Lista CVE - 2024 / Dicembre
Visualizzazione 2801 - 2900 di 3433 CVE per Dicembre 2024 (Pagina 29 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-12927 | 2024-12-25 | 1000 Projects Attendance Tracking Management System check_faculty_login.php sql injection |
| CVE-2024-12928 | 2024-12-25 | code-projects Simple Admin Panel sql injection |
| CVE-2024-54907 | 2024-12-26 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. |
| CVE-2024-56433 | 2024-12-26 | shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users... |
| CVE-2024-12929 | 2024-12-26 | code-projects Student Management System addCatController.php sql injection |
| CVE-2024-12930 | 2024-12-26 | code-projects Simple Admin Panel addCatController.php cross site scripting |
| CVE-2024-12931 | 2024-12-26 | code-projects Simple Admin Panel addCatController.php sql injection |
| CVE-2024-12932 | 2024-12-26 | code-projects Simple Admin Panel addSizeController.php cross site scripting |
| CVE-2024-12933 | 2024-12-26 | code-projects Simple Admin Panel updateItemController.php cross site scripting |
| CVE-2024-12934 | 2024-12-26 | code-projects Simple Admin Panel updateItemController.php sql injection |
| CVE-2024-12652 | 2024-12-26 | Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection') |
| CVE-2024-12935 | 2024-12-26 | code-projects Simple Admin Panel editItemForm.php sql injection |
| CVE-2024-12936 | 2024-12-26 | code-projects Simple Admin Panel catDeleteController.php sql injection |
| CVE-2024-12937 | 2024-12-26 | code-projects Simple Admin Panel addVariationController.php sql injection |
| CVE-2024-10903 | 2024-12-26 | Broken Link Checker < 2.4.2 - Admin+ SSRF |
| CVE-2024-11223 | 2024-12-26 | WPForms < 1.9.2.3 - Admin+ Stored XSS |
| CVE-2024-12938 | 2024-12-26 | code-projects Simple Admin Panel updateOrderStatus.php sql injection |
| CVE-2024-12939 | 2024-12-26 | code-projects Job Recruitment _all_edits.php add_edu sql injection |
| CVE-2024-12940 | 2024-12-26 | 1000 Projects Attendance Tracking Management System student_action.php sql injection |
| CVE-2024-12941 | 2024-12-26 | CodeAstro Blood Donor Management System deletedannounce.php sql injection |
| CVE-2024-12942 | 2024-12-26 | 1000 Projects Portfolio Management System MCA admin_login.php sql injection |
| CVE-2024-12943 | 2024-12-26 | CodeAstro House Rental Management System ownersignup.php sql injection |
| CVE-2024-12944 | 2024-12-26 | CodeAstro House Rental Management System signin.php sql injection |
| CVE-2023-7300 | 2024-12-26 | Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability... |
| CVE-2024-12945 | 2024-12-26 | code-projects Simple Car Rental System account.php sql injection |
| CVE-2024-12946 | 2024-12-26 | 1000 Projects Attendance Tracking Management System admin_action.php sql injection |
| CVE-2024-12947 | 2024-12-26 | Codezips Hospital Management System invo.php sql injection |
| CVE-2024-12948 | 2024-12-26 | code-projects Travel Management System detail.php sql injection |
| CVE-2024-47156 | 2024-12-26 | Information Leak Vulnerability in Honor Product |
| CVE-2024-47151 | 2024-12-26 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution |
| CVE-2024-8994 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-8993 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-8992 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-12949 | 2024-12-26 | code-projects Travel Management System package.php sql injection |
| CVE-2024-47153 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-47154 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-47155 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-47157 | 2024-12-26 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2024-12950 | 2024-12-26 | code-projects/projectworlds Travel Management System subcat.php sql injection |
| CVE-2024-47148 | 2024-12-26 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2024-47149 | 2024-12-26 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2024-47150 | 2024-12-26 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2024-12951 | 2024-12-26 | 1000 Projects Portfolio Management System MCA add_personal_details.php unrestricted upload |
| CVE-2024-12952 | 2024-12-26 | melMass comfy_mtb Dependency endpoint.py run_command code injection |
| CVE-2024-12953 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_pd_process.php unrestricted upload |
| CVE-2024-12954 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_ach.php unrestricted upload |
| CVE-2024-12955 | 2024-12-26 | PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery |
| CVE-2024-12956 | 2024-12-26 | 1000 Projects Portfolio Management System MCA add_achievement_details.php unrestricted upload |
| CVE-2024-12958 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_pro_details.php sql injection |
| CVE-2024-12908 | 2024-12-26 | Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over... |
| CVE-2024-51540 | 2024-12-26 | Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges... |
| CVE-2024-12959 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_personal_details.php sql injection |
| CVE-2024-12960 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_edu_details.php sql injection |
| CVE-2024-12961 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_ach_details.php sql injection |
| CVE-2024-12962 | 2024-12-26 | code-projects Job Recruitment _all_edits.php sql injection |
| CVE-2024-12963 | 2024-12-26 | code-projects Job Recruitment _all_edits.php add_xp sql injection |
| CVE-2024-12964 | 2024-12-26 | 1000 Projects Daily College Class Work Report Book login.php sql injection |
| CVE-2024-12965 | 2024-12-26 | 1000 Projects Portfolio Management System MCA update_ex_detail.php sql injection |
| CVE-2024-56510 | 2024-12-26 | Marp Core allows XSS by improper neutralization of HTML sanitization |
| CVE-2024-12966 | 2024-12-26 | code-projects Job Recruitment _all_edits.php cn_update sql injection |
| CVE-2024-45600 | 2024-12-26 | Fields GLPI plugin has an Authenticated SQL Injection |
| CVE-2024-12967 | 2024-12-26 | code-projects Job Recruitment _all_edits.php fln_update sql injection |
| CVE-2024-45805 | 2024-12-26 | OpenCTI leaks support information due to inadequate access control |
| CVE-2024-53850 | 2024-12-26 | The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation |
| CVE-2024-55950 | 2024-12-26 | Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby |
| CVE-2024-56361 | 2024-12-26 | Stored Cross-Site Scripting (XSS) in lgsl v7.0 |
| CVE-2024-12968 | 2024-12-26 | code-projects Job Recruitment _all_edits.php edit_jobpost sql injection |
| CVE-2024-12969 | 2024-12-26 | code-projects Hospital Management System Login index.php sql injection |
| CVE-2024-39025 | 2024-12-27 | Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. |
| CVE-2024-50713 | 2024-12-27 | SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php. |
| CVE-2024-50714 | 2024-12-27 | A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component. |
| CVE-2024-50715 | 2024-12-27 | An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component. |
| CVE-2024-50716 | 2024-12-27 | SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. |
| CVE-2024-50717 | 2024-12-27 | SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. |
| CVE-2024-50944 | 2024-12-27 | Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method. |
| CVE-2024-53476 | 2024-12-27 | A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead... |
| CVE-2024-54450 | 2024-12-27 | An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that... |
| CVE-2024-54451 | 2024-12-27 | A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to... |
| CVE-2024-54452 | 2024-12-27 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated... |
| CVE-2024-54453 | 2024-12-27 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve... |
| CVE-2024-54454 | 2024-12-27 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page... |
| CVE-2024-54774 | 2024-12-27 | Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create. |
| CVE-2024-54775 | 2024-12-27 | Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. |
| CVE-2024-50945 | 2024-12-27 | An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product. |
| CVE-2024-56519 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. |
| CVE-2024-56520 | 2024-12-27 | An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed. |
| CVE-2024-56521 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. |
| CVE-2024-56522 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. |
| CVE-2024-56527 | 2024-12-27 | An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. |
| CVE-2024-12976 | 2024-12-27 | CodeZips Hospital Management System staff.php sql injection |
| CVE-2024-12977 | 2024-12-27 | PHPGurukul Complaint Management System state.php sql injection |
| CVE-2024-9774 | 2024-12-27 | Python-sql: python-sql unary operators does not escape non-expression |
| CVE-2024-12978 | 2024-12-27 | code-projects Job Recruitment _all_edits.php add_req sql injection |
| CVE-2024-12979 | 2024-12-27 | code-projects Job Recruitment _all_edits.php cn_update cross site scripting |
| CVE-2024-12980 | 2024-12-27 | code-projects Job Recruitment _all_edits.php fln_update cross site scripting |
| CVE-2024-12981 | 2024-12-27 | CodeAstro Car Rental System bookingconfirm.php sql injection |
| CVE-2024-11605 | 2024-12-27 | WP Publications <= 1.2 - Admin+ Stored XSS |
| CVE-2024-11644 | 2024-12-27 | WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-11645 | 2024-12-27 | Float Block <= 1.7 - Admin+ Stored XSS via Widget |
| CVE-2024-11842 | 2024-12-27 | DN Shipping by Weight for WooCommerce < 1.2 - Settings Update via CSRF |