CVE List - 2024 / September
Showing 2401 - 2500 of 2516 CVEs for September 2024 (Page 25 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9301 | 2024-09-27 | A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a |
| CVE-2024-34542 | 2024-09-27 | Advantech ADAM-5630 Weak Encoding for Password |
| CVE-2024-39364 | 2024-09-27 | Advantech ADAM-5630 Missing Authentication for Critical Function |
| CVE-2024-9160 | 2024-09-27 | Security Misconfiguration in Forge module PEADM |
| CVE-2024-6436 | 2024-09-27 | Rockwell Automation Input Validation Vulnerability exists in the SequenceManager™ Server |
| CVE-2024-9291 | 2024-09-27 | kalvinGit kvf-admin XML File cross site scripting |
| CVE-2024-9293 | 2024-09-27 | skyselang yylAdmin Backend File.php list sql injection |
| CVE-2024-47186 | 2024-09-27 | Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting |
| CVE-2024-23586 | 2024-09-27 | An insufficient session timeout vulnerability affects HCL Nomad server on Domino |
| CVE-2024-9294 | 2024-09-27 | dingfanzu CMS saveNewPwd.php sql injection |
| CVE-2024-38796 | 2024-09-27 | Integer overflow in PeCoffLoaderRelocateImage |
| CVE-2024-8547 | 2024-09-28 | Simple Popup Plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8788 | 2024-09-28 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting |
| CVE-2024-9023 | 2024-09-28 | WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode |
| CVE-2024-8353 | 2024-09-28 | GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection |
| CVE-2024-9189 | 2024-09-28 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization |
| CVE-2024-8715 | 2024-09-28 | Simple LDAP Login <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-23938 | 2024-09-28 | Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23957 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23958 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability |
| CVE-2024-23967 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23935 | 2024-09-28 | Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23959 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23961 | 2024-09-28 | Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability |
| CVE-2024-23924 | 2024-09-28 | Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability |
| CVE-2024-23960 | 2024-09-28 | Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability |
| CVE-2024-23923 | 2024-09-28 | Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-9295 | 2024-09-28 | SourceCodester Advocate Office Management System login.php sql injection |
| CVE-2024-8712 | 2024-09-28 | GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting |
| CVE-2024-9296 | 2024-09-28 | SourceCodester Advocate Office Management System forgot_pass.php sql injection |
| CVE-2024-9297 | 2024-09-28 | SourceCodester Online Railway Reservation System admin improper authorization |
| CVE-2024-8189 | 2024-09-28 | WP MultiTasking - WP Utilities <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-9298 | 2024-09-28 | SourceCodester Online Railway Reservation System Ticket ?page=tickets access control |
| CVE-2024-9299 | 2024-09-28 | SourceCodester Online Railway Reservation System ?page=reserve cross site scripting |
| CVE-2024-9300 | 2024-09-28 | SourceCodester Online Railway Reservation System Message Us Form contact_us.php cross site scripting |
| CVE-2024-9315 | 2024-09-28 | SourceCodester Employee and Visitor Gate Pass Logging System manage_department.php sql injection |
| CVE-2024-9316 | 2024-09-28 | code-projects Blood Bank Management System B+.php sql injection |
| CVE-2024-9317 | 2024-09-28 | SourceCodester Online Eyewear Shop Master.php delete_category sql injection |
| CVE-2024-9318 | 2024-09-28 | SourceCodester Advocate Office Management System activate.php sql injection |
| CVE-2024-9319 | 2024-09-28 | SourceCodester Online Timesheet App delete-timesheet.php sql injection |
| CVE-2024-9320 | 2024-09-29 | SourceCodester Online Timesheet App Add Timesheet Form add-timesheet.php cross site scripting |
| CVE-2024-9321 | 2024-09-29 | SourceCodester Online Railway Reservation System view_details.php access control |
| CVE-2024-9322 | 2024-09-29 | code-projects Supply Chain Management edit_manufacturer.php sql injection |
| CVE-2024-9323 | 2024-09-29 | SourceCodester Inventory Management System add_staff.php cross site scripting |
| CVE-2024-9324 | 2024-09-29 | Intelbras InControl Relatório de Operadores Page operador code injection |
| CVE-2024-9325 | 2024-09-29 | Intelbras InControl incontrol-service-watchdog.exe unquoted search path |
| CVE-2024-9326 | 2024-09-29 | PHPGurukul Online Shopping Portal Admin Panel index.php sql injection |
| CVE-2024-9327 | 2024-09-29 | code-projects Blood Bank System forgot.php sql injection |
| CVE-2024-9328 | 2024-09-29 | SourceCodester Advocate Office Management System edit_client.php sql injection |
| CVE-2024-28807 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various... |
| CVE-2024-28808 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications. |
| CVE-2024-28809 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. |
| CVE-2024-28810 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these... |
| CVE-2024-28811 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. |
| CVE-2024-28812 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system... |
| CVE-2024-28813 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an... |
| CVE-2024-35495 | 2024-09-30 | An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. |
| CVE-2024-42017 | 2024-09-30 | An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows... |
| CVE-2024-45200 | 2024-09-30 | In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a... |
| CVE-2024-45920 | 2024-09-30 | A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in... |
| CVE-2024-45993 | 2024-09-30 | Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. |
| CVE-2024-46280 | 2024-09-30 | PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. |
| CVE-2024-46293 | 2024-09-30 | Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without... |
| CVE-2024-46313 | 2024-09-30 | TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. |
| CVE-2024-46475 | 2024-09-30 | A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting... |
| CVE-2024-46510 | 2024-09-30 | ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface |
| CVE-2024-46511 | 2024-09-30 | LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function. |
| CVE-2024-46540 | 2024-09-30 | A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the... |
| CVE-2024-46548 | 2024-09-30 | TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack. |
| CVE-2024-46549 | 2024-09-30 | An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. |
| CVE-2024-46635 | 2024-09-30 | An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. |
| CVE-2024-3635 | 2024-09-30 | The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation |
| CVE-2024-8239 | 2024-09-30 | Starbox < 3.5.3 - Contributor+ Stored XSS |
| CVE-2024-8283 | 2024-09-30 | Slider by 10Web < 1.2.59 - Admin+ Stored XSS |
| CVE-2024-8379 | 2024-09-30 | Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection |
| CVE-2024-8536 | 2024-09-30 | Ultimate Blocks < 3.2.2 - Contributor+ Stored XSS |
| CVE-2024-8448 | 2024-09-30 | PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials |
| CVE-2024-8449 | 2024-09-30 | PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials |
| CVE-2024-8450 | 2024-09-30 | PLANET Technology switch devices - Hard-coded SNMPv1 read-write community string |
| CVE-2024-8451 | 2024-09-30 | PLANET Technology switch devices - SSH server DoS attack |
| CVE-2024-8452 | 2024-09-30 | PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials |
| CVE-2024-9329 | 2024-09-30 | Glassfish redirect to untrusted site |
| CVE-2024-8453 | 2024-09-30 | PLANET Technology switch devices - Weak hash for users' passwords |
| CVE-2024-8454 | 2024-09-30 | PLANET Technology switch devices - Swctrl service DoS attack |
| CVE-2024-8455 | 2024-09-30 | PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords |
| CVE-2024-8456 | 2024-09-30 | PLANET Technology switch devices - Missing Authentication for multiple HTTP routes |
| CVE-2024-8457 | 2024-09-30 | PLANET Technology switch devices - Stored cross-site scripting (XSS) in the User Management |
| CVE-2024-8458 | 2024-09-30 | PLANET Technology switch devices - Cross-site Request Forgery |
| CVE-2024-41999 | 2024-09-30 | Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the... |
| CVE-2024-42496 | 2024-09-30 | Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device... |
| CVE-2024-8459 | 2024-09-30 | PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords |
| CVE-2024-6394 | 2024-09-30 | Local File Inclusion in parisneo/lollms-webui |
| CVE-2024-45772 | 2024-09-30 | Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue |
| CVE-2024-47641 | 2024-09-30 | WordPress Confetti Fall Animation plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6051 | 2024-09-30 | Cross Application Scripting in Redlink SDK |
| CVE-2024-45792 | 2024-09-30 | MantisBT vulnerable to information disclosure with user profiles |
| CVE-2024-47063 | 2024-09-30 | Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint |
| CVE-2024-47064 | 2024-09-30 | Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints |
| CVE-2024-47172 | 2024-09-30 | Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints |
| CVE-2024-47178 | 2024-09-30 | basic-auth-connect's callback uses time unsafe string comparison |