CVE List - 2024 / September
Showing 501 - 600 of 2518 CVEs for September 2024 (Page 6 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-40712 | 2024-09-07 | A path traversal vulnerability allows an attacker with a low-privileged... |
| CVE-2024-39715 | 2024-09-07 | A code injection vulnerability that allows a low-privileged user with... |
| CVE-2024-40711 | 2024-09-07 | A deserialization of untrusted data vulnerability with a malicious payload... |
| CVE-2024-40709 | 2024-09-07 | A missing authorization vulnerability allows a local low-privileged user on... |
| CVE-2024-40713 | 2024-09-07 | A vulnerability that allows a user who has been assigned... |
| CVE-2024-42022 | 2024-09-07 | An incorrect permission assignment vulnerability allows an attacker to modify... |
| CVE-2024-42024 | 2024-09-07 | A vulnerability that allows an attacker in possession of the... |
| CVE-2024-40714 | 2024-09-07 | An improper certificate validation vulnerability in TLS certificate validation allows... |
| CVE-2024-40718 | 2024-09-07 | A server side request forgery vulnerability allows a low-privileged user... |
| CVE-2024-42023 | 2024-09-07 | An improper access control vulnerability allows low-privileged users to execute... |
| CVE-2024-42021 | 2024-09-07 | An improper access control vulnerability allows an attacker with valid... |
| CVE-2024-38650 | 2024-09-07 | An authentication bypass vulnerability can allow a low privileged attacker... |
| CVE-2024-8559 | 2024-09-07 | SourceCodester Online Food Menu delete-menu.php sql injection |
| CVE-2024-8560 | 2024-09-07 | SourceCodester Simple Invoice Generator System save_invoice.php sql injection |
| CVE-2024-8561 | 2024-09-07 | SourceCodester PHP CRUD Delete Person delete.php sql injection |
| CVE-2024-8562 | 2024-09-07 | SourceCodester PHP CRUD Add.php cross site scripting |
| CVE-2024-8563 | 2024-09-07 | SourceCodester PHP CRUD update.php cross site scripting |
| CVE-2024-8564 | 2024-09-07 | SourceCodester PHP CRUD update.php sql injection |
| CVE-2024-8565 | 2024-09-07 | SourceCodesters Clinics Patient Management System print_diseases.php sql injection |
| CVE-2024-8566 | 2024-09-07 | code-projects Online Shop Store settings.php cross site scripting |
| CVE-2024-8567 | 2024-09-08 | itsourcecode Payroll Management System ajax.php sql injection |
| CVE-2024-8568 | 2024-09-08 | Mini-Tmall 1 rewardMapper.select sql injection |
| CVE-2024-8569 | 2024-09-08 | code-projects Hospital Management System user-login.php sql injection |
| CVE-2024-6852 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Settings Update via CSRF |
| CVE-2024-6853 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Welcome Popup Update via CSRF |
| CVE-2024-6855 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Exit Popup Update via CSRF |
| CVE-2024-6856 | 2024-09-08 | WP MultiTasking <= 0.1.12 - SMTP Settings Update via CSRF |
| CVE-2024-6859 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode |
| CVE-2024-6924 | 2024-09-08 | TrueBooker < 1.0.3 - Multiple Unauthenticated SQLi |
| CVE-2024-6925 | 2024-09-08 | TrueBooker < 1.0.3 - Settings Update via CSRF |
| CVE-2024-6928 | 2024-09-08 | Opti Marketing <= 2.0.9 - Unauthenticated SQLi |
| CVE-2024-8570 | 2024-09-08 | itsourcecode Tailoring Management System inccatadd.php sql injection |
| CVE-2024-8571 | 2024-09-08 | erjemin roll_cms views.py information exposure |
| CVE-2024-8572 | 2024-09-08 | Gouniverse GoLang CMS FrontendHandler.go PageRenderHtmlByAlias cross site scripting |
| CVE-2024-8573 | 2024-09-08 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow |
| CVE-2024-8574 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setParentalRules os command injection |
| CVE-2024-42341 | 2024-09-08 | Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2024-42342 | 2024-09-08 | Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| CVE-2024-42343 | 2024-09-08 | Loway - CWE-204: Observable Response Discrepancy |
| CVE-2024-8575 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow |
| CVE-2024-8576 | 2024-09-08 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow |
| CVE-2024-8577 | 2024-09-08 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow |
| CVE-2024-8578 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setWiFiMeshName buffer overflow |
| CVE-2024-8579 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setWiFiRepeaterCfg buffer overflow |
| CVE-2024-8580 | 2024-09-08 | TOTOLINK AC1200 T8 shadow.sample hard-coded password |
| CVE-2024-8582 | 2024-09-08 | SourceCodester Food Ordering Management System index.php cross site scripting |
| CVE-2024-8583 | 2024-09-08 | SourceCodester Online Bank Management System Feedback mfeedback.php cross site scripting |
| CVE-2023-50883 | 2024-09-09 | ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is... |
| CVE-2024-24510 | 2024-09-09 | Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows... |
| CVE-2024-42759 | 2024-09-09 | An issue in Ellevo v.6.2.0.38160 allows a remote attacker to... |
| CVE-2024-44085 | 2024-09-09 | ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object... |
| CVE-2024-44333 | 2024-09-09 | D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2... |
| CVE-2024-44334 | 2024-09-09 | D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2... |
| CVE-2024-44335 | 2024-09-09 | D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2... |
| CVE-2024-44410 | 2024-09-09 | D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the... |
| CVE-2024-44411 | 2024-09-09 | D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the... |
| CVE-2024-44720 | 2024-09-09 | SeaCMS v13.1 was discovered to an arbitrary file read vulnerability... |
| CVE-2024-44721 | 2024-09-09 | SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF)... |
| CVE-2024-44724 | 2024-09-09 | AutoCMS v5.4 was discovered to contain a PHP code injection... |
| CVE-2024-44725 | 2024-09-09 | AutoCMS v5.4 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-44849 | 2024-09-09 | Qualitor up to 8.24 is vulnerable to Remote Code Execution... |
| CVE-2024-44902 | 2024-09-09 | A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers... |
| CVE-2024-27364 | 2024-09-09 | An issue was discovered in Mobile Processor, Wearable Processor Exynos... |
| CVE-2024-27365 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos Exynos... |
| CVE-2024-27366 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor, Wearable Processor... |
| CVE-2024-27367 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos Wearable... |
| CVE-2024-27368 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos Mobile... |
| CVE-2024-27383 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-27387 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2024-44375 | 2024-09-09 | D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the... |
| CVE-2024-8584 | 2024-09-09 | LEARNING DIGITAL Orca HCM - Missing Authentication |
| CVE-2024-8585 | 2024-09-09 | LEARNING DIGITAL Orca HCM - Arbitrary File Download |
| CVE-2024-8586 | 2024-09-09 | Uniong WebITR - Open Redirect |
| CVE-2024-45625 | 2024-09-09 | Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1.... |
| CVE-2024-5561 | 2024-09-09 | Popup Maker < 1.19.1 - Admin+ Stored XSS |
| CVE-2024-6910 | 2024-09-09 | EventON < 2.2.17 - Admin+ Stored XSS |
| CVE-2024-7687 | 2024-09-09 | AZIndex <= 0.8.1 - Stored XSS via CSRF |
| CVE-2024-7688 | 2024-09-09 | AZIndex <= 0.8.1 - Index Deletion via CSRF |
| CVE-2024-7689 | 2024-09-09 | Snapshot Backup <= 2.1.1 - Stored XSS via CSRF |
| CVE-2024-7918 | 2024-09-09 | Pocket Widget <= 0.1.3 - Admin+ Stored XSS |
| CVE-2024-45203 | 2024-09-09 | Improper authorization in handler for custom URL scheme issue in... |
| CVE-2024-37288 | 2024-09-09 | A deserialization issue in Kibana can lead to arbitrary code... |
| CVE-2024-8601 | 2024-09-09 | Improper Access Control Vulnerability in TechExcel Back Office Software |
| CVE-2024-6572 | 2024-09-09 | Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' |
| CVE-2024-7015 | 2024-09-09 | Improper Authentication in Profelis Informatics and Consulting's PassBOX |
| CVE-2024-40643 | 2024-09-09 | Joplin has a parsing error leading to Cross-site Scripting (XSS) |
| CVE-2024-8372 | 2024-09-09 | AngularJS improper sanitization in 'srcset' attribute |
| CVE-2024-8373 | 2024-09-09 | AngularJS improper sanitization in '<source>' element |
| CVE-2024-45041 | 2024-09-09 | External Secrets Operator vulnerable to privilege escalation |
| CVE-2024-8042 | 2024-09-09 | Rapid7 Insight Platform Unauthorized Empty Group Creation |
| CVE-2024-8604 | 2024-09-09 | SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting |
| CVE-2024-8605 | 2024-09-09 | code-projects Inventory Management Registration Form registration.php cross site scripting |
| CVE-2024-45406 | 2024-09-09 | Craft CMS stored XSS in breadcrumb list and title fields |
| CVE-2024-45411 | 2024-09-09 | Twig has a possible sandbox bypass |
| CVE-2024-7260 | 2024-09-09 | Keycloak-core: open redirect on account page |
| CVE-2024-7318 | 2024-09-09 | Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity |
| CVE-2024-7341 | 2024-09-09 | Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters |
| CVE-2024-45296 | 2024-09-09 | path-to-regexp outputs backtracking regular expressions |
| CVE-2024-42500 | 2024-09-09 | HPE has identified a denial of service vulnerability in HPE... |
| CVE-2024-6795 | 2024-09-09 | Vulnerability in Baxter Connex Health Portal |