Lista CVE - 2024 / Ottobre
Visualizzazione 2001 - 2100 di 3570 CVE per Ottobre 2024 (Pagina 21 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-48049 | 2024-10-20 | WordPress Mighty Builder plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49604 | 2024-10-20 | WordPress Simple User Registration plugin <= 5.5 - Account Takeover vulnerability |
| CVE-2024-49328 | 2024-10-20 | WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability |
| CVE-2024-49611 | 2024-10-20 | WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-10194 | 2024-10-20 | WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow |
| CVE-2024-49286 | 2024-10-20 | WordPress SSV Events plugin <= 3.2.7 - Local File Inclusion to RCE vulnerability |
| CVE-2024-49626 | 2024-10-20 | WordPress Shipyaari Shipping Management plugin <= 1.2 - PHP Object Injection vulnerability |
| CVE-2024-49625 | 2024-10-20 | WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability |
| CVE-2024-49624 | 2024-10-20 | WordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerability |
| CVE-2024-49332 | 2024-10-20 | WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability |
| CVE-2024-10195 | 2024-10-20 | Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection |
| CVE-2024-49610 | 2024-10-20 | WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49607 | 2024-10-20 | WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49331 | 2024-10-20 | WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability |
| CVE-2024-49330 | 2024-10-20 | WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49329 | 2024-10-20 | WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49327 | 2024-10-20 | WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability |
| CVE-2024-49326 | 2024-10-20 | WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability |
| CVE-2024-49324 | 2024-10-20 | WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-49608 | 2024-10-20 | WordPress GERRYWORKS Post by Mail plugin <= 1.0 - Privilege Escalation vulnerability |
| CVE-2024-49623 | 2024-10-20 | WordPress Duplicate Title Validate plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-49622 | 2024-10-20 | WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49621 | 2024-10-20 | WordPress APA Register Newsletter Form plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-44061 | 2024-10-20 | WordPress EU/UK VAT Manager for WooCommerce plugin <= 2.12.14 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49620 | 2024-10-20 | WordPress FERMA.ru.net plugin <= 1.3.3 - SQL Injection vulnerability |
| CVE-2024-49619 | 2024-10-20 | WordPress Social Link Groups plugin <= 1.1.0 - SQL Injection vulnerability |
| CVE-2024-49618 | 2024-10-20 | WordPress MyTweetLinks plugin <= 1.1.1 - SQL Injection vulnerability |
| CVE-2024-49617 | 2024-10-20 | WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49616 | 2024-10-20 | WordPress Rate Own Post plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-49615 | 2024-10-20 | WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49614 | 2024-10-20 | WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability |
| CVE-2024-49613 | 2024-10-20 | WordPress Simple Code Insert Shortcode plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-49612 | 2024-10-20 | WordPress SW Contact Form plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-49609 | 2024-10-20 | WordPress Author Discussion plugin <= 0.2.2 - SQL Injection vulnerability |
| CVE-2024-47325 | 2024-10-20 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability |
| CVE-2024-49629 | 2024-10-20 | WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2024-49605 | 2024-10-20 | WordPress Community Lite Video Chat plugin <= 2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-49335 | 2024-10-20 | WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49628 | 2024-10-20 | WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49627 | 2024-10-20 | WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49306 | 2024-10-20 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49290 | 2024-10-20 | WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49275 | 2024-10-20 | WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49274 | 2024-10-20 | WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49272 | 2024-10-20 | WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49250 | 2024-10-20 | WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47634 | 2024-10-20 | WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49325 | 2024-10-20 | WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2024-44000 | 2024-10-20 | WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability |
| CVE-2024-30157 | 2024-10-21 | A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient... |
| CVE-2024-30158 | 2024-10-21 | A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation... |
| CVE-2024-31007 | 2024-10-21 | Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll. |
| CVE-2024-35285 | 2024-10-21 | A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. |
| CVE-2024-35286 | 2024-10-21 | A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful... |
| CVE-2024-35287 | 2024-10-21 | A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack... |
| CVE-2024-35315 | 2024-10-21 | A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation... |
| CVE-2024-40083 | 2024-10-21 | A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and... |
| CVE-2024-40084 | 2024-10-21 | A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. |
| CVE-2024-40085 | 2024-10-21 | A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being... |
| CVE-2024-40086 | 2024-10-21 | A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than... |
| CVE-2024-40087 | 2024-10-21 | Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative... |
| CVE-2024-40088 | 2024-10-21 | A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in... |
| CVE-2024-40089 | 2024-10-21 | A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo... |
| CVE-2024-40090 | 2024-10-21 | Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and... |
| CVE-2024-40091 | 2024-10-21 | Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. |
| CVE-2024-41712 | 2024-10-21 | A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input.... |
| CVE-2024-41714 | 2024-10-21 | A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to... |
| CVE-2024-46236 | 2024-10-21 | CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. |
| CVE-2024-46238 | 2024-10-21 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php |
| CVE-2024-46239 | 2024-10-21 | Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. |
| CVE-2024-46326 | 2024-10-21 | Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. |
| CVE-2024-47189 | 2024-10-21 | The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due... |
| CVE-2024-47223 | 2024-10-21 | A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack... |
| CVE-2024-47224 | 2024-10-21 | A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack... |
| CVE-2024-47912 | 2024-10-21 | A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due... |
| CVE-2024-48231 | 2024-10-21 | Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php. |
| CVE-2024-48509 | 2024-10-21 | Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious... |
| CVE-2024-48597 | 2024-10-21 | Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. |
| CVE-2024-48645 | 2024-10-21 | In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on... |
| CVE-2024-48659 | 2024-10-21 | An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. |
| CVE-2024-30159 | 2024-10-21 | A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to... |
| CVE-2024-30160 | 2024-10-21 | A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due... |
| CVE-2024-35314 | 2024-10-21 | A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection... |
| CVE-2024-41713 | 2024-10-21 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to... |
| CVE-2024-48709 | 2024-10-21 | CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php |
| CVE-2024-10196 | 2024-10-21 | code-projects Pharmacy Management System add_new_invoice.php sql injection |
| CVE-2024-10197 | 2024-10-21 | code-projects Pharmacy Management System Manage Supplier Page manage_supplier.php cross site scripting |
| CVE-2024-10198 | 2024-10-21 | code-projects Pharmacy Management System Manage Customer Page manage_customer.php cross site scripting |
| CVE-2024-43689 | 2024-10-21 | Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. |
| CVE-2024-10199 | 2024-10-21 | code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting |
| CVE-2024-10200 | 2024-10-21 | Wellchoose Administrative Management System - Arbitrary File Read through Path Traversal |
| CVE-2024-10201 | 2024-10-21 | Wellchoose Administrative Management System - Arbitrary File Upload |
| CVE-2024-10202 | 2024-10-21 | Wellchoose Administrative Management System - OS Command Injection |
| CVE-2024-8625 | 2024-10-21 | TS Poll – Survey, Versus Poll, Image Poll, Video Poll < 2.4.0 - Admin+ SQL Injection |
| CVE-2024-47328 | 2024-10-21 | WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 3.1.2 - SQL Injection vulnerability |
| CVE-2024-43945 | 2024-10-21 | WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49321 | 2024-10-21 | WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability |
| CVE-2024-49293 | 2024-10-21 | WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability |
| CVE-2024-49273 | 2024-10-21 | WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47675 | 2024-10-21 | bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() |