Lista CVE - 2024 / Dicembre
Visualizzazione 2601 - 2700 di 3433 CVE per Dicembre 2024 (Pagina 27 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-11783 | 2024-12-20 | Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11774 | 2024-12-20 | Outdooractive Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12506 | 2024-12-20 | NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11878 | 2024-12-20 | Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-7726 | 2024-12-20 | Arbitrary Code execution via exposed JTAG port in Kioxia CM6, PM6, PM7 |
| CVE-2024-12014 | 2024-12-20 | Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access |
| CVE-2024-51466 | 2024-12-20 | IBM Cognos Analytics expression language injection |
| CVE-2024-40695 | 2024-12-20 | IBM Cognos Analytics file upload |
| CVE-2024-28767 | 2024-12-20 | IBM Security Directory Integrator command execution |
| CVE-2024-56348 | 2024-12-20 | In JetBrains TeamCity before 2024.12 improper access control allowed viewing... |
| CVE-2024-56349 | 2024-12-20 | In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized... |
| CVE-2024-56350 | 2024-12-20 | In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing... |
| CVE-2024-56351 | 2024-12-20 | In JetBrains TeamCity before 2024.12 access tokens were not revoked... |
| CVE-2024-56352 | 2024-12-20 | In JetBrains TeamCity before 2024.12 stored XSS was possible via... |
| CVE-2024-56353 | 2024-12-20 | In JetBrains TeamCity before 2024.12 backup file exposed user credentials... |
| CVE-2024-56354 | 2024-12-20 | In JetBrains TeamCity before 2024.12 password field value were accessible... |
| CVE-2024-56355 | 2024-12-20 | In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController... |
| CVE-2024-56356 | 2024-12-20 | In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead... |
| CVE-2024-56337 | 2024-12-20 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete |
| CVE-2024-10385 | 2024-12-20 | Stored XSS in DirectAdmin Evo Skin |
| CVE-2024-12677 | 2024-12-20 | Delta Electronics DTM Soft Deserialization of Untrusted Data |
| CVE-2024-12841 | 2024-12-20 | Emlog Pro tag.php cross site scripting |
| CVE-2024-12867 | 2024-12-20 | Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data |
| CVE-2024-56331 | 2024-12-20 | Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor |
| CVE-2024-56333 | 2024-12-20 | Remote code execution in onyxia-api |
| CVE-2024-56329 | 2024-12-20 | Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream |
| CVE-2024-12842 | 2024-12-20 | Emlog Pro user.php cross site scripting |
| CVE-2024-56330 | 2024-12-20 | Session VNC may be accessed by other sessions on the same host in stardust |
| CVE-2024-56334 | 2024-12-20 | Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation |
| CVE-2024-56335 | 2024-12-20 | Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden |
| CVE-2024-40875 | 2024-12-20 | Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.52 |
| CVE-2024-56357 | 2024-12-20 | Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core |
| CVE-2024-56358 | 2024-12-20 | Cross-site Scripting vulnerability through svg attachment previews in grist-core |
| CVE-2024-56359 | 2024-12-20 | Cross-site Scripting vulnerability through HyperLink cells in grist-core |
| CVE-2024-12843 | 2024-12-20 | Emlog Pro plugin.php cross site scripting |
| CVE-2024-12844 | 2024-12-20 | Emlog Pro store.php cross site scripting |
| CVE-2024-12845 | 2024-12-20 | Emlog Pro common.php cross site scripting |
| CVE-2020-13712 | 2024-12-20 | MGOS Command Injection |
| CVE-2024-11811 | 2024-12-20 | Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting |
| CVE-2023-31279 | 2024-12-20 | Improper Authentication |
| CVE-2023-31280 | 2024-12-20 | Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-11349 | 2024-12-21 | AdForest <= 5.1.6 - Authentication Bypass |
| CVE-2024-12846 | 2024-12-21 | Emlog Pro link.php cross site scripting |
| CVE-2024-11977 | 2024-12-21 | kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-11607 | 2024-12-21 | GTPayment Donations <= 1.0.0 - Stored XSS via CSRF |
| CVE-2024-11287 | 2024-12-21 | Ebook Store <= 5.8001 - Reflected Cross-Site Scripting |
| CVE-2024-12066 | 2024-12-21 | SMSA Shipping(official) <= 2.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-12771 | 2024-12-21 | eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset |
| CVE-2024-12721 | 2024-12-21 | Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection |
| CVE-2024-11938 | 2024-12-21 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode |
| CVE-2024-12635 | 2024-12-21 | WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' |
| CVE-2024-12262 | 2024-12-21 | Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step' |
| CVE-2024-12697 | 2024-12-21 | real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11196 | 2024-12-21 | Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode |
| CVE-2024-11682 | 2024-12-21 | G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11975 | 2024-12-21 | Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-9545 | 2024-12-21 | Shortcodes and extra features for Phlox theme <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes |
| CVE-2024-12588 | 2024-12-21 | Shortcodes and extra features for Phlox theme <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget |
| CVE-2024-11808 | 2024-12-21 | Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting |
| CVE-2024-10797 | 2024-12-21 | Full Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-12558 | 2024-12-21 | WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db |
| CVE-2024-12408 | 2024-12-21 | WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11722 | 2024-12-21 | Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection |
| CVE-2024-11688 | 2024-12-21 | LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting |
| CVE-2024-10453 | 2024-12-21 | Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings |
| CVE-2024-12591 | 2024-12-21 | MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode |
| CVE-2024-12875 | 2024-12-21 | Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download |
| CVE-2024-12883 | 2024-12-21 | code-projects Job Recruitment _email.php cross site scripting |
| CVE-2024-51464 | 2024-12-21 | IBM i authentication bypass |
| CVE-2024-51463 | 2024-12-21 | IBM i server-side request forgery |
| CVE-2024-12884 | 2024-12-21 | Codezips E-Commerce Website login.php sql injection |
| CVE-2024-56375 | 2024-12-22 | An integer underflow was discovered in Fort 1.6.3 and 1.6.4... |
| CVE-2024-56378 | 2024-12-22 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability... |
| CVE-2024-56310 | 2024-12-22 | REDCap through 14.9.6 has a security flaw in the Project... |
| CVE-2024-56311 | 2024-12-22 | REDCap through 14.9.6 has a security flaw in the Notes... |
| CVE-2024-56312 | 2024-12-22 | A stored cross-site scripting (XSS) vulnerability in the Project Dashboard... |
| CVE-2024-56313 | 2024-12-22 | A stored cross-site scripting (XSS) vulnerability in the Calendar feature... |
| CVE-2024-56314 | 2024-12-22 | A stored cross-site scripting (XSS) vulnerability in the Project name... |
| CVE-2024-11852 | 2024-12-22 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization |
| CVE-2024-12890 | 2024-12-22 | code-projects Online Exam Mastering System update.php sql injection |
| CVE-2024-12891 | 2024-12-22 | code-projects Online Exam Mastering System account.php sql injection |
| CVE-2024-12892 | 2024-12-22 | code-projects Online Exam Mastering System sign.php cross site scripting |
| CVE-2024-12893 | 2024-12-22 | Portabilis i-Educar Tipo de Usuário Page 2 cross site scripting |
| CVE-2024-12894 | 2024-12-22 | TreasureHuntGame TreasureHunt acesso.php sql injection |
| CVE-2024-12895 | 2024-12-22 | TreasureHuntGame TreasureHunt checkflag.php console_log sql injection |
| CVE-2024-12896 | 2024-12-22 | Intelbras VIP S4320 G2 Web Interface webCapsConfig information disclosure |
| CVE-2024-12897 | 2024-12-22 | Intelbras VIP S4320 G2 Web Interface Sha1Account1 path traversal |
| CVE-2024-40896 | 2024-12-23 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13... |
| CVE-2024-12898 | 2024-12-23 | 1000 Projects Attendance Tracking Management System faculty_action.php sql injection |
| CVE-2024-45721 | 2024-12-23 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C... |
| CVE-2024-46873 | 2024-12-23 | Multiple SHARP routers leave the hidden debug function enabled. An... |
| CVE-2024-47864 | 2024-12-23 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C... |
| CVE-2024-52321 | 2024-12-23 | Multiple SHARP routers contain an improper authentication vulnerability in the... |
| CVE-2024-54082 | 2024-12-23 | home 5G HR02 and Wi-Fi STATION SH-54C contain an OS... |
| CVE-2024-12899 | 2024-12-23 | 1000 Projects Attendance Tracking Management System course_action.php sql injection |
| CVE-2024-12900 | 2024-12-23 | FoxCMS Configuration File installdb.php code injection |
| CVE-2024-12901 | 2024-12-23 | FoxCMS API Endpoint Site.php improper authorization |
| CVE-2024-11230 | 2024-12-23 | Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget |
| CVE-2024-12902 | 2024-12-23 | Global Wisdom Software ANCHOR - Undocumented Privileged Account |
| CVE-2024-12903 | 2024-12-23 | Incorrect default permissions in Biamp Evoko Home |