Lista CVE - 2024 / Ottobre
Visualizzazione 1901 - 2000 di 3571 CVE per Ottobre 2024 (Pagina 20 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-9366 | 2024-10-18 | Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-38820 | 2024-10-18 | CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception |
| CVE-2024-46897 | 2024-10-18 | Incorrect permission assignment for critical resource issue exists in Exment... |
| CVE-2024-47793 | 2024-10-18 | Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier... |
| CVE-2024-9206 | 2024-10-18 | MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting |
| CVE-2024-9703 | 2024-10-18 | Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2023-6055 | 2024-10-18 | Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158) |
| CVE-2023-6056 | 2024-10-18 | Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164) |
| CVE-2024-10080 | 2024-10-18 | WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta |
| CVE-2024-10055 | 2024-10-18 | Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode |
| CVE-2024-10079 | 2024-10-18 | WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection |
| CVE-2024-10078 | 2024-10-18 | WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2023-6057 | 2024-10-18 | Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166) |
| CVE-2023-6058 | 2024-10-18 | HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) |
| CVE-2023-49567 | 2024-10-18 | Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239) |
| CVE-2023-49570 | 2024-10-18 | Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210) |
| CVE-2024-4739 | 2024-10-18 | MXsecurity License Generation Function Disclosure |
| CVE-2024-4740 | 2024-10-18 | MXsecurity Use of Hard-coded Credentials |
| CVE-2024-47485 | 2024-10-18 | There is a CSV injection vulnerability in some HikCentral Master... |
| CVE-2024-47487 | 2024-10-18 | There is a SQL injection vulnerability in some HikCentral Professional... |
| CVE-2024-47486 | 2024-10-18 | There is an XSS vulnerability in some HikCentral Master Lite... |
| CVE-2024-10057 | 2024-10-18 | RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode |
| CVE-2024-9425 | 2024-10-18 | Advanced Category and Custom Taxonomy Image <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode |
| CVE-2024-49243 | 2024-10-18 | WordPress Dynamic Elementor Addons plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-49241 | 2024-10-18 | WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49240 | 2024-10-18 | WordPress AB Categories Search Widget plugin <= 0.2.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49239 | 2024-10-18 | WordPress Add Categories Post Footer plugin <= 2.2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49238 | 2024-10-18 | WordPress ADIF Log Search Widget plugin <= 1.0f - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49236 | 2024-10-18 | WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49234 | 2024-10-18 | WordPress Plexx Elementor Extension plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49233 | 2024-10-18 | WordPress MAS Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49232 | 2024-10-18 | WordPress El mejor Cluster plugin <= 1.1.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49231 | 2024-10-18 | WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49230 | 2024-10-18 | WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49228 | 2024-10-18 | WordPress bVerse Convert plugin <= 1.3.7.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49225 | 2024-10-18 | WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49224 | 2024-10-18 | WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43300 | 2024-10-18 | WordPress Movie Database plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9674 | 2024-10-18 | Debrandify · Remove or Replace WordPress Branding <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-47240 | 2024-10-18 | Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default... |
| CVE-2024-9537 | 2024-10-18 | ScienceLogic SL1 unspecified vulnerability |
| CVE-2024-42508 | 2024-10-18 | This vulnerability could be exploited, leading to unauthorized disclosure of... |
| CVE-2023-6080 | 2024-10-18 | Privilege Escalation to SYSTEM in Lakeside Software Installer |
| CVE-2024-47241 | 2024-10-18 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s)... |
| CVE-2024-48016 | 2024-10-18 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s)... |
| CVE-2024-10120 | 2024-10-18 | wfh45678 Radar upload unrestricted upload |
| CVE-2024-9593 | 2024-10-18 | Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution |
| CVE-2024-10121 | 2024-10-18 | wfh45678 Radar Interface authorization |
| CVE-2024-49361 | 2024-10-18 | Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution |
| CVE-2024-10122 | 2024-10-18 | Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking |
| CVE-2024-10123 | 2024-10-18 | Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow |
| CVE-2024-10128 | 2024-10-18 | Topdata Inner Rep Plus WebServer td.js.gz risky encryption |
| CVE-2024-10129 | 2024-10-18 | HFO4 shudong-share Share create_share.php sql injection |
| CVE-2024-10130 | 2024-10-18 | Tenda AC8 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow |
| CVE-2024-43577 | 2024-10-18 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-37404 | 2024-10-18 | Improper Input Validation in the admin portal of Ivanti Connect... |
| CVE-2024-29821 | 2024-10-18 | Ivanti DSM < version 2024.2 allows authenticated users on the... |
| CVE-2024-29213 | 2024-10-18 | Ivanti DSM < version 2024.2 allows authenticated users on the... |
| CVE-2024-9219 | 2024-10-19 | WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting |
| CVE-2019-25218 | 2024-10-19 | Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.3 - Authenticated (Admin+) SQL Injection |
| CVE-2024-10131 | 2024-10-19 | Remote Code Execution in infiniflow/ragflow |
| CVE-2024-21536 | 2024-10-19 | Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and... |
| CVE-2023-6243 | 2024-10-19 | EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email |
| CVE-2024-9889 | 2024-10-19 | ElementInvader Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Information Exposure |
| CVE-2024-10133 | 2024-10-19 | ESAFENET CDG NetSecPolicyAjax.java updateNetSecPolicyPriority sql injection |
| CVE-2024-9897 | 2024-10-19 | StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode |
| CVE-2024-10134 | 2024-10-19 | ESAFENET CDG MultiServerAjax.java connectLogout sql injection |
| CVE-2024-10135 | 2024-10-19 | ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection |
| CVE-2024-10136 | 2024-10-19 | code-projects Pharmacy Management System manage_invoice.php sql injection |
| CVE-2024-10137 | 2024-10-19 | code-projects Pharmacy Management System manage_medicine.php sql injection |
| CVE-2024-10138 | 2024-10-19 | code-projects Pharmacy Management System add_new_purchase.php sql injection |
| CVE-2024-10139 | 2024-10-19 | code-projects Pharmacy Management System add_new_supplier.php sql injection |
| CVE-2024-10140 | 2024-10-19 | code-projects Pharmacy Management System manage_supplier.php sql injection |
| CVE-2024-10141 | 2024-10-19 | jsbroks COCO Annotator Session predictable state |
| CVE-2024-10142 | 2024-10-19 | code-projects Blood Bank System viewrequest.php cross site scripting |
| CVE-2024-10153 | 2024-10-19 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php sql injection |
| CVE-2024-10154 | 2024-10-19 | PHPGurukul Boat Booking System Check Booking Status Page status.php sql injection |
| CVE-2024-10155 | 2024-10-19 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php cross site scripting |
| CVE-2024-10156 | 2024-10-19 | PHPGurukul Boat Booking System Sign In Page index.php sql injection |
| CVE-2024-10157 | 2024-10-19 | PHPGurukul Boat Booking System Reset Your Password Page password-recovery.php sql injection |
| CVE-2024-10158 | 2024-10-19 | PHPGurukul Boat Booking System session_start session fixiation |
| CVE-2024-10159 | 2024-10-19 | PHPGurukul Boat Booking System My Profile Page profile.php sql injection |
| CVE-2024-10160 | 2024-10-20 | PHPGurukul Boat Booking System BW Dates Report Page bwdates-report-details.php sql injection |
| CVE-2024-10161 | 2024-10-20 | PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload |
| CVE-2024-10162 | 2024-10-20 | PHPGurukul Boat Booking System Edit Subdomain Details Page edit-subadmin.php sql injection |
| CVE-2024-10163 | 2024-10-20 | SourceCodester Sentiment Based Movie Rating System movie_details.php sql injection |
| CVE-2024-10165 | 2024-10-20 | Codezips Sales Management System deletecustcom.php sql injection |
| CVE-2024-10166 | 2024-10-20 | Codezips Sales Management System checkuser.php sql injection |
| CVE-2024-10167 | 2024-10-20 | Codezips Sales Management System deletecustind.php sql injection |
| CVE-2024-10169 | 2024-10-20 | code-projects Hospital Management System change-password.php sql injection |
| CVE-2024-10170 | 2024-10-20 | code-projects Hospital Management System get_doctor.php sql injection |
| CVE-2024-10171 | 2024-10-20 | code-projects Blood Bank System massage.php sql injection |
| CVE-2024-10173 | 2024-10-20 | didi DDMQ Console Module improper authentication |
| CVE-2024-10191 | 2024-10-20 | PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting |
| CVE-2024-10192 | 2024-10-20 | PHPGurukul IFSC Code Finder Project search.php cross site scripting |
| CVE-2024-10193 | 2024-10-20 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection |
| CVE-2024-49631 | 2024-10-20 | WordPress Easy Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49630 | 2024-10-20 | WordPress WP Education for Elementor plugin <= 1.2.8 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49606 | 2024-10-20 | WordPress Google Map Locations plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49334 | 2024-10-20 | WordPress jLayer Parallax Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |