CVE List - 2024 / September
Showing 2401 - 2500 of 2518 CVEs for September 2024 (Page 25 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38308 | 2024-09-27 | Advantech ADAM-5550 Cross-site Scripting |
| CVE-2024-39275 | 2024-09-27 | Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information |
| CVE-2024-28948 | 2024-09-27 | Advantech ADAM-5630 Cross-Site Request Forgery |
| CVE-2024-9301 | 2024-09-27 | A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a |
| CVE-2024-34542 | 2024-09-27 | Advantech ADAM-5630 Weak Encoding for Password |
| CVE-2024-39364 | 2024-09-27 | Advantech ADAM-5630 Missing Authentication for Critical Function |
| CVE-2024-9160 | 2024-09-27 | Security Misconfiguration in Forge module PEADM |
| CVE-2024-6436 | 2024-09-27 | Rockwell Automation Input Validation Vulnerability exists in the SequenceManager™ Server |
| CVE-2024-9291 | 2024-09-27 | kalvinGit kvf-admin XML File cross site scripting |
| CVE-2024-9293 | 2024-09-27 | skyselang yylAdmin Backend File.php list sql injection |
| CVE-2024-47186 | 2024-09-27 | Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting |
| CVE-2024-23586 | 2024-09-27 | An insufficient session timeout vulnerability affects HCL Nomad server on Domino |
| CVE-2024-9294 | 2024-09-27 | dingfanzu CMS saveNewPwd.php sql injection |
| CVE-2024-38796 | 2024-09-27 | Integer overflow in PeCoffLoaderRelocateImage |
| CVE-2024-8547 | 2024-09-28 | Simple Popup Plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8788 | 2024-09-28 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting |
| CVE-2024-9023 | 2024-09-28 | WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode |
| CVE-2024-8353 | 2024-09-28 | GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection |
| CVE-2024-9189 | 2024-09-28 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization |
| CVE-2024-8715 | 2024-09-28 | Simple LDAP Login <= 1.6.0 - Reflected Cross-Site Scripting |
| CVE-2024-23938 | 2024-09-28 | Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23957 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23958 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability |
| CVE-2024-23967 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23935 | 2024-09-28 | Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23959 | 2024-09-28 | Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-23961 | 2024-09-28 | Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability |
| CVE-2024-23924 | 2024-09-28 | Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability |
| CVE-2024-23960 | 2024-09-28 | Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability |
| CVE-2024-23923 | 2024-09-28 | Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-9295 | 2024-09-28 | SourceCodester Advocate Office Management System login.php sql injection |
| CVE-2024-8712 | 2024-09-28 | GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting |
| CVE-2024-9296 | 2024-09-28 | SourceCodester Advocate Office Management System forgot_pass.php sql injection |
| CVE-2024-9297 | 2024-09-28 | SourceCodester Online Railway Reservation System admin improper authorization |
| CVE-2024-8189 | 2024-09-28 | WP MultiTasking - WP Utilities <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-9298 | 2024-09-28 | SourceCodester Online Railway Reservation System Ticket ?page=tickets access control |
| CVE-2024-9299 | 2024-09-28 | SourceCodester Online Railway Reservation System ?page=reserve cross site scripting |
| CVE-2024-9300 | 2024-09-28 | SourceCodester Online Railway Reservation System Message Us Form contact_us.php cross site scripting |
| CVE-2024-9315 | 2024-09-28 | SourceCodester Employee and Visitor Gate Pass Logging System manage_department.php sql injection |
| CVE-2024-9316 | 2024-09-28 | code-projects Blood Bank Management System B+.php sql injection |
| CVE-2024-9317 | 2024-09-28 | SourceCodester Online Eyewear Shop Master.php delete_category sql injection |
| CVE-2024-9318 | 2024-09-28 | SourceCodester Advocate Office Management System activate.php sql injection |
| CVE-2024-9319 | 2024-09-28 | SourceCodester Online Timesheet App delete-timesheet.php sql injection |
| CVE-2024-9320 | 2024-09-29 | SourceCodester Online Timesheet App Add Timesheet Form add-timesheet.php cross site scripting |
| CVE-2024-9321 | 2024-09-29 | SourceCodester Online Railway Reservation System view_details.php access control |
| CVE-2024-9322 | 2024-09-29 | code-projects Supply Chain Management edit_manufacturer.php sql injection |
| CVE-2024-9323 | 2024-09-29 | SourceCodester Inventory Management System add_staff.php cross site scripting |
| CVE-2024-9324 | 2024-09-29 | Intelbras InControl Relatório de Operadores Page operador code injection |
| CVE-2024-9325 | 2024-09-29 | Intelbras InControl incontrol-service-watchdog.exe unquoted search path |
| CVE-2024-9326 | 2024-09-29 | PHPGurukul Online Shopping Portal Admin Panel index.php sql injection |
| CVE-2024-9327 | 2024-09-29 | code-projects Blood Bank System forgot.php sql injection |
| CVE-2024-9328 | 2024-09-29 | SourceCodester Advocate Office Management System edit_client.php sql injection |
| CVE-2024-28807 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext... |
| CVE-2024-28808 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Hidden... |
| CVE-2024-28809 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext... |
| CVE-2024-28810 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive... |
| CVE-2024-28811 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. A... |
| CVE-2024-28812 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. A... |
| CVE-2024-28813 | 2024-09-30 | An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented... |
| CVE-2024-35495 | 2024-09-30 | An Information Disclosure vulnerability in the Telemetry component in TP-Link... |
| CVE-2024-42017 | 2024-09-30 | An issue was discovered in Atos Eviden iCare 2.7.1 through... |
| CVE-2024-45200 | 2024-09-30 | In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN... |
| CVE-2024-45920 | 2024-09-30 | A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows... |
| CVE-2024-45993 | 2024-09-30 | Giflib Project v5.2.2 is vulnerable to a heap buffer overflow... |
| CVE-2024-46280 | 2024-09-30 | PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The... |
| CVE-2024-46293 | 2024-09-30 | Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect... |
| CVE-2024-46313 | 2024-09-30 | TP-Link WR941ND V6 has a stack overflow vulnerability in the... |
| CVE-2024-46475 | 2024-09-30 | A reflected cross-site scripting (XSS) vulnerability on the homepage of... |
| CVE-2024-46510 | 2024-09-30 | ESAFENET CDG v5 was discovered to contain a SQL injection... |
| CVE-2024-46511 | 2024-09-30 | LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions... |
| CVE-2024-46540 | 2024-09-30 | A remote code execution (RCE) vulnerability in the component /admin/store.php... |
| CVE-2024-46548 | 2024-09-30 | TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to... |
| CVE-2024-46549 | 2024-09-30 | An issue in the TP-Link MQTT Broker and API gateway... |
| CVE-2024-46635 | 2024-09-30 | An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before... |
| CVE-2024-3635 | 2024-09-30 | The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation |
| CVE-2024-8239 | 2024-09-30 | Starbox < 3.5.3 - Contributor+ Stored XSS |
| CVE-2024-8283 | 2024-09-30 | Slider by 10Web < 1.2.59 - Admin+ Stored XSS |
| CVE-2024-8379 | 2024-09-30 | Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection |
| CVE-2024-8536 | 2024-09-30 | Ultimate Blocks < 3.2.2 - Contributor+ Stored XSS |
| CVE-2024-8448 | 2024-09-30 | PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials |
| CVE-2024-8449 | 2024-09-30 | PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials |
| CVE-2024-8450 | 2024-09-30 | PLANET Technology switch devices - Hard-coded SNMPv1 read-write community string |
| CVE-2024-8451 | 2024-09-30 | PLANET Technology switch devices - SSH server DoS attack |
| CVE-2024-8452 | 2024-09-30 | PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials |
| CVE-2024-9329 | 2024-09-30 | Glassfish redirect to untrusted site |
| CVE-2024-8453 | 2024-09-30 | PLANET Technology switch devices - Weak hash for users' passwords |
| CVE-2024-8454 | 2024-09-30 | PLANET Technology switch devices - Swctrl service DoS attack |
| CVE-2024-8455 | 2024-09-30 | PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords |
| CVE-2024-8456 | 2024-09-30 | PLANET Technology switch devices - Missing Authentication for multiple HTTP routes |
| CVE-2024-8457 | 2024-09-30 | PLANET Technology switch devices - Stored cross-site scripting (XSS) in the User Management |
| CVE-2024-8458 | 2024-09-30 | PLANET Technology switch devices - Cross-site Request Forgery |
| CVE-2024-41999 | 2024-09-30 | Smart-tab Android app installed April 2023 or earlier contains an... |
| CVE-2024-42496 | 2024-09-30 | Smart-tab Android app installed April 2023 or earlier contains an... |
| CVE-2024-8459 | 2024-09-30 | PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords |
| CVE-2024-6394 | 2024-09-30 | Local File Inclusion in parisneo/lollms-webui |
| CVE-2024-45772 | 2024-09-30 | Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue |
| CVE-2024-47641 | 2024-09-30 | WordPress Confetti Fall Animation plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6051 | 2024-09-30 | Cross Application Scripting in Redlink SDK |
| CVE-2024-45792 | 2024-09-30 | MantisBT vulnerable to information disclosure with user profiles |
| CVE-2024-47063 | 2024-09-30 | Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint |