CVE List - 2024 / September
Showing 401 - 500 of 2518 CVEs for September 2024 (Page 5 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-44739 | 2024-09-06 | Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability... |
| CVE-2024-44837 | 2024-09-06 | A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of... |
| CVE-2024-44838 | 2024-09-06 | RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-44839 | 2024-09-06 | RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-44844 | 2024-09-06 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command... |
| CVE-2024-44845 | 2024-09-06 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command... |
| CVE-2024-45751 | 2024-09-06 | tgt (aka Linux target framework) before 1.0.93 attempts to achieve... |
| CVE-2024-45758 | 2024-09-06 | H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the... |
| CVE-2024-45771 | 2024-09-06 | RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-40865 | 2024-09-06 | The issue was addressed by suspending Persona when the virtual... |
| CVE-2024-7415 | 2024-09-06 | Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-8480 | 2024-09-06 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-8247 | 2024-09-06 | Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation |
| CVE-2024-38486 | 2024-09-06 | Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x... |
| CVE-2024-39585 | 2024-09-06 | Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x,... |
| CVE-2024-6792 | 2024-09-06 | WP ULike < 4.7.2.1 - Subscriber+ Stored-XSS |
| CVE-2024-7349 | 2024-09-06 | LifterLMS <= 7.7.5 - Authenticated (Admin+) SQL Injection |
| CVE-2024-8292 | 2024-09-06 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update |
| CVE-2024-8317 | 2024-09-06 | WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_alignment Attribute |
| CVE-2024-8427 | 2024-09-06 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2023-52915 | 2024-09-06 | media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer |
| CVE-2023-52916 | 2024-09-06 | media: aspeed: Fix memory overwrite if timing is 1600x900 |
| CVE-2024-1744 | 2024-09-06 | Information Disclosure in Ariva Computer's Accord ORS |
| CVE-2024-45040 | 2024-09-06 | gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property |
| CVE-2024-45039 | 2024-09-06 | gnark's Groth16 commitment extension unsound for more than one commitment |
| CVE-2024-45299 | 2024-09-06 | alf.io's preloaded data as json is not escaped correctly |
| CVE-2024-45300 | 2024-09-06 | Bypassing promo code limitations with race conditions |
| CVE-2024-45405 | 2024-09-06 | gix-path improperly resolves configuration path reported by Git |
| CVE-2024-6445 | 2024-09-06 | Authenticated Local File Inclusion (LFI) in DataFlowX's DataDiodeX |
| CVE-2024-7622 | 2024-09-06 | Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending |
| CVE-2024-7599 | 2024-09-06 | Advanced Sermons <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8428 | 2024-09-06 | ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover |
| CVE-2024-7493 | 2024-09-06 | WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta |
| CVE-2024-7611 | 2024-09-06 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget |
| CVE-2024-25584 | 2024-09-06 | Dovecot accepts dot LF DOT LF symbol as end of... |
| CVE-2024-8509 | 2024-09-06 | Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication |
| CVE-2024-45294 | 2024-09-06 | `org.hl7.fhir.core` XXE vulnerability in XSLT transforms |
| CVE-2024-8517 | 2024-09-06 | SPIP Bigup Multipart File Upload OS Command Injection |
| CVE-2024-8394 | 2024-09-06 | When aborting the verification of an OTR chat session, an... |
| CVE-2023-50366 | 2024-09-06 | QTS, QuTS hero |
| CVE-2023-51366 | 2024-09-06 | QTS, QuTS hero |
| CVE-2023-51367 | 2024-09-06 | QTS, QuTS hero |
| CVE-2023-51368 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-21897 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-21898 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-21903 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-27122 | 2024-09-06 | Notes Station 3 |
| CVE-2024-27126 | 2024-09-06 | Notes Station 3 |
| CVE-2022-27592 | 2024-09-06 | QVR Smart Client |
| CVE-2024-21904 | 2024-09-06 | QTS, QuTS hero |
| CVE-2023-47563 | 2024-09-06 | Video Station |
| CVE-2023-50360 | 2024-09-06 | Video Station |
| CVE-2023-45038 | 2024-09-06 | Music Station |
| CVE-2023-39300 | 2024-09-06 | QTS |
| CVE-2023-39298 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-32771 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-27125 | 2024-09-06 | Helpdesk |
| CVE-2024-32762 | 2024-09-06 | QuLog Center |
| CVE-2023-34974 | 2024-09-06 | QTS, QuTS hero, QuTScloud, QVR, QES |
| CVE-2023-34979 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-21906 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-32763 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-38641 | 2024-09-06 | QTS, QuTS hero |
| CVE-2024-38642 | 2024-09-06 | QuMagie |
| CVE-2024-38640 | 2024-09-06 | Download Station |
| CVE-2024-7652 | 2024-09-06 | An error in the ECMA-262 specification relating to Async Generators... |
| CVE-2024-34155 | 2024-09-06 | Stack exhaustion in all Parse functions in go/parser |
| CVE-2024-34156 | 2024-09-06 | Stack exhaustion in Decoder.Decode in encoding/gob |
| CVE-2024-34158 | 2024-09-06 | Stack exhaustion in Parse in go/build/constraint |
| CVE-2024-45498 | 2024-09-07 | Apache Airflow: Command Injection in an example DAG |
| CVE-2024-45034 | 2024-09-07 | Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes |
| CVE-2024-8521 | 2024-09-07 | Wavelog Live QSO qso index cross site scripting |
| CVE-2024-8538 | 2024-09-07 | Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure |
| CVE-2024-6849 | 2024-09-07 | Preloader Plus – WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8523 | 2024-09-07 | lmxcms SQL Command Execution Module admin.php formatData code injection |
| CVE-2024-1596 | 2024-09-07 | Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload |
| CVE-2024-7112 | 2024-09-07 | Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection |
| CVE-2024-7620 | 2024-09-07 | Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import |
| CVE-2024-6010 | 2024-09-07 | Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation |
| CVE-2024-8554 | 2024-09-07 | SourceCodester Clinics Patient Management System users.php cross site scripting |
| CVE-2024-37068 | 2024-09-07 | IBM Maximo Application Suite information disclosure |
| CVE-2024-40680 | 2024-09-07 | IBM MQ denial of service |
| CVE-2024-40681 | 2024-09-07 | IBM MQ security bypass |
| CVE-2024-8555 | 2024-09-07 | SourceCodester Clinics Patient Management System congratulations.php redirect |
| CVE-2024-8557 | 2024-09-07 | SourceCodester Food Ordering Management System cancel-order.php sql injection |
| CVE-2024-8558 | 2024-09-07 | SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input |
| CVE-2023-30584 | 2024-09-07 | A vulnerability has been discovered in Node.js version 20, specifically... |
| CVE-2023-30583 | 2024-09-07 | fs.openAsBlob() can bypass the experimental permission model when using the... |
| CVE-2023-30587 | 2024-09-07 | A vulnerability in Node.js version 20 allows for bypassing restrictions... |
| CVE-2023-30582 | 2024-09-07 | A vulnerability has been identified in Node.js version 20, affecting... |
| CVE-2024-36137 | 2024-09-07 | A vulnerability has been identified in Node.js, affecting users of... |
| CVE-2023-39333 | 2024-09-07 | Maliciously crafted export names in an imported WebAssembly module can... |
| CVE-2024-36138 | 2024-09-07 | Bypass incomplete fix of CVE-2024-27980, that arises from improper handling... |
| CVE-2023-46809 | 2024-09-07 | Node.js versions which bundle an unpatched version of OpenSSL or... |
| CVE-2024-42019 | 2024-09-07 | A vulnerability that allows an attacker to access the NTLM... |
| CVE-2024-39718 | 2024-09-07 | An improper input validation vulnerability that allows a low-privileged user... |
| CVE-2024-40710 | 2024-09-07 | A series of related high-severity vulnerabilities, the most notable enabling... |
| CVE-2024-39714 | 2024-09-07 | A code injection vulnerability that permits a low-privileged user to... |
| CVE-2024-42020 | 2024-09-07 | A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that... |
| CVE-2024-38651 | 2024-09-07 | A code injection vulnerability can allow a low-privileged user to... |