Lista CVE - 2024 / Ottobre
Visualizzazione 301 - 400 di 3571 CVE per Ottobre 2024 (Pagina 4 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-9306 | 2024-10-04 | WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-9435 | 2024-10-04 | ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting |
| CVE-2024-9071 | 2024-10-04 | Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9271 | 2024-10-04 | Re:WP <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-6400 | 2024-10-04 | Cleartext Storage of Username and Password in Finrota's Netahsilat |
| CVE-2024-47651 | 2024-10-04 | Parameter Pollution Vulnerability |
| CVE-2024-47652 | 2024-10-04 | Insecure Authentication Vulnerability |
| CVE-2024-9481 | 2024-10-04 | Out of Bounds write on scan of malformed eml file may crash the application |
| CVE-2024-47653 | 2024-10-04 | Missing Authorization Vulnerability |
| CVE-2024-47654 | 2024-10-04 | No Rate Limiting vulnerability |
| CVE-2024-47655 | 2024-10-04 | Unrestricted File Upload Vulnerability |
| CVE-2024-9482 | 2024-10-04 | Out of Bounds write on scan of malformed Mach-O file may crash the application |
| CVE-2024-47656 | 2024-10-04 | User Enumeration vulnerability |
| CVE-2024-9483 | 2024-10-04 | Uninitialized variable in digital signiture verification may crash the application |
| CVE-2024-47657 | 2024-10-04 | Improper Access Control Vulnerability |
| CVE-2024-9513 | 2024-10-04 | Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure |
| CVE-2024-47789 | 2024-10-04 | Credential Leakage Vulnerability |
| CVE-2024-9484 | 2024-10-04 | An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature... |
| CVE-2024-47790 | 2024-10-04 | Missing Authorization Vulnerability |
| CVE-2024-8499 | 2024-10-04 | Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice |
| CVE-2024-9410 | 2024-10-04 | Ada.cx SSRF via Sentry Misconfiguration |
| CVE-2024-9514 | 2024-10-04 | D-Link DIR-605L formSetDomainFilter buffer overflow |
| CVE-2024-9515 | 2024-10-04 | D-Link DIR-605L formSetQoS buffer overflow |
| CVE-2024-47765 | 2024-10-04 | Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS |
| CVE-2024-47768 | 2024-10-04 | Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery |
| CVE-2024-47769 | 2024-10-04 | IDURAR has a Path Traversal (unauthenticated user can read sensitive data) |
| CVE-2024-47183 | 2024-10-04 | Parse Server's custom object ID allows to acquire role privileges |
| CVE-2024-38037 | 2024-10-04 | BUG-000167983 - Unvalidated redirect in Portal for ArcGIS |
| CVE-2024-8148 | 2024-10-04 | BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1) |
| CVE-2024-38039 | 2024-10-04 | BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS. |
| CVE-2024-8149 | 2024-10-04 | BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. |
| CVE-2024-38036 | 2024-10-04 | BUG-000154827 - Reflected XSS in ArcGIS Experience Builder |
| CVE-2024-25707 | 2024-10-04 | BUG-000160241 - Reflected XSS in Portal for ArcGIS |
| CVE-2024-25702 | 2024-10-04 | BUG-000160599 - Stored XSS in Portal for ArcGIS Web App Builder |
| CVE-2024-25701 | 2024-10-04 | BUG-000160765 - Stored XSS in ArcGIS Experience Builder |
| CVE-2024-25694 | 2024-10-04 | BUG-000163019 - Stored XSS in Portal for ArcGIS |
| CVE-2024-25691 | 2024-10-04 | BUG-000165286 - Reflected XSS in Portal for ArcGIS |
| CVE-2024-38038 | 2024-10-04 | BUG-000165732 - Reflected XSS in Portal for ArcGIS |
| CVE-2024-38040 | 2024-10-04 | BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability |
| CVE-2024-47764 | 2024-10-04 | cookie accepts cookie name, path, and domain with out of bounds characters |
| CVE-2024-7801 | 2024-10-04 | SQL injection in get_chart_data in TimeProvider 4100 |
| CVE-2024-43687 | 2024-10-04 | XSS vulnerability in bannerconfig endpoint in TimeProvider 4100 |
| CVE-2024-9054 | 2024-10-04 | Remote code Execution inTimeProvider® 4100 |
| CVE-2024-43686 | 2024-10-04 | Reflected XSS in TimeProvider 4100 chart component |
| CVE-2024-43685 | 2024-10-04 | Session token fixation in TimeProvider 4100 |
| CVE-2024-43684 | 2024-10-04 | Cross-Site Request Forgery vulnerability in TimeProvider 4100 |
| CVE-2024-43683 | 2024-10-04 | Improper verification of the Host header in TimeProvider 4100 |
| CVE-2024-47848 | 2024-10-04 | User can review/unreview articles while blocked |
| CVE-2024-47845 | 2024-10-05 | CSS sanitizer used incorrectly, and is easily bypassed |
| CVE-2024-47849 | 2024-10-05 | Backticks can allow the usage of not-allowed SQL functions |
| CVE-2024-47846 | 2024-10-05 | Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection |
| CVE-2024-47847 | 2024-10-05 | Various XSSes found in Cargo |
| CVE-2024-47840 | 2024-10-05 | Stored XSS through sidebar in Apex skin |
| CVE-2024-47841 | 2024-10-05 | Path traversal when loading stylesheets |
| CVE-2024-9455 | 2024-10-05 | WP Cleanup and Basic Functions <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9385 | 2024-10-05 | Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting |
| CVE-2024-9528 | 2024-10-05 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting |
| CVE-2024-8743 | 2024-10-05 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload |
| CVE-2024-8486 | 2024-10-05 | Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets |
| CVE-2024-9532 | 2024-10-05 | D-Link DIR-605L formAdvanceSetup buffer overflow |
| CVE-2024-9417 | 2024-10-05 | Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload |
| CVE-2024-9146 | 2024-10-05 | WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability |
| CVE-2024-44011 | 2024-10-05 | WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability |
| CVE-2024-44012 | 2024-10-05 | WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2024-44013 | 2024-10-05 | WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability |
| CVE-2024-44014 | 2024-10-05 | WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability |
| CVE-2024-44015 | 2024-10-05 | WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability |
| CVE-2024-44016 | 2024-10-05 | WordPress Podiant plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2024-9161 | 2024-10-05 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete |
| CVE-2024-9314 | 2024-10-05 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection |
| CVE-2024-44018 | 2024-10-05 | WordPress Instant Chat WP plugin <= 1.0.5 - Local File Inclusion vulnerability |
| CVE-2024-44023 | 2024-10-05 | WordPress ABCApp Creator plugin <= 1.1.2 - Local File Inclusion vulnerability |
| CVE-2024-44034 | 2024-10-05 | WordPress WPSPX plugin <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2024-47309 | 2024-10-05 | WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability |
| CVE-2024-47316 | 2024-10-05 | WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-47319 | 2024-10-05 | WordPress Bit Form plugin <= 2.13.10 - Arbitrary File Upload vulnerability |
| CVE-2024-47323 | 2024-10-05 | WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability |
| CVE-2024-47324 | 2024-10-05 | WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability |
| CVE-2024-47647 | 2024-10-05 | WordPress FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47646 | 2024-10-05 | WordPress Payflex Payment Gateway plugin <= 2.6.1 - Open Redirection vulnerability |
| CVE-2024-47644 | 2024-10-05 | WordPress Copyscape Premium plugin <= 1.3.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-47643 | 2024-10-05 | WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47642 | 2024-10-05 | WordPress Keap Official Opt-in Forms plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9533 | 2024-10-05 | D-Link DIR-605L formDeviceReboot buffer overflow |
| CVE-2024-47639 | 2024-10-05 | WordPress VdoCipher plugin <= 1.29 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47638 | 2024-10-05 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47635 | 2024-10-05 | WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47633 | 2024-10-05 | WordPress Zoho forms plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47632 | 2024-10-05 | WordPress DethemeKit For Elementor plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47631 | 2024-10-05 | WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47630 | 2024-10-05 | WordPress ElementInvader Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47629 | 2024-10-05 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47628 | 2024-10-05 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47627 | 2024-10-05 | WordPress WP Travel Gutenberg Blocks plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9534 | 2024-10-05 | D-Link DIR-605L formEasySetPassword buffer overflow |
| CVE-2024-47626 | 2024-10-05 | WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47625 | 2024-10-05 | WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9535 | 2024-10-05 | D-Link DIR-605L formEasySetupWWConfig buffer overflow |
| CVE-2024-47624 | 2024-10-05 | WordPress BSK Forms Blacklist plugin <= 3.8.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47623 | 2024-10-05 | WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability |