Lista CVE - 2024 / Novembre
Visualizzazione 1 - 100 di 4054 CVE per Novembre 2024 (Pagina 1 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-27524 | 2024-11-01 | Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. |
| CVE-2024-27525 | 2024-11-01 | Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. |
| CVE-2024-28265 | 2024-11-01 | IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php. |
| CVE-2024-40490 | 2024-11-01 | An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function. |
| CVE-2024-48217 | 2024-11-01 | An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. |
| CVE-2024-48270 | 2024-11-01 | An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. |
| CVE-2024-48289 | 2024-11-01 | An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet. |
| CVE-2024-48352 | 2024-11-01 | Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. |
| CVE-2024-48410 | 2024-11-01 | Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php. |
| CVE-2024-51244 | 2024-11-01 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. |
| CVE-2024-51245 | 2024-11-01 | In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. |
| CVE-2024-51247 | 2024-11-01 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. |
| CVE-2024-51248 | 2024-11-01 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. |
| CVE-2024-51252 | 2024-11-01 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. |
| CVE-2024-51377 | 2024-11-01 | An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields |
| CVE-2024-51398 | 2024-11-01 | Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously... |
| CVE-2024-51399 | 2024-11-01 | Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials,... |
| CVE-2024-51406 | 2024-11-01 | Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn... |
| CVE-2024-51407 | 2024-11-01 | Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. |
| CVE-2024-51431 | 2024-11-01 | LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable. |
| CVE-2024-51432 | 2024-11-01 | Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized |
| CVE-2024-48353 | 2024-11-01 | Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. |
| CVE-2024-10607 | 2024-11-01 | code-projects Courier Management System track-result.php sql injection |
| CVE-2024-10608 | 2024-11-01 | code-projects Courier Management System login.php sql injection |
| CVE-2024-10609 | 2024-11-01 | itsourcecode Tailoring Management System Project typeadd.php sql injection |
| CVE-2024-10610 | 2024-11-01 | ESAFENET CDG ProtocolService.java delProtocol sql injection |
| CVE-2024-10611 | 2024-11-01 | ESAFENET CDG PrintScreenListService.java delProtocol sql injection |
| CVE-2024-10612 | 2024-11-01 | ESAFENET CDG HookInvalidCourseService.java removeHookInvalidCourse sql injection |
| CVE-2024-10613 | 2024-11-01 | ESAFENET CDG SystemEncryptPolicyService.java delSystemEncryptPolicy sql injection |
| CVE-2024-10615 | 2024-11-01 | Tongda OA 2017 delete_data_attach.php sql injection |
| CVE-2024-10616 | 2024-11-01 | Tongda OA webSignSubmit.php sql injection |
| CVE-2024-10617 | 2024-11-01 | Tongda OA check_seal.php sql injection |
| CVE-2024-10618 | 2024-11-01 | Tongda OA 2017 record_detail.php sql injection |
| CVE-2024-10619 | 2024-11-01 | Tongda OA 2017 next_detail.php sql injection |
| CVE-2024-49501 | 2024-11-01 | Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function. |
| CVE-2024-47939 | 2024-11-01 | Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent... |
| CVE-2024-10620 | 2024-11-01 | knightliao Disconf Configuration Center list improper authentication |
| CVE-2024-21510 | 2024-11-01 | Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method... |
| CVE-2024-0105 | 2024-11-01 | NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service,... |
| CVE-2024-0106 | 2024-11-01 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of... |
| CVE-2024-7424 | 2024-11-01 | Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization |
| CVE-2024-9655 | 2024-11-01 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget |
| CVE-2024-10232 | 2024-11-01 | AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode |
| CVE-2024-10651 | 2024-11-01 | CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal |
| CVE-2024-10652 | 2024-11-01 | CHANGING Information Technology IDExpert - Reflected XSS |
| CVE-2024-10653 | 2024-11-01 | CHANGING Information Technology IDExpert - OS Command Injection |
| CVE-2024-10367 | 2024-11-01 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10654 | 2024-11-01 | TOTOLINK LR350 formLoginAuth.htm authorization |
| CVE-2024-7456 | 2024-11-01 | SQL Injection in lunary-ai/lunary |
| CVE-2024-10655 | 2024-11-01 | Tongda OA 2017 new.php sql injection |
| CVE-2024-37094 | 2024-11-01 | WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability |
| CVE-2024-47362 | 2024-11-01 | WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability |
| CVE-2024-47361 | 2024-11-01 | WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability |
| CVE-2024-47359 | 2024-11-01 | WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability |
| CVE-2024-47358 | 2024-11-01 | WordPress Popup Maker plugin <= 1.19.2 - Broken Access Control vulnerability |
| CVE-2024-47321 | 2024-11-01 | WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2024-47318 | 2024-11-01 | WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability |
| CVE-2024-47317 | 2024-11-01 | WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability |
| CVE-2024-47308 | 2024-11-01 | WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-44052 | 2024-11-01 | WordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2024-44031 | 2024-11-01 | WordPress JoomSport plugin <= 5.6.3 - Broken Access Control vulnerability |
| CVE-2024-44021 | 2024-11-01 | WordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2024-44020 | 2024-11-01 | WordPress WP Free SSL plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-44019 | 2024-11-01 | WordPress Contact Form 7 Campaign Monitor Extension plugin <= 0.4.67 - Arbitrary File Deletion vulnerability |
| CVE-2024-44006 | 2024-11-01 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability |
| CVE-2024-43998 | 2024-11-01 | WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2024-43982 | 2024-11-01 | WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability |
| CVE-2024-43981 | 2024-11-01 | WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability |
| CVE-2024-43980 | 2024-11-01 | WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-43979 | 2024-11-01 | WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2024-43974 | 2024-11-01 | WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-43973 | 2024-11-01 | WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability |
| CVE-2024-43968 | 2024-11-01 | WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability |
| CVE-2024-43962 | 2024-11-01 | WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability |
| CVE-2024-43956 | 2024-11-01 | WordPress MemberPress plugin <= 1.11.34 - Broken Access Control vulnerability |
| CVE-2024-43937 | 2024-11-01 | WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability |
| CVE-2024-43932 | 2024-11-01 | WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability |
| CVE-2024-43929 | 2024-11-01 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-43928 | 2024-11-01 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-43925 | 2024-11-01 | WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability |
| CVE-2024-43923 | 2024-11-01 | WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability |
| CVE-2024-43919 | 2024-11-01 | WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability |
| CVE-2024-43355 | 2024-11-01 | WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-43343 | 2024-11-01 | WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability |
| CVE-2024-43341 | 2024-11-01 | WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2024-43332 | 2024-11-01 | WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability |
| CVE-2024-43323 | 2024-11-01 | WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability |
| CVE-2024-43314 | 2024-11-01 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerability |
| CVE-2024-43312 | 2024-11-01 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability |
| CVE-2024-43310 | 2024-11-01 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability |
| CVE-2024-43302 | 2024-11-01 | WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability |
| CVE-2024-43298 | 2024-11-01 | WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-43297 | 2024-11-01 | WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-43296 | 2024-11-01 | WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability |
| CVE-2024-43293 | 2024-11-01 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2024-43290 | 2024-11-01 | WordPress Atarim plugin <= 4.0.1 - Broken Access Control vulnerability |
| CVE-2024-43285 | 2024-11-01 | WordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2024-43277 | 2024-11-01 | WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability |
| CVE-2024-43274 | 2024-11-01 | WordPress JS Help Desk – The Ultimate Help Desk plugin <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2024-43273 | 2024-11-01 | WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability |