CVE List - 2024 / September
Showing 2201 - 2300 of 2518 CVEs for September 2024 (Page 23 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8725 | 2024-09-26 | Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload |
| CVE-2024-8633 | 2024-09-26 | Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-7107 | 2024-09-26 | Directory Traversal in National Keep's CyberMath |
| CVE-2024-7108 | 2024-09-26 | Incorrect Authorization in National Keep's CyberMath |
| CVE-2023-46175 | 2024-09-26 | IBM Cloud Pak for Multicloud Management information disclosure |
| CVE-2024-31899 | 2024-09-26 | IBM Cognos Command Center information disclosure |
| CVE-2024-9177 | 2024-09-26 | Themedy Toolbox <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-30134 | 2024-09-26 | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability |
| CVE-2024-9155 | 2024-09-26 | Insufficient Authorization On Unlinked Channel Files |
| CVE-2024-43191 | 2024-09-26 | IBM ManageIQ command execution |
| CVE-2024-7259 | 2024-09-26 | Ovirt-engine: potential exposure of cleartext provider passwords via web ui |
| CVE-2024-8771 | 2024-09-26 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-39319 | 2024-09-26 | aimeos/ai-controller-frontend has IDOR vulnerability in account profile page |
| CVE-2024-9166 | 2024-09-26 | OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver |
| CVE-2024-9203 | 2024-09-26 | Enpass Password Manager sensitive information in memory |
| CVE-2024-37125 | 2024-09-26 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an... |
| CVE-2024-45042 | 2024-09-26 | Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials |
| CVE-2024-39577 | 2024-09-26 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains... |
| CVE-2024-45374 | 2024-09-26 | goTenna Pro ATAK Plugin Weak Password Requirements |
| CVE-2024-47075 | 2024-09-26 | DOM Clobbering gadgets found in layui that lead to Cross-site Scripting |
| CVE-2024-47169 | 2024-09-26 | Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal |
| CVE-2024-47170 | 2024-09-26 | Agnai File Disclosure Vulnerability: JSON via Path Traversal |
| CVE-2024-47121 | 2024-09-26 | Weak Passwords Requirements in goTenna Pro |
| CVE-2024-47122 | 2024-09-26 | Insecure Storage of Sensitive Information in goTenna Pro |
| CVE-2024-47123 | 2024-09-26 | Missing Support for Integrity Check in goTenna Pro |
| CVE-2024-47124 | 2024-09-26 | Cleartext Transmission of Sensitive Information in goTenna Pro |
| CVE-2024-47171 | 2024-09-26 | Agnai vulnerable to Relative Path Traversal in Image Upload |
| CVE-2024-47125 | 2024-09-26 | Improper Restriction of Communication Channel to Intended Endpoints in goTenna Pro |
| CVE-2024-43694 | 2024-09-26 | goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information |
| CVE-2024-47126 | 2024-09-26 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro |
| CVE-2024-47127 | 2024-09-26 | Weak Authentication in goTenna Pro |
| CVE-2024-47174 | 2024-09-26 | Credential leak when credentials are used with `<nix/fetchurl.nix>` |
| CVE-2024-43108 | 2024-09-26 | goTenna Pro ATAK Plugin Missing Support for Integrity Check |
| CVE-2024-47128 | 2024-09-26 | Insertion of Sensitive Information Into Sent Data in goTenna Pro |
| CVE-2024-47129 | 2024-09-26 | Observable Response Discrepancy in goTenna Pro |
| CVE-2024-47130 | 2024-09-26 | Missing Authentication for Critical Function in goTenna Pro |
| CVE-2024-45838 | 2024-09-26 | goTenna Pro ATAK Plugin Cleartext Transmission of Sensitive Information |
| CVE-2024-45723 | 2024-09-26 | goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator |
| CVE-2024-41722 | 2024-09-26 | goTenna Pro ATAK Plugin Weak Authentication |
| CVE-2024-41931 | 2024-09-26 | goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data |
| CVE-2024-41715 | 2024-09-26 | goTenna Pro ATAK Plugin Observable Response Discrepancy |
| CVE-2024-43814 | 2024-09-26 | goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data |
| CVE-2024-8118 | 2024-09-26 | Grafana alerting wrong permission on datasource rule write endpoint |
| CVE-2024-47179 | 2024-09-26 | RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover. |
| CVE-2024-47180 | 2024-09-26 | Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges |
| CVE-2024-7594 | 2024-09-26 | Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default |
| CVE-2024-6769 | 2024-09-26 | Medium to High Integrity Privilege Escalation in Microsoft Windows |
| CVE-2024-47176 | 2024-09-26 | cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source |
| CVE-2024-47076 | 2024-09-26 | libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server |
| CVE-2024-47175 | 2024-09-26 | libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer |
| CVE-2024-8974 | 2024-09-26 | Incorrect Provision of Specified Functionality in GitLab |
| CVE-2024-4099 | 2024-09-26 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2024-25411 | 2024-09-27 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers... |
| CVE-2024-33368 | 2024-09-27 | An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a... |
| CVE-2024-33369 | 2024-09-27 | Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows... |
| CVE-2024-40509 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-40511 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-40512 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-46097 | 2024-09-27 | TestLink 1.9.20 is vulnerable to Incorrect Access Control in the... |
| CVE-2024-46256 | 2024-09-27 | A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows... |
| CVE-2024-46257 | 2024-09-27 | A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows... |
| CVE-2024-46331 | 2024-09-27 | ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability... |
| CVE-2024-46333 | 2024-09-27 | An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows... |
| CVE-2024-46366 | 2024-09-27 | A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM... |
| CVE-2024-46367 | 2024-09-27 | A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM... |
| CVE-2024-46441 | 2024-09-27 | An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers... |
| CVE-2024-46470 | 2024-09-27 | Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0... |
| CVE-2024-46471 | 2024-09-27 | The Directory Listing in /uploads/ Folder in CodeAstro Membership Management... |
| CVE-2024-46472 | 2024-09-27 | CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection... |
| CVE-2024-25412 | 2024-09-27 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers... |
| CVE-2024-40510 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote... |
| CVE-2024-44910 | 2024-09-27 | NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read... |
| CVE-2024-44911 | 2024-09-27 | NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read... |
| CVE-2024-44912 | 2024-09-27 | NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read... |
| CVE-2024-46453 | 2024-09-27 | A cross-site scripting (XSS) vulnerability in the component /test/ of... |
| CVE-2024-7011 | 2024-09-27 | Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL,... |
| CVE-2024-8965 | 2024-09-27 | Absolute Reviews <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name |
| CVE-2024-9130 | 2024-09-27 | GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter |
| CVE-2024-8922 | 2024-09-27 | Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php |
| CVE-2024-7713 | 2024-09-27 | AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure |
| CVE-2024-7714 | 2024-09-27 | AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls |
| CVE-2024-9029 | 2024-09-27 | Freeimage: heap buffer overflow in tiff_read_iptc_profile |
| CVE-2024-9049 | 2024-09-27 | Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module |
| CVE-2024-8991 | 2024-09-27 | OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes |
| CVE-2024-8681 | 2024-09-27 | Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget |
| CVE-2024-7400 | 2024-09-27 | Local privilege escalation in ESET products for Windows |
| CVE-2024-39431 | 2024-09-27 | In UMTS RLC driver, there is a possible out of... |
| CVE-2024-39432 | 2024-09-27 | In UMTS RLC driver, there is a possible out of... |
| CVE-2024-39433 | 2024-09-27 | In drm service, there is a possible out of bounds... |
| CVE-2024-39434 | 2024-09-27 | In drm service, there is a possible out of bounds... |
| CVE-2024-39435 | 2024-09-27 | In Logmanager service, there is a possible missing verification incorrect... |
| CVE-2024-38861 | 2024-09-27 | Lack of TLS validation in plugin MikroTik on Checkmk Exchange |
| CVE-2024-6931 | 2024-09-27 | The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-6654 | 2024-09-27 | Denial of Service vulnerability in ESET products for macOS |
| CVE-2024-41930 | 2024-09-27 | Cross-site scripting vulnerability exists in MF Teacher Performance Management System... |
| CVE-2024-9202 | 2024-09-27 | EDC DataSetResolver policy filtering missing |
| CVE-2024-47290 | 2024-09-27 | Input validation vulnerability in the USB service module Impact: Successful... |
| CVE-2024-47291 | 2024-09-27 | Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation... |
| CVE-2024-47292 | 2024-09-27 | Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation... |
| CVE-2024-47293 | 2024-09-27 | Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation... |