VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2024 / Ottobre

Visualizzazione 3201 - 3300 di 3570 CVE per Ottobre 2024 (Pagina 33 di 36)

ID CVE Data Titolo
CVE-2024-48206 2024-10-29 A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.
CVE-2024-48461 2024-10-29 Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field.
CVE-2024-48573 2024-10-29 A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature.
CVE-2024-51075 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata...
CVE-2024-51076 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata"...
CVE-2024-51180 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.
CVE-2024-51181 2024-10-29 A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.
CVE-2024-51568 2024-10-29 CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
CVE-2024-48572 2024-10-29 A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user...
CVE-2024-48955 2024-10-29 Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system...
CVE-2024-51378 2024-10-29 getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which...
CVE-2024-51567 2024-10-29 upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a...
CVE-2024-10477 2024-10-29 LinZhaoguan pb-cms Permission Management Page admin#permissions cross site scripting
CVE-2024-10478 2024-10-29 LinZhaoguan pb-cms Edit Article edit cross site scripting
CVE-2024-45656 2024-10-29 IBM Flexible Service Processor hard coded credentials
CVE-2024-50068 2024-10-29 mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()
CVE-2024-50069 2024-10-29 pinctrl: apple: check devm_kasprintf() returned value
CVE-2024-50070 2024-10-29 pinctrl: stm32: check devm_kasprintf() returned value
CVE-2024-50071 2024-10-29 pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()
CVE-2024-50072 2024-10-29 x86/bugs: Use code segment selector for VERW operand
CVE-2024-50073 2024-10-29 tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
CVE-2024-50074 2024-10-29 parport: Proper fix for array out-of-bounds access
CVE-2024-50075 2024-10-29 xhci: tegra: fix checked USB2 port number
CVE-2024-50076 2024-10-29 vt: prevent kernel-infoleak in con_font_get()
CVE-2024-50077 2024-10-29 Bluetooth: ISO: Fix multiple init when debugfs is disabled
CVE-2024-50078 2024-10-29 Bluetooth: Call iso_exit() on module unload
CVE-2024-50079 2024-10-29 io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work
CVE-2024-50080 2024-10-29 ublk: don't allow user copy for unprivileged device
CVE-2024-50081 2024-10-29 blk-mq: setup queue ->tag_set before initializing hctx
CVE-2024-50082 2024-10-29 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
CVE-2024-50083 2024-10-29 tcp: fix mptcp DSS corruption due to large pmtu xmit
CVE-2024-50084 2024-10-29 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
CVE-2024-50085 2024-10-29 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
CVE-2024-50086 2024-10-29 ksmbd: fix user-after-free from session log off
CVE-2024-50087 2024-10-29 btrfs: fix uninitialized pointer free on read_alloc_one_name() error
CVE-2024-50088 2024-10-29 btrfs: fix uninitialized pointer free in add_inode_ref()
CVE-2024-10479 2024-10-29 LinZhaoguan pb-cms Theme Management Module admin#themes cross site scripting
CVE-2024-22065 2024-10-29 ZTE MF258 Pro product has a OS Command injection vulnerability
CVE-2024-10008 2024-10-29 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation
CVE-2024-10000 2024-10-29 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality
CVE-2024-10312 2024-10-29 Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVE-2024-50494 2024-10-29 WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability
CVE-2024-50493 2024-10-29 WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability
CVE-2024-50484 2024-10-29 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
CVE-2024-50482 2024-10-29 WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability
CVE-2024-50480 2024-10-29 WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability
CVE-2024-10241 2024-10-29 Private channel names leaked with Ctrl+K when ElasticSearch is enabled
CVE-2024-50052 2024-10-29 Arbitrary post deletion via Playbooks /ignore-thread endpoint
CVE-2024-47401 2024-10-29 DoS via Amplified GraphQL Response in Playbooks
CVE-2024-46872 2024-10-29 Client-Side Path Traversal Leading to CSRF in Playbooks
CVE-2024-50473 2024-10-29 WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
CVE-2024-9438 2024-10-29 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
CVE-2024-10048 2024-10-29 Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page
CVE-2024-50427 2024-10-29 WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
CVE-2024-50420 2024-10-29 WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
CVE-2024-50490 2024-10-29 WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-50485 2024-10-29 WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
CVE-2024-50481 2024-10-29 WordPress Bstone Demo Importer plugin <= 1.0.1 - Privilege Escalation vulnerability
CVE-2024-50476 2024-10-29 WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-50475 2024-10-29 WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-50426 2024-10-29 WordPress Survey Maker plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50418 2024-10-29 WordPress Time Slot plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50415 2024-10-29 WordPress Ads.txt & App-ads.txt Manager for WordPress plugin <= 1.1.7.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-50414 2024-10-29 WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50413 2024-10-29 WordPress Import and export users and customers plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50412 2024-10-29 WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.15 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50411 2024-10-29 WordPress WP Abstracts plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49642 2024-10-29 WordPress Todo Custom Field plugin <= 3.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-45477 2024-10-29 Apache NiFi: Improper Neutralization of Input in Parameter Description
CVE-2024-22066 2024-10-29 There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
CVE-2024-9376 2024-10-29 Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-10436 2024-10-29 WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion
CVE-2024-10437 2024-10-29 WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation
CVE-2024-10227 2024-10-29 affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode
CVE-2024-50550 2024-10-29 WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability
CVE-2024-50410 2024-10-29 WordPress Namaste! LMS plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50409 2024-10-29 WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-50407 2024-10-29 WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49692 2024-10-29 WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49679 2024-10-29 WordPress WPKoi Templates for Elementor plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-10184 2024-10-29 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode
CVE-2024-10185 2024-10-29 StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode
CVE-2024-10266 2024-10-29 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget
CVE-2024-10233 2024-10-29 SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode
CVE-2024-10360 2024-10-29 Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVE-2024-49678 2024-10-29 WordPress js paper theme <= 2.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49673 2024-10-29 WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49672 2024-10-29 WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-49670 2024-10-29 WordPress Client Power Tools Portal plugin <= 1.8.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49667 2024-10-29 WordPress Local Business Addons For Elementor plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-49665 2024-10-29 WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-49664 2024-10-29 WordPress chatplusjp plugin <= 1.02 - Cross Site Scripting (XSS) vulnerability
CVE-2024-10181 2024-10-29 Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode
CVE-2024-49663 2024-10-29 WordPress uCAT – Next Story plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49662 2024-10-29 WordPress Simple Load More plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49661 2024-10-29 WordPress leenk.me plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49660 2024-10-29 WordPress Campus Explorer Widget plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49659 2024-10-29 WordPress Coub plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-49656 2024-10-29 WordPress DocumentPress plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-49654 2024-10-29 WordPress Extra Privacy for Elementor plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability