Lista CVE - 2024 / Agosto
Visualizzazione 2301 - 2400 di 2898 CVE per Agosto 2024 (Pagina 24 di 29)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-7559 | 2024-08-23 | File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-7258 | 2024-08-23 | WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion |
| CVE-2024-3282 | 2024-08-23 | WP Table Builder <= 1.5.0 - Admin+ Stored XSS |
| CVE-2024-6715 | 2024-08-23 | Ditty 3.1.39-3.1.45 - Author+ Stored XSS |
| CVE-2024-40766 | 2024-08-23 | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This... |
| CVE-2024-43105 | 2024-08-23 | Excessive Resource Consumption via `/export` |
| CVE-2024-38807 | 2024-08-23 | CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader |
| CVE-2024-5502 | 2024-08-23 | Piotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-7986 | 2024-08-23 | Rockwell Automation ThinManager® ThinServer™ Information Disclosure |
| CVE-2024-43883 | 2024-08-23 | usb: vhci-hcd: Do not drop references before new references are gained |
| CVE-2024-5466 | 2024-08-23 | Remote Code Execution |
| CVE-2024-5467 | 2024-08-23 | SQL Injection |
| CVE-2024-36517 | 2024-08-23 | SQL Injection |
| CVE-2024-36516 | 2024-08-23 | SQL Injection |
| CVE-2024-36515 | 2024-08-23 | SQL Injection |
| CVE-2024-36514 | 2024-08-23 | SQL Injection |
| CVE-2024-5490 | 2024-08-23 | SQL Injection |
| CVE-2024-5556 | 2024-08-23 | SQL Injection |
| CVE-2024-5586 | 2024-08-23 | SQL Injection |
| CVE-2024-38869 | 2024-08-23 | Incorrect Authorization |
| CVE-2024-41150 | 2024-08-23 | Stored XSS |
| CVE-2024-8113 | 2024-08-23 | Stored XSS in Placeholder Samples in Mail Preview |
| CVE-2024-37311 | 2024-08-23 | Collabora Online's remote host TLS certificates are not fully verified |
| CVE-2024-8112 | 2024-08-23 | thinkgem JeeSite Cookie login cross site scripting |
| CVE-2024-43782 | 2024-08-23 | openedx-translations's Atlas translations for Open edX missing validation |
| CVE-2024-43791 | 2024-08-23 | RequestStore has Incorrect Default Permissions |
| CVE-2024-42364 | 2024-08-23 | homepage DNS rebinding vulnerability (GHSL-2024-096) |
| CVE-2024-43794 | 2024-08-23 | OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect |
| CVE-2024-41878 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-41842 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41877 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41846 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41876 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2024-41843 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41848 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2024-41845 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41875 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41849 | 2024-08-23 | Adobe Experience Manager | Improper Input Validation (CWE-20) |
| CVE-2024-41844 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-41847 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2024-41841 | 2024-08-23 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2024-7428 | 2024-08-23 | Potential Open Redirect issues affect OpenText™ Network Node Manager i (NNMi). |
| CVE-2024-7427 | 2024-08-23 | Potential Cross-Site Scripting vulnerability affect OpenText™ Network Node Manager i (NNMi). |
| CVE-2024-7954 | 2024-08-23 | SPIP porte_plume Plugin Arbitrary PHP Execution |
| CVE-2024-45187 | 2024-08-23 | Mage AI allows deleted users to use the terminal server with admin access, leading to remote code execution |
| CVE-2024-45188 | 2024-08-23 | Mage AI file content request remote arbitrary file leak |
| CVE-2024-45189 | 2024-08-23 | Mage AI git content request remote arbitrary file leak |
| CVE-2024-45190 | 2024-08-23 | Mage AI pipeline interaction request remote arbitrary file leak |
| CVE-2024-38207 | 2024-08-23 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability |
| CVE-2024-45240 | 2024-08-24 | The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this... |
| CVE-2024-45234 | 2024-08-24 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest... |
| CVE-2024-45235 | 2024-08-24 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an... |
| CVE-2024-45236 | 2024-08-24 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an... |
| CVE-2024-45237 | 2024-08-24 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a... |
| CVE-2024-45238 | 2024-08-24 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a... |
| CVE-2024-45239 | 2024-08-24 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest... |
| CVE-2023-6987 | 2024-08-24 | String Locator <= 2.6.5 - Reflected Cross-Site Scripting |
| CVE-2024-7568 | 2024-08-24 | Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2023-0926 | 2024-08-24 | Custom Permalinks <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting |
| CVE-2024-8120 | 2024-08-24 | ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions |
| CVE-2024-2254 | 2024-08-24 | RT Easy Builder – Advanced addons for Elementor <= 2.2 - Authenticated (Contributor+) Stored Cross-site Scripting |
| CVE-2024-6631 | 2024-08-24 | ImageRecycle pdf & image compression <= 3.1.14 - Missing Authorization in Several AJAX Actions |
| CVE-2024-6499 | 2024-08-24 | WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure |
| CVE-2024-7351 | 2024-08-24 | Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection |
| CVE-2024-8127 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_unzip command injection |
| CVE-2022-43915 | 2024-08-24 | IBM App Connect Enterprise Certified Container |
| CVE-2024-8128 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection |
| CVE-2024-7656 | 2024-08-24 | Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection |
| CVE-2024-8129 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection |
| CVE-2024-8130 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3 command injection |
| CVE-2024-8131 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request apkg_mgr.cgi module_enable_disable command injection |
| CVE-2024-8132 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request webdav_mgr.cgi webdav_mgr command injection |
| CVE-2024-8133 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_R5_SpareDsk_DiskMGR command injection |
| CVE-2024-8134 | 2024-08-24 | D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_Std2R5_1st_DiskMGR command injection |
| CVE-2024-8135 | 2024-08-24 | Go-Tribe gotribe token.go Sign hard-coded credentials |
| CVE-2024-8136 | 2024-08-24 | SourceCodester Record Management System sort1_user.php cross site scripting |
| CVE-2024-8137 | 2024-08-24 | SourceCodester Record Management System search_user.php cross site scripting |
| CVE-2024-45258 | 2024-08-25 | The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design. |
| CVE-2023-48957 | 2024-08-25 | PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. |
| CVE-2024-45244 | 2024-08-25 | Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. |
| CVE-2024-8138 | 2024-08-25 | code-projects Pharmacy Management System Parameter index.php editManager sql injection |
| CVE-2024-8139 | 2024-08-25 | itsourcecode E-Commerce Website search_list.php sql injection |
| CVE-2024-8140 | 2024-08-25 | SourceCodester Task Progress Tracker update-task.php cross site scripting |
| CVE-2024-8141 | 2024-08-25 | SourceCodester Daily Calories Monitoring Tool add-calorie.php cross site scripting |
| CVE-2024-8142 | 2024-08-25 | SourceCodester Daily Calories Monitoring Tool delete-calorie.php cross site scripting |
| CVE-2024-8144 | 2024-08-25 | ClassCMS Logo admin cross site scripting |
| CVE-2024-8145 | 2024-08-25 | ClassCMS Article admin cross site scripting |
| CVE-2024-42337 | 2024-08-25 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-42338 | 2024-08-25 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-42339 | 2024-08-25 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-42340 | 2024-08-25 | CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security |
| CVE-2024-8146 | 2024-08-25 | code-projects Pharmacy Management System index.php sql injection |
| CVE-2024-8147 | 2024-08-25 | code-projects Pharmacy Management System index.php sql injection |
| CVE-2024-8011 | 2024-08-25 | Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. |
| CVE-2024-8158 | 2024-08-25 | User impersonation for lib9p based 9p fileservers |
| CVE-2024-8150 | 2024-08-25 | ContiNew Admin user sql injection |
| CVE-2024-8151 | 2024-08-25 | SourceCodester Interactive Map with Marker delete-mark.php cross site scripting |
| CVE-2024-8152 | 2024-08-25 | SourceCodester QR Code Bookmark System Parameter add-bookmark.php cross site scripting |
| CVE-2024-8153 | 2024-08-25 | SourceCodester QR Code Bookmark System delete-bookmark.php cross site scripting |
| CVE-2024-8154 | 2024-08-25 | SourceCodester QR Code Bookmark System Parameter update-bookmark.php cross site scripting |