Lista CVE - 2024 / Dicembre
Visualizzazione 2501 - 2600 di 3433 CVE per Dicembre 2024 (Pagina 26 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-32589 | 2024-12-19 | A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0,... |
| CVE-2024-12782 | 2024-12-19 | Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization |
| CVE-2024-12783 | 2024-12-19 | itsourcecode Vehicle Management System billaction.php cross site scripting |
| CVE-2024-9101 | 2024-12-19 | phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php |
| CVE-2024-9102 | 2024-12-19 | phpLDAPadmin: Improper Neutralization of Formula Elements |
| CVE-2021-26102 | 2024-12-19 | A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7... |
| CVE-2024-12784 | 2024-12-19 | itsourcecode Vehicle Management System editbill.php sql injection |
| CVE-2024-10244 | 2024-12-19 | SQLi in ISDO Software's Web Software |
| CVE-2024-47093 | 2024-12-19 | Fix various XSS issues and potential RCE |
| CVE-2024-25131 | 2024-12-19 | Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation |
| CVE-2024-12785 | 2024-12-19 | itsourcecode Vehicle Management System sendmail.php sql injection |
| CVE-2024-12786 | 2024-12-19 | X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management |
| CVE-2024-12798 | 2024-12-19 | JaninoEventEvaluator vulnerability |
| CVE-2024-12787 | 2024-12-19 | 1000 Projects Attendance Tracking Management System check_student_login.php sql injection |
| CVE-2024-9154 | 2024-12-19 | Authenticated Remote Code Execution |
| CVE-2024-38864 | 2024-12-19 | User-Readable Private Key in Windows Agent |
| CVE-2024-12801 | 2024-12-19 | SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks |
| CVE-2024-12788 | 2024-12-19 | Codezips Technical Discussion Forum signinpost.php sql injection |
| CVE-2024-12789 | 2024-12-19 | PbootCMS IndexController.php code injection |
| CVE-2021-22501 | 2024-12-19 | Improper Restriction of XML External Entity Reference vulnerability in OpenText™... |
| CVE-2024-12790 | 2024-12-19 | code-projects Hostel Management Site room-details.php cross site scripting |
| CVE-2024-52896 | 2024-12-19 | IBM MQ information disclosure |
| CVE-2024-51471 | 2024-12-19 | IBM MQ Appliance denial of service |
| CVE-2024-38819 | 2024-12-19 | Applications serving static resources through the functional web frameworks WebMvc.fn... |
| CVE-2024-52897 | 2024-12-19 | IBM MQ information disclosure |
| CVE-2024-49336 | 2024-12-19 | IBM Security Guardium server-side request forgery |
| CVE-2024-12791 | 2024-12-19 | Codezips E-Commerce Site signin.php sql injection |
| CVE-2024-12792 | 2024-12-19 | Codezips E-Commerce Site newadmin.php sql injection |
| CVE-2023-7005 | 2024-12-19 | CVE-2023-7005 |
| CVE-2024-12793 | 2024-12-19 | PbootCMS IndexController.php path traversal |
| CVE-2024-12794 | 2024-12-19 | Codezips E-Commerce Site editorder.php sql injection |
| CVE-2020-6923 | 2024-12-19 | HP Linux Imaging and Printing Software - Potential Memory Buffer Overflow |
| CVE-2024-54150 | 2024-12-19 | Algorithm Confusion Vulnerability in cjwt |
| CVE-2024-56200 | 2024-12-19 | Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy |
| CVE-2024-56159 | 2024-12-19 | Server source code is exposed to the public if sourcemaps are enabled |
| CVE-2024-53991 | 2024-12-19 | Potential Backup file leaked via Nginx in Discourse |
| CVE-2024-52794 | 2024-12-19 | Magnific lightbox susceptible to Cross-site Scripting in Discourse |
| CVE-2024-52589 | 2024-12-19 | Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse |
| CVE-2024-49765 | 2024-12-19 | Bypass of Discourse Connect using other login paths if enabled in Discourse |
| CVE-2024-7137 | 2024-12-19 | Denial of Service in Silicon Labs RS9116 Bluetooth SDK |
| CVE-2024-7138 | 2024-12-19 | Denial of Service in Silicon Labs RS9116 Bluetooth SDK |
| CVE-2024-7139 | 2024-12-19 | Denial of Service in Silicon Labs RS9116 Bluetooth SDK |
| CVE-2024-12111 | 2024-12-19 | Potential LDAP authentication vulnerabilities in OpenText Privileged Access Manager |
| CVE-2024-12727 | 2024-12-19 | A pre-auth SQL injection vulnerability in the email protection feature... |
| CVE-2024-2201 | 2024-12-19 | CVE-2024-2201 |
| CVE-2024-11157 | 2024-12-19 | Rockwell Automation Third Party Vulnerability in Arena |
| CVE-2024-12728 | 2024-12-19 | A weak credentials vulnerability potentially allows privileged system access via... |
| CVE-2024-12175 | 2024-12-19 | Rockwell Automation Code Execution Vulnerability in Arena |
| CVE-2024-12672 | 2024-12-19 | Rockwell Automation Third Party Vulnerability in Arena® |
| CVE-2024-12729 | 2024-12-19 | A post-auth code injection vulnerability in the User Portal allows... |
| CVE-2024-11364 | 2024-12-19 | Rockwell Automation Third Party Vulnerability in Arena® |
| CVE-2024-54009 | 2024-12-19 | Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000... |
| CVE-2024-56327 | 2024-12-19 | Malicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrage |
| CVE-2024-12700 | 2024-12-19 | Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type |
| CVE-2021-40959 | 2024-12-20 | A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web... |
| CVE-2024-37758 | 2024-12-20 | Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0... |
| CVE-2024-55186 | 2024-12-20 | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane... |
| CVE-2024-55341 | 2024-12-20 | A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1... |
| CVE-2024-55342 | 2024-12-20 | A file upload functionality in Piranha CMS 11.1 allows authenticated... |
| CVE-2024-55470 | 2024-12-20 | Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By... |
| CVE-2024-55471 | 2024-12-20 | Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR)... |
| CVE-2024-55509 | 2024-12-20 | SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows... |
| CVE-2024-12829 | 2024-12-20 | Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability |
| CVE-2024-12830 | 2024-12-20 | Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-12832 | 2024-12-20 | Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability |
| CVE-2024-12831 | 2024-12-20 | Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability |
| CVE-2024-54538 | 2024-12-20 | A denial-of-service issue was addressed with improved input validation. This... |
| CVE-2024-12678 | 2024-12-20 | Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens |
| CVE-2020-9250 | 2024-12-20 | There is an insufficient authentication vulnerability in some Huawei smart... |
| CVE-2022-32144 | 2024-12-20 | There is an insufficient input verification vulnerability in Huawei product.... |
| CVE-2022-32203 | 2024-12-20 | There is a command injection vulnerability in Huawei terminal printer... |
| CVE-2022-32204 | 2024-12-20 | There is an improper input verification vulnerability in Huawei printer... |
| CVE-2022-34159 | 2024-12-20 | Huawei printers have an input verification vulnerability. Successful exploitation of... |
| CVE-2024-11776 | 2024-12-20 | PCRecruiter Extensions <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2023-42867 | 2024-12-20 | This issue was addressed with improved validation of the process... |
| CVE-2024-44223 | 2024-12-20 | This issue was addressed through improved state management. This issue... |
| CVE-2024-44195 | 2024-12-20 | A logic issue was addressed with improved validation. This issue... |
| CVE-2024-44292 | 2024-12-20 | A privacy issue was addressed with improved private data redaction... |
| CVE-2024-44231 | 2024-12-20 | This issue was addressed through improved state management. This issue... |
| CVE-2024-44211 | 2024-12-20 | This issue was addressed with improved validation of symlinks. This... |
| CVE-2024-44293 | 2024-12-20 | A privacy issue was addressed with improved private data redaction... |
| CVE-2024-44298 | 2024-12-20 | A privacy issue was addressed with improved private data redaction... |
| CVE-2024-21549 | 2024-12-20 | Versions of the package spatie/browsershot before 5.0.3 are vulnerable to... |
| CVE-2024-5955 | 2024-12-20 | Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO... |
| CVE-2024-10555 | 2024-12-20 | MaxButtons < 9.8.1 - Admin+ Stored XSS via Button Width |
| CVE-2024-10706 | 2024-12-20 | Download Manager < 3.3.03 - Admin+ Stored XSS |
| CVE-2024-11108 | 2024-12-20 | Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-8968 | 2024-12-20 | MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color |
| CVE-2024-9503 | 2024-12-20 | Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update |
| CVE-2024-11775 | 2024-12-20 | Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11411 | 2024-12-20 | Spotlightr <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12571 | 2024-12-20 | Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion |
| CVE-2024-11812 | 2024-12-20 | Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12509 | 2024-12-20 | Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11297 | 2024-12-20 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-9619 | 2024-12-20 | WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-11784 | 2024-12-20 | Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11331 | 2024-12-20 | isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting |
| CVE-2024-11893 | 2024-12-20 | Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11806 | 2024-12-20 | PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting |