Lista CVE - 2024 / Dicembre
Visualizzazione 701 - 800 di 3433 CVE per Dicembre 2024 (Pagina 8 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-54138 | 2024-12-06 | XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing |
| CVE-2024-53473 | 2024-12-07 | WeGIA 3.2.0 before 3998672 does not verify permission to change... |
| CVE-2024-11329 | 2024-12-07 | Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-11436 | 2024-12-07 | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting |
| CVE-2024-10046 | 2024-12-07 | افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting |
| CVE-2024-11943 | 2024-12-07 | 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-11451 | 2024-12-07 | Zooom <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12166 | 2024-12-07 | Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via 'page' |
| CVE-2024-12026 | 2024-12-07 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation |
| CVE-2024-11904 | 2024-12-07 | 코드엠샵 소셜톡 <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12257 | 2024-12-07 | CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11353 | 2024-12-07 | SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion |
| CVE-2024-12165 | 2024-12-07 | Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting |
| CVE-2024-12167 | 2024-12-07 | Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce |
| CVE-2024-12115 | 2024-12-07 | Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication |
| CVE-2024-8679 | 2024-12-07 | Library Management System <= 3.0.0 - Authenticated (Admin+) SQL Injection |
| CVE-2024-7894 | 2024-12-07 | If Menu <= 0.19.1 - Missing Authorization to License Key Update |
| CVE-2024-11183 | 2024-12-07 | Simple Side Tab < 2.2.0 - Admin+ Stored XSS |
| CVE-2024-53143 | 2024-12-07 | fsnotify: Fix ordering of iput() and watched_objects decrement |
| CVE-2024-12253 | 2024-12-07 | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access |
| CVE-2024-11374 | 2024-12-07 | TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting |
| CVE-2024-12270 | 2024-12-07 | Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection |
| CVE-2024-11367 | 2024-12-07 | Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting |
| CVE-2024-11010 | 2024-12-07 | FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion |
| CVE-2024-12128 | 2024-12-07 | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter |
| CVE-2024-11464 | 2024-12-07 | Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting |
| CVE-2024-11501 | 2024-12-07 | Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-11380 | 2024-12-07 | Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11457 | 2024-12-07 | Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-47115 | 2024-12-07 | IBM AIX command execution |
| CVE-2024-37071 | 2024-12-07 | IBM Db2 denial of service |
| CVE-2024-41762 | 2024-12-07 | IBM Db2 denial of service |
| CVE-2024-47107 | 2024-12-07 | IBM QRadar SIEM cross-site scripting |
| CVE-2024-55560 | 2024-12-08 | MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and... |
| CVE-2024-12209 | 2024-12-08 | WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion |
| CVE-2024-12342 | 2024-12-08 | TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service |
| CVE-2024-12343 | 2024-12-08 | TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow |
| CVE-2024-12344 | 2024-12-08 | TP-Link VN020 F3v(T) FTP USER Command memory corruption |
| CVE-2024-12346 | 2024-12-08 | Talentera byt_cv_manager cross site scripting |
| CVE-2024-12347 | 2024-12-08 | Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization |
| CVE-2022-29974 | 2024-12-09 | AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late... |
| CVE-2022-38946 | 2024-12-09 | Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php,... |
| CVE-2022-38947 | 2024-12-09 | SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in... |
| CVE-2023-43962 | 2024-12-09 | Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1... |
| CVE-2024-40582 | 2024-12-09 | Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. |
| CVE-2024-40583 | 2024-12-09 | Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. |
| CVE-2024-46455 | 2024-12-09 | unstructured v.0.14.2 and before is vulnerable to XML External Entity... |
| CVE-2024-46547 | 2024-12-09 | A vulnerability was found in Romain Bourdon Wampserver all versions... |
| CVE-2024-48956 | 2024-12-09 | Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without... |
| CVE-2024-50625 | 2024-12-09 | An issue was discovered in Digi ConnectPort LTS before 1.4.12.... |
| CVE-2024-50626 | 2024-12-09 | An issue was discovered in Digi ConnectPort LTS before 1.4.12.... |
| CVE-2024-50627 | 2024-12-09 | An issue was discovered in Digi ConnectPort LTS before 1.4.12.... |
| CVE-2024-50628 | 2024-12-09 | An issue was discovered in the web services of Digi... |
| CVE-2024-53441 | 2024-12-09 | An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1... |
| CVE-2024-53450 | 2024-12-09 | RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing... |
| CVE-2024-54918 | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code... |
| CVE-2024-54919 | 2024-12-09 | A Stored Cross Site Scripting (XSS ) was found in... |
| CVE-2024-54921 | 2024-12-09 | A SQL Injection was found in /student_signup.php in kashipara E-learning... |
| CVE-2024-54922 | 2024-12-09 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning... |
| CVE-2024-54923 | 2024-12-09 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara... |
| CVE-2024-54924 | 2024-12-09 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning... |
| CVE-2024-54925 | 2024-12-09 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning... |
| CVE-2024-54926 | 2024-12-09 | A SQL Injection vulnerability was found in /search_class.php of kashipara... |
| CVE-2024-54927 | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54928 | 2024-12-09 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54930 | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54931 | 2024-12-09 | A SQL Injection was found in /admin/delete_event.php in kashipara E-learning... |
| CVE-2024-54932 | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54933 | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54934 | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54935 | 2024-12-09 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php... |
| CVE-2024-54936 | 2024-12-09 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php... |
| CVE-2024-54938 | 2024-12-09 | A Directory Listing issue was found in Kashipara E-Learning Management... |
| CVE-2024-55564 | 2024-12-09 | The POSIX::2008 package before 0.24 for Perl has a potential... |
| CVE-2024-55565 | 2024-12-09 | nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8... |
| CVE-2024-55578 | 2024-12-09 | Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and... |
| CVE-2024-55579 | 2024-12-09 | An issue was discovered in Qlik Sense Enterprise for Windows... |
| CVE-2024-55580 | 2024-12-09 | An issue was discovered in Qlik Sense Enterprise for Windows... |
| CVE-2024-55582 | 2024-12-09 | Oxide before 6 has unencrypted Control Plane datastores. |
| CVE-2024-54920 | 2024-12-09 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara... |
| CVE-2024-54929 | 2024-12-09 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-54937 | 2024-12-09 | A Directory Listing issue was found in Kashipara E-Learning Management... |
| CVE-2024-55563 | 2024-12-09 | Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain... |
| CVE-2024-55566 | 2024-12-09 | ColPack 1.0.10 through 9a7293a has a predictable temporary file (located... |
| CVE-2024-12348 | 2024-12-09 | Guizhou Xiaoma Technology jpress Attachment Upload upload AttachmentUtils.isUnSafe cross site scripting |
| CVE-2024-12349 | 2024-12-09 | JFinalCMS save cross-site request forgery |
| CVE-2024-12350 | 2024-12-09 | JFinalCMS Template TemplateController.java update command injection |
| CVE-2024-12351 | 2024-12-09 | JFinalCMS File Content ContentModel.java findPage sql injection |
| CVE-2024-12352 | 2024-12-09 | TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow |
| CVE-2024-12353 | 2024-12-09 | SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation |
| CVE-2024-12354 | 2024-12-09 | SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow |
| CVE-2024-12355 | 2024-12-09 | SourceCodester Phone Contact Manager System ContactBook.cpp adding input validation |
| CVE-2024-53280 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-53279 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-53281 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-53282 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-53283 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-53284 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-53285 | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting')... |
| CVE-2024-12357 | 2024-12-09 | SourceCodester Best House Rental Management System index.php file inclusion |