CVE List - 2024 / September
Showing 2101 - 2200 of 2518 CVEs for September 2024 (Page 22 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45613 | 2024-09-25 | CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package |
| CVE-2024-7679 | 2024-09-25 | Improper neutralization special element in hyperlinks |
| CVE-2024-6512 | 2024-09-25 | Authorization bypass in the PAM access request approval mechanism in... |
| CVE-2024-7575 | 2024-09-25 | Improper neutralization special element in hyperlinks |
| CVE-2024-7576 | 2024-09-25 | Progress UI for WPF format provider unsafe deserialization vulnerability |
| CVE-2024-8316 | 2024-09-25 | Progress UI for WPF format provider unsafe deserialization vulnerability |
| CVE-2024-30128 | 2024-09-25 | An open proxy vulnerability affects HCL Nomad server on Domino |
| CVE-2024-43959 | 2024-09-25 | WordPress Super Testimonials plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43990 | 2024-09-25 | WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability |
| CVE-2024-43237 | 2024-09-25 | WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability |
| CVE-2024-7421 | 2024-09-25 | An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and... |
| CVE-2024-47078 | 2024-09-25 | Meshtastic firmware Authentication/Authorization Bypass via MQTT |
| CVE-2024-20455 | 2024-09-25 | A vulnerability in the process that classifies traffic that is... |
| CVE-2024-20350 | 2024-09-25 | Cisco Catalyst Center Static SSH Host Key Vulnerability |
| CVE-2024-20508 | 2024-09-25 | Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability |
| CVE-2024-20475 | 2024-09-25 | Cisco SD-WAN vManage Cross-Site Scripting Vulnerability |
| CVE-2024-20496 | 2024-09-25 | Cisco SD-WAN vEdge Routers Denial of Service Vulnerability |
| CVE-2024-20433 | 2024-09-25 | A vulnerability in the Resource Reservation Protocol (RSVP) feature of... |
| CVE-2024-20436 | 2024-09-25 | A vulnerability in the HTTP Server feature of Cisco IOS... |
| CVE-2024-20437 | 2024-09-25 | A vulnerability in the web-based management interface of Cisco IOS... |
| CVE-2024-20480 | 2024-09-25 | A vulnerability in the DHCP Snooping feature of Cisco IOS... |
| CVE-2024-20464 | 2024-09-25 | A vulnerability in the Protocol Independent Multicast (PIM) feature of... |
| CVE-2024-20467 | 2024-09-25 | A vulnerability in the implementation of the IPv4 fragmentation reassembly... |
| CVE-2024-20510 | 2024-09-25 | A vulnerability in the Central Web Authentication (CWA) feature of... |
| CVE-2024-20465 | 2024-09-25 | A vulnerability in the access control list (ACL) programming of... |
| CVE-2024-20414 | 2024-09-25 | A vulnerability in the web UI feature of Cisco IOS... |
| CVE-2024-20434 | 2024-09-25 | A vulnerability in Cisco IOS XE Software could allow an... |
| CVE-2024-8975 | 2024-09-25 | Grafana Alloy on Windows Unquoted service path |
| CVE-2024-8996 | 2024-09-25 | Grafana Agent Flow on Windows Unquoted service path |
| CVE-2024-47315 | 2024-09-25 | WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47305 | 2024-09-25 | WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47082 | 2024-09-25 | Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47083 | 2024-09-25 | Power Platform Terraform Provider has Improper Masking of Secrets in Logs |
| CVE-2024-40506 | 2024-09-26 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-40507 | 2024-09-26 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-40508 | 2024-09-26 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-41605 | 2024-09-26 | In Foxit PDF Reader before 2024.3, and PDF Editor before... |
| CVE-2024-44860 | 2024-09-26 | An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait... |
| CVE-2024-45979 | 2024-09-26 | A host header injection vulnerability in Lines Police CAD 1.0... |
| CVE-2024-45980 | 2024-09-26 | A host header injection vulnerability in MEANStore 1.0 allows attackers... |
| CVE-2024-45981 | 2024-09-26 | A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers... |
| CVE-2024-45982 | 2024-09-26 | A host header injection vulnerability in scheduleR v0.0.18 allows attackers... |
| CVE-2024-45983 | 2024-09-26 | A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital... |
| CVE-2024-45984 | 2024-09-26 | A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood... |
| CVE-2024-45985 | 2024-09-26 | A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood... |
| CVE-2024-45986 | 2024-09-26 | A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld... |
| CVE-2024-45989 | 2024-09-26 | Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure... |
| CVE-2024-46327 | 2024-09-26 | An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9... |
| CVE-2024-46328 | 2024-09-26 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for... |
| CVE-2024-46329 | 2024-09-26 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection... |
| CVE-2024-46330 | 2024-09-26 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection... |
| CVE-2024-46627 | 2024-09-26 | Incorrect access control in BECN DATAGERRY v2.2 allows attackers to... |
| CVE-2024-46628 | 2024-09-26 | Tenda G3 Router firmware v15.03.05.05 was discovered to contain a... |
| CVE-2024-46632 | 2024-09-26 | Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile... |
| CVE-2024-45987 | 2024-09-26 | Projectworld Online Voting System Version 1.0 is vulnerable to Cross... |
| CVE-2024-8405 | 2024-09-26 | Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack |
| CVE-2024-8404 | 2024-09-26 | Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder |
| CVE-2024-8723 | 2024-09-26 | 012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8552 | 2024-09-26 | Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable |
| CVE-2024-8803 | 2024-09-26 | Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting |
| CVE-2024-47330 | 2024-09-26 | Broken Access Control vulnerability on multiple WordPress plugins by Supsystic |
| CVE-2023-52946 | 2024-09-26 | Buffer copy without checking size of input ('Classic Buffer Overflow')... |
| CVE-2022-49037 | 2024-09-26 | Insertion of sensitive information into log file vulnerability in proxy... |
| CVE-2022-49038 | 2024-09-26 | Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL... |
| CVE-2022-49039 | 2024-09-26 | Out-of-bounds write vulnerability in backup task management functionality in Synology... |
| CVE-2024-47045 | 2024-09-26 | Privilege chaining issue exists in the installer of e-Tax software(common... |
| CVE-2022-49040 | 2024-09-26 | Buffer copy without checking size of input ('Classic Buffer Overflow')... |
| CVE-2022-49041 | 2024-09-26 | Buffer copy without checking size of input ('Classic Buffer Overflow')... |
| CVE-2023-52950 | 2024-09-26 | Missing encryption of sensitive data vulnerability in login component in... |
| CVE-2023-52947 | 2024-09-26 | Missing authentication for critical function vulnerability in logout functionality in... |
| CVE-2023-52948 | 2024-09-26 | Missing encryption of sensitive data vulnerability in settings functionality in... |
| CVE-2023-52949 | 2024-09-26 | Missing authentication for critical function vulnerability in proxy settings functionality... |
| CVE-2024-45372 | 2024-09-26 | MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request... |
| CVE-2024-45836 | 2024-09-26 | Cross-site scripting vulnerability exists in the web management page of... |
| CVE-2024-7772 | 2024-09-26 | Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload |
| CVE-2024-7781 | 2024-09-26 | Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover |
| CVE-2024-0132 | 2024-09-26 | NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use... |
| CVE-2024-0133 | 2024-09-26 | NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in... |
| CVE-2024-6517 | 2024-09-26 | Contact Form 7 Math Captcha <= 2.0.1 - Reflected XSS |
| CVE-2024-4278 | 2024-09-26 | Incorrect Synchronization in GitLab |
| CVE-2024-8861 | 2024-09-26 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-47197 | 2024-09-26 | Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials |
| CVE-2024-47145 | 2024-09-26 | Unauthorized access on archived channels via file links |
| CVE-2024-45843 | 2024-09-26 | Weak SSRF Filtering |
| CVE-2024-42406 | 2024-09-26 | Unauthorized access on archived channels |
| CVE-2024-47003 | 2024-09-26 | DoS via non-string message using permalink embed |
| CVE-2024-8872 | 2024-09-26 | Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting |
| CVE-2024-9025 | 2024-09-26 | Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title |
| CVE-2024-47044 | 2024-09-26 | Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND... |
| CVE-2024-47337 | 2024-09-26 | WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-9125 | 2024-09-26 | king_IE <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9127 | 2024-09-26 | Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter |
| CVE-2024-9173 | 2024-09-26 | GF Custom Style <= 2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9117 | 2024-09-26 | Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9115 | 2024-09-26 | Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2022-4541 | 2024-09-26 | WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header |
| CVE-2024-9198 | 2024-09-26 | Stored Cross-Site Scripting vulnerability in Clibo Manager |
| CVE-2024-9199 | 2024-09-26 | Rate limit vulnerability in Clibo Manager |
| CVE-2024-8704 | 2024-09-26 | Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale |
| CVE-2024-8126 | 2024-09-26 | Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload |