CVE List - 2024 / September
Showing 2101 - 2200 of 2516 CVEs for September 2024 (Page 22 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-7575 | 2024-09-25 | Improper neutralization special element in hyperlinks |
| CVE-2024-7576 | 2024-09-25 | Progress UI for WPF format provider unsafe deserialization vulnerability |
| CVE-2024-8316 | 2024-09-25 | Progress UI for WPF format provider unsafe deserialization vulnerability |
| CVE-2024-30128 | 2024-09-25 | An open proxy vulnerability affects HCL Nomad server on Domino |
| CVE-2024-43959 | 2024-09-25 | WordPress Super Testimonials plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43990 | 2024-09-25 | WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability |
| CVE-2024-43237 | 2024-09-25 | WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability |
| CVE-2024-7421 | 2024-09-25 | An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line... |
| CVE-2024-47078 | 2024-09-25 | Meshtastic firmware Authentication/Authorization Bypass via MQTT |
| CVE-2024-20455 | 2024-09-25 | A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated,... |
| CVE-2024-20350 | 2024-09-25 | Cisco Catalyst Center Static SSH Host Key Vulnerability |
| CVE-2024-20508 | 2024-09-25 | Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability |
| CVE-2024-20475 | 2024-09-25 | Cisco SD-WAN vManage Cross-Site Scripting Vulnerability |
| CVE-2024-20496 | 2024-09-25 | Cisco SD-WAN vEdge Routers Denial of Service Vulnerability |
| CVE-2024-20433 | 2024-09-25 | A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to... |
| CVE-2024-20436 | 2024-09-25 | A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of... |
| CVE-2024-20437 | 2024-09-25 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on... |
| CVE-2024-20480 | 2024-09-25 | A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization... |
| CVE-2024-20464 | 2024-09-25 | A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an... |
| CVE-2024-20467 | 2024-09-25 | A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition... |
| CVE-2024-20510 | 2024-09-25 | A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list... |
| CVE-2024-20465 | 2024-09-25 | A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker... |
| CVE-2024-20414 | 2024-09-25 | A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack... |
| CVE-2024-20434 | 2024-09-25 | A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This... |
| CVE-2024-8975 | 2024-09-25 | Grafana Alloy on Windows Unquoted service path |
| CVE-2024-8996 | 2024-09-25 | Grafana Agent Flow on Windows Unquoted service path |
| CVE-2024-47315 | 2024-09-25 | WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47305 | 2024-09-25 | WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47082 | 2024-09-25 | Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47083 | 2024-09-25 | Power Platform Terraform Provider has Improper Masking of Secrets in Logs |
| CVE-2024-40506 | 2024-09-26 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. |
| CVE-2024-40507 | 2024-09-26 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. |
| CVE-2024-40508 | 2024-09-26 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. |
| CVE-2024-41605 | 2024-09-26 | In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because... |
| CVE-2024-44860 | 2024-09-26 | An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request. |
| CVE-2024-45979 | 2024-09-26 | A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers... |
| CVE-2024-45980 | 2024-09-26 | A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily... |
| CVE-2024-45981 | 2024-09-26 | A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. |
| CVE-2024-45982 | 2024-09-26 | A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily... |
| CVE-2024-45983 | 2024-09-26 | A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to... |
| CVE-2024-45984 | 2024-09-26 | A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor... |
| CVE-2024-45985 | 2024-09-26 | A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php |
| CVE-2024-45986 | 2024-09-26 | A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored... |
| CVE-2024-45989 | 2024-09-26 | Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded... |
| CVE-2024-46327 | 2024-09-26 | An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. |
| CVE-2024-46328 | 2024-09-26 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. |
| CVE-2024-46329 | 2024-09-26 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object. |
| CVE-2024-46330 | 2024-09-26 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. |
| CVE-2024-46627 | 2024-09-26 | Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. |
| CVE-2024-46628 | 2024-09-26 | Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. |
| CVE-2024-46632 | 2024-09-26 | Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. |
| CVE-2024-45987 | 2024-09-26 | Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by... |
| CVE-2024-8405 | 2024-09-26 | Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack |
| CVE-2024-8404 | 2024-09-26 | Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder |
| CVE-2024-8723 | 2024-09-26 | 012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8552 | 2024-09-26 | Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable |
| CVE-2024-8803 | 2024-09-26 | Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting |
| CVE-2024-47330 | 2024-09-26 | Broken Access Control vulnerability on multiple WordPress plugins by Supsystic |
| CVE-2023-52946 | 2024-09-26 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash... |
| CVE-2022-49037 | 2024-09-26 | Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2022-49038 | 2024-09-26 | Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. |
| CVE-2022-49039 | 2024-09-26 | Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. |
| CVE-2024-47045 | 2024-09-26 | Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than... |
| CVE-2022-49040 | 2024-09-26 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the... |
| CVE-2022-49041 | 2024-09-26 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash... |
| CVE-2023-52950 | 2024-09-26 | Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. |
| CVE-2023-52947 | 2024-09-26 | Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup... |
| CVE-2023-52948 | 2024-09-26 | Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. |
| CVE-2023-52949 | 2024-09-26 | Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. |
| CVE-2024-45372 | 2024-09-26 | MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead... |
| CVE-2024-45836 | 2024-09-26 | Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the... |
| CVE-2024-7772 | 2024-09-26 | Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload |
| CVE-2024-7781 | 2024-09-26 | Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover |
| CVE-2024-0132 | 2024-09-26 | NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file... |
| CVE-2024-0133 | 2024-09-26 | NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system.... |
| CVE-2024-6517 | 2024-09-26 | Contact Form 7 Math Captcha <= 2.0.1 - Reflected XSS |
| CVE-2024-4278 | 2024-09-26 | Incorrect Synchronization in GitLab |
| CVE-2024-8861 | 2024-09-26 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-47197 | 2024-09-26 | Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials |
| CVE-2024-47145 | 2024-09-26 | Unauthorized access on archived channels via file links |
| CVE-2024-45843 | 2024-09-26 | Weak SSRF Filtering |
| CVE-2024-42406 | 2024-09-26 | Unauthorized access on archived channels |
| CVE-2024-47003 | 2024-09-26 | DoS via non-string message using permalink embed |
| CVE-2024-8872 | 2024-09-26 | Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting |
| CVE-2024-9025 | 2024-09-26 | Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title |
| CVE-2024-47044 | 2024-09-26 | Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker... |
| CVE-2024-47337 | 2024-09-26 | WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-9125 | 2024-09-26 | king_IE <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9127 | 2024-09-26 | Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter |
| CVE-2024-9173 | 2024-09-26 | GF Custom Style <= 2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9117 | 2024-09-26 | Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9115 | 2024-09-26 | Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2022-4541 | 2024-09-26 | WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header |
| CVE-2024-9198 | 2024-09-26 | Stored Cross-Site Scripting vulnerability in Clibo Manager |
| CVE-2024-9199 | 2024-09-26 | Rate limit vulnerability in Clibo Manager |
| CVE-2024-8704 | 2024-09-26 | Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale |
| CVE-2024-8126 | 2024-09-26 | Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-8725 | 2024-09-26 | Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload |
| CVE-2024-8633 | 2024-09-26 | Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-7107 | 2024-09-26 | Directory Traversal in National Keep's CyberMath |