Lista CVE - 2024 / Luglio
Visualizzazione 1401 - 1500 di 3115 CVE per Luglio 2024 (Pagina 15 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-5032 | 2024-07-13 | SULly < 4.3.1 - Reflected XSS |
| CVE-2024-5033 | 2024-07-13 | SULly < 4.3.1 - Admin+ Stored XSS via CSRF |
| CVE-2024-5034 | 2024-07-13 | SULly < 4.3.1 - Plugin Reset via CSRF |
| CVE-2024-5074 | 2024-07-13 | WP eMember < 10.6.6 - Reflected XSS |
| CVE-2024-5075 | 2024-07-13 | WP eMember < 10.6.6 - Reflected XSS |
| CVE-2024-5076 | 2024-07-13 | WP eMember < 10.6.6 - Bulk Delete via CSRF |
| CVE-2024-5077 | 2024-07-13 | WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF |
| CVE-2024-5079 | 2024-07-13 | WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration |
| CVE-2024-5080 | 2024-07-13 | WP eMember < 10.6.6 - Admin+ Arbitrary File Upload |
| CVE-2024-5151 | 2024-07-13 | SULly < 4.3.1 - Admin+ Stored XSS |
| CVE-2024-5167 | 2024-07-13 | CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whitelist |
| CVE-2024-5280 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - POST Reflected XSS |
| CVE-2024-5281 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - Reflected XSS via Affiliate Editing |
| CVE-2024-5282 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - Reflected XSS via Registration Form |
| CVE-2024-5283 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - Reflected XSS via Lead Editing |
| CVE-2024-5284 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - Stored XSS via CSRF |
| CVE-2024-5286 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - Reflected XSS via Banner Editing |
| CVE-2024-5287 | 2024-07-13 | WP Affiliate Platform < 6.5.1 - Profile Update via CSRF |
| CVE-2024-5442 | 2024-07-13 | NextGEN Gallery < 3.59.3 - Admin+ Stored XSS |
| CVE-2024-5450 | 2024-07-13 | Bug Library < 2.1.1 - Unauthenticated RCE |
| CVE-2024-5472 | 2024-07-13 | WP QuickLaTeX < 3.8.7 - Admin+ Stored XSS in Background Color field |
| CVE-2024-5575 | 2024-07-13 | Ditty < 3.1.43 - Author+ Stored XSS |
| CVE-2024-5627 | 2024-07-13 | WordPress Plugin Tournamatch < 4.6.1 - Subscriber+ Stored XSS |
| CVE-2024-5644 | 2024-07-13 | WordPress Plugin Tournamatch < 4.6.1 - Admin+ Stored XSS via Ladders |
| CVE-2024-5713 | 2024-07-13 | if-so < 1.8.0.4 - Reflected XSS |
| CVE-2024-5715 | 2024-07-13 | WP eMember < 10.6.7 - Reflected XSS via Member Edit |
| CVE-2024-5744 | 2024-07-13 | WP eMember < 10.6.7 - Reflected XSS |
| CVE-2024-6070 | 2024-07-13 | if-so < 1.8.0.4 - Admin+ Stored XSS |
| CVE-2024-6465 | 2024-07-13 | WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update |
| CVE-2024-6728 | 2024-07-14 | itsourcecode Tailoring Management System typeedit.php sql injection |
| CVE-2024-6729 | 2024-07-14 | SourceCodester Kortex Lite Advocate Office Management System add_act.php sql injection |
| CVE-2024-6730 | 2024-07-14 | Nanjing Xingyuantu Technology SparkShop uploadFile unrestricted upload |
| CVE-2023-52885 | 2024-07-14 | SUNRPC: Fix UAF in svc_tcp_listen_data_ready() |
| CVE-2024-39734 | 2024-07-14 | IBM Datacap Navigator information disclosure |
| CVE-2024-39732 | 2024-07-14 | IBM Datacap Navigator information disclosure |
| CVE-2024-39733 | 2024-07-14 | IBM Datacap Navigator information disclosure |
| CVE-2024-6731 | 2024-07-14 | SourceCodester Student Study Center Desk Management System Master.php sql injection |
| CVE-2024-6732 | 2024-07-14 | SourceCodester Student Study Center Desk Management System Users.php sql injection |
| CVE-2024-6733 | 2024-07-14 | itsourcecode Tailoring Management System templateedit.php sql injection |
| CVE-2024-6734 | 2024-07-14 | itsourcecode Tailoring Management System templateadd.php sql injection |
| CVE-2024-31946 | 2024-07-15 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS... |
| CVE-2024-36432 | 2024-07-15 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. |
| CVE-2024-36433 | 2024-07-15 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. |
| CVE-2024-36434 | 2024-07-15 | An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. |
| CVE-2024-36438 | 2024-07-15 | eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. |
| CVE-2024-37016 | 2024-07-15 | Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach. |
| CVE-2024-37386 | 2024-07-15 | An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot.... |
| CVE-2024-40414 | 2024-07-15 | A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. |
| CVE-2024-40415 | 2024-07-15 | A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. |
| CVE-2024-40416 | 2024-07-15 | A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. |
| CVE-2024-40524 | 2024-07-15 | Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component. |
| CVE-2024-40553 | 2024-07-15 | Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage. |
| CVE-2024-40554 | 2024-07-15 | An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information. |
| CVE-2024-40555 | 2024-07-15 | Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability. |
| CVE-2024-40560 | 2024-07-15 | Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. |
| CVE-2024-6735 | 2024-07-15 | itsourcecode Tailoring Management System setgeneral.php sql injection |
| CVE-2024-6345 | 2024-07-15 | Remote Code Execution in pypa/setuptools |
| CVE-2024-6736 | 2024-07-15 | SourceCodester Employee and Visitor Gate Pass Logging System view_employee.php sql injection |
| CVE-2024-39739 | 2024-07-15 | IBM Datacap Navigator server-side request forgery |
| CVE-2024-39737 | 2024-07-15 | IBM Datacap Navigator information disclosure |
| CVE-2024-39736 | 2024-07-15 | IBM Datacap Navigator HTTP HOST header injection |
| CVE-2024-39728 | 2024-07-15 | IBM Datacap Navigator cross-site scripting |
| CVE-2024-39731 | 2024-07-15 | IBM Datacap Navigator information disclosure |
| CVE-2024-39735 | 2024-07-15 | IBM Datacap Navigator cross-site scripting |
| CVE-2024-39729 | 2024-07-15 | IBM Datacap Navigator information disclosure |
| CVE-2024-39741 | 2024-07-15 | IBM Datacap Navigator directory traversal |
| CVE-2024-39740 | 2024-07-15 | IBM Datacap Navigator information disclosure |
| CVE-2024-6737 | 2024-07-15 | 2100 TECHNOLOGY Electronic Official Document Management System - Broken Access Control |
| CVE-2024-6738 | 2024-07-15 | WisdomGarden Tronclass - Broken Access Control |
| CVE-2024-6739 | 2024-07-15 | Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag |
| CVE-2024-21513 | 2024-07-15 | Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on... |
| CVE-2024-6742 | 2024-07-15 | AguardNet Space Management System - Reflected Cross-Site Scripting |
| CVE-2024-5630 | 2024-07-15 | Insert or Embed Articulate Content into WordPress < 4.3000000024 - Author+ Arbitrary File Upload |
| CVE-2024-6072 | 2024-07-15 | WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI'] |
| CVE-2024-6073 | 2024-07-15 | WP eStore < 8.5.5 - Reflected XSS in Discount Editing |
| CVE-2024-6074 | 2024-07-15 | WP eStore < 8.5.5 - Reflected XSS in Customer Editing |
| CVE-2024-6075 | 2024-07-15 | WP eStore < 8.5.5 - Coupon Deletion via CSRF |
| CVE-2024-6076 | 2024-07-15 | WP eStore < 8.5.5 - Reflected XSS in Category Editing |
| CVE-2024-6289 | 2024-07-15 | WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure |
| CVE-2024-6743 | 2024-07-15 | AguardNet Space Management System - SQL injection |
| CVE-2024-6744 | 2024-07-15 | The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to... |
| CVE-2024-6540 | 2024-07-15 | Information exlosure in external interface |
| CVE-2024-23794 | 2024-07-15 | Agents are able to lock the ticket without the "Owner" permission |
| CVE-2023-41916 | 2024-07-15 | Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading |
| CVE-2023-46801 | 2024-07-15 | Apache Linkis DataSource: DataSource Remote code execution vulnerability |
| CVE-2023-49566 | 2024-07-15 | Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability |
| CVE-2024-6740 | 2024-07-15 | Openfind Mail2000 - Stored XSS |
| CVE-2024-6741 | 2024-07-15 | Openfind Mail2000 - HttpOnly flag bypass |
| CVE-2024-32945 | 2024-07-15 | LaTeX post content manipulation via renderer state leak across contexts |
| CVE-2024-39767 | 2024-07-15 | Spoofed push notifications from malicious server |
| CVE-2024-41007 | 2024-07-15 | tcp: avoid too many retransmit packets |
| CVE-2024-6398 | 2024-07-15 | An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party... |
| CVE-2024-6745 | 2024-07-15 | code-projects Simple Ticket Booking Login adminauthenticate.php sql injection |
| CVE-2024-5402 | 2024-07-15 | Mint Workbench I Unquoted Service Path Enumeration |
| CVE-2024-6746 | 2024-07-15 | NaiboWang EasySpider HTTP GET Request server.js path traversal |
| CVE-2024-6689 | 2024-07-15 | Local privilege escalation vulnerability in baramundi Management Agent via MSI Installer |
| CVE-2024-36455 | 2024-07-15 | Symantec Privileged Access Manager Remote Command Execution vulnerability |
| CVE-2024-36456 | 2024-07-15 | Symantec Privileged Access Manager Remote Command Execution vulnerability |
| CVE-2024-36457 | 2024-07-15 | Symantec Privileged Access Manager Authentication Bypass vulnerability |
| CVE-2024-36458 | 2024-07-15 | Symantec Privileged Access Manager Privilege Escalation vulnerability |