9141 | 2024-09-24 | Cross-Site Scripting (XSS) vulnerability in Oct8ne |
| CVE-2024-8801 | 2024-09-24 | Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2024-8940 | 2024-09-24 | Unrestricted Upload of File with Dangerous Type vulnerability on Scriptcase |
| CVE-2024-8941 | 2024-09-24 | Path Traversal vulnerability on Scriptcase |
| CVE-2024-8942 | 2024-09-24 | Cross-site Scripting vulnerability on Scriptcase |
| CVE-2024-9148 | 2024-09-24 | Flowise Stored Cross-Site Scripting |
| CVE-2024-8878 | 2024-09-24 | Unauthenticated Password Reset |
| CVE-2024-8877 | 2024-09-24 | SQL Injection |
| CVE-2024-8067 | 2024-09-24 | Unicode "best fit" argument injection |
| CVE-2024-45599 | 2024-09-24 | TCC Bypass in Cursor's macOS Application |
| CVE-2024-42505 | 2024-09-24 | Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol |
| CVE-2024-42506 | 2024-09-24 | Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol |
| CVE-2024-42507 | 2024-09-24 | Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol |
| CVE-2024-9120 | 2024-09-24 | Use after free in Dawn in Google Chrome on Windows... |
| CVE-2024-9121 | 2024-09-24 | Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70... |
| CVE-2024-9122 | 2024-09-24 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.70... |
| CVE-2024-9123 | 2024-09-24 | Integer overflow in Skia in Google Chrome prior to 129.0.6668.70... |
| CVE-2024-8291 | 2024-09-24 | Concrete CMS Stored XSS in Image Editor Background Color |
| CVE-2024-7398 | 2024-09-24 | Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature |
| CVE-2024-8497 | 2024-09-24 | Franklin Fueling Systems TS-550 EVO Absolute Path Traversal |
| CVE-2024-41725 | 2024-09-24 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Cross-site Scripting |
| CVE-2024-43692 | 2024-09-24 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel |
| CVE-2024-43423 | 2024-09-24 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Use of Hard-coded Password |
| CVE-2024-45373 | 2024-09-24 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Improper Privilege Management |
| CVE-2024-43693 | 2024-09-24 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection |
| CVE-2024-45066 | 2024-09-24 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection |
| CVE-2023-25189 | 2024-09-25 | BTS is affected by information disclosure vulnerability where mobile network... |
| CVE-2023-51157 | 2024-09-25 | Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows... |
| CVE-2024-22893 | 2024-09-25 | OpenSlides 4.0.15 verifies passwords by comparing password hashes using a... |
| CVE-2024-41708 | 2024-09-25 | An issue was discovered in AdaCore ada_web_services 20.0 allows an... |
| CVE-2024-44678 | 2024-09-25 | Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command... |
| CVE-2024-44825 | 2024-09-25 | Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato... |
| CVE-2024-45750 | 2024-09-25 | An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and... |
| CVE-2024-46461 | 2024-09-25 | VLC media player 3.0.20 and earlier is vulnerable to denial... |
| CVE-2024-46485 | 2024-09-25 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request... |
| CVE-2024-46488 | 2024-09-25 | sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow... |
| CVE-2024-46489 | 2024-09-25 | A remote command execution (RCE) vulnerability in promptr v6.0.7 allows... |
| CVE-2024-46600 | 2024-09-25 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request... |
| CVE-2024-46655 | 2024-09-25 | A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows... |
| CVE-2024-22892 | 2024-09-25 | OpenSlides 4.0.15 was discovered to be using a weak hashing... |
| CVE-2024-41445 | 2024-09-25 | Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer... |
| CVE-2024-7386 | 2024-09-25 | Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery |
| CVE-2024-8481 | 2024-09-25 | Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-8549 | 2024-09-25 | Simple Calendar – Google Calendar Plugin <= 3.4.2 - Reflected Cross-Site Scripting |
| CVE-2024-9027 | 2024-09-25 | WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode |
| CVE-2024-7426 | 2024-09-25 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.6.0 - Unauthenticated Full Path Disclosure |
| CVE-2024-8741 | 2024-09-25 | Beam me up Scotty – Back to Top Button <= 1.0.21 - Reflected Cross-Site Scripting |
| CVE-2024-9069 | 2024-09-25 | Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-7617 | 2024-09-25 | Contact Form to Any API <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form |
| CVE-2024-9068 | 2024-09-25 | OneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8713 | 2024-09-25 | Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting |
| CVE-2024-8476 | 2024-09-25 | Easy PayPal Events <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2024-8484 | 2024-09-25 | REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection |
| CVE-2024-8483 | 2024-09-25 | MAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure |
| CVE-2024-8621 | 2024-09-25 | Daily Prayer Time <= 2024.08.26 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-9028 | 2024-09-25 | WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode |
| CVE-2024-9024 | 2024-09-25 | Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode |
| CVE-2024-8485 | 2024-09-25 | REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover |
| CVE-2024-8434 | 2024-09-25 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates |
| CVE-2024-6590 | 2024-09-25 | Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.7.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-7491 | 2024-09-25 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe |
| CVE-2024-9073 | 2024-09-25 | GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8349 | 2024-09-25 | Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation |
| CVE-2024-8350 | 2024-09-25 | Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add |
| CVE-2024-8515 | 2024-09-25 | Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8514 | 2024-09-25 | Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection |
| CVE-2024-8516 | 2024-09-25 | Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure |
| CVE-2024-7385 | 2024-09-25 | WordPress Simple HTML Sitemap <= 3.1 - Authenticated (Admin+) SQL Injection |
| CVE-2024-8668 | 2024-09-25 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-8275 | 2024-09-25 | The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection |
| CVE-2024-8658 | 2024-09-25 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade |
| CVE-2024-6845 | 2024-09-25 | SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure |
| CVE-2024-7878 | 2024-09-25 | WP ULike < 4.7.4 - Admin+ Stored XSS |
| CVE-2024-7892 | 2024-09-25 | adstxt Plugin <= 1.0.0 - Settings Update via CSRF |
| CVE-2024-8910 | 2024-09-25 | HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id |
| CVE-2024-8678 | 2024-09-25 | Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update |
| CVE-2024-8290 | 2024-09-25 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation |
| CVE-2024-3866 | 2024-09-25 | Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer |
| CVE-2024-40761 | 2024-09-25 | Apache Answer: Avatar URL leaked user email addresses |
| CVE-2024-23454 | 2024-09-25 | Apache Hadoop: Temporary File Local Information Disclosure |
| CVE-2024-47303 | 2024-09-25 | WordPress Elementor Addons by Livemesh plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-8175 | 2024-09-25 | CODESYS: web server vulnerable to DoS |
| CVE-2024-9169 | 2024-09-25 | litespeed cache <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-31145 | 2024-09-25 | error handling in x86 IOMMU identity mapping |
| CVE-2024-31146 | 2024-09-25 | PCI device pass-through with shared resources |
| CVE-2024-45817 | 2024-09-25 | x86: Deadlock in vlapic_error() |
| CVE-2024-7481 | 2024-09-25 | Improper signature verification of Printer driver installation in TeamViewer Remote Clients |
| CVE-2024-7479 | 2024-09-25 | Improper signature verification of VPN driver installation in TeamViewer Remote Clients |
| CVE-2024-8858 | 2024-09-25 | Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter |
| CVE-2024-6592 | 2024-09-25 | WatchGuard Firebox Single Sign-On Agent Protocol Authorization Bypass |
| CVE-2024-6593 | 2024-09-25 | WatchGuard Firebox Single Sign-On Agent Management Interface Authentication Bypass |
| CVE-2024-6594 | 2024-09-25 | WatchGuard Firebox Single Sign-On Client Denial-of-Service |
| CVE-2024-4657 | 2024-09-25 | Strored XSS in Talent Software's BAP Automation |
| CVE-2024-8546 | 2024-09-25 | ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget |