Lista CVE - 2024 / Agosto

Visualizzazione 2701 - 2800 di 2898 CVE per Agosto 2024 (Pagina 28 di 29)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2024-44919	2024-08-29	A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description...
CVE-2024-45435	2024-08-29	Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
CVE-2024-45436	2024-08-29	extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
CVE-2024-41349	2024-08-29	unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php.
CVE-2024-41358	2024-08-29	phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
CVE-2024-44716	2024-08-29	A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-44717	2024-08-29	A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-44776	2024-08-29	An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.
CVE-2024-44930	2024-08-29	Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For...
CVE-2024-45440	2024-08-29	core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
CVE-2024-7857	2024-08-29	Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection
CVE-2024-41918	2024-08-29	'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary...
CVE-2024-5857	2024-08-29	Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion
CVE-2022-2440	2024-08-29	Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization
CVE-2024-7856	2024-08-29	MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2024-7418	2024-08-29	The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure
CVE-2024-38303	2024-08-29	Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to...
CVE-2024-7606	2024-08-29	Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-3944	2024-08-29	WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments
CVE-2024-5987	2024-08-29	WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
CVE-2024-7607	2024-08-29	Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection
CVE-2024-5417	2024-08-29	Gutentor < 3.3.6 - Contributor+ Stored XSS
CVE-2024-6927	2024-08-29	Viral Signup <= 2.1 - Admin+ Stored XSS
CVE-2024-7132	2024-08-29	CoBlocks < 3.1.13 - Editor+ Stored XSS
CVE-2024-43700	2024-08-29	xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is...
CVE-2024-4428	2024-08-29	Sensetive Data Exposure in Menulux Managment Portal
CVE-2024-38304	2024-08-29	Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially...
CVE-2024-5622	2024-08-29	Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
CVE-2024-5623	2024-08-29	Untrusted search path vulnerability in B&R APROL
CVE-2024-5624	2024-08-29	Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
CVE-2024-43986	2024-08-29	WordPress E-cab taxi booking manager plugin <=1.0.9 - Cross Site Scripting (XSS) vulnerability
CVE-2021-4442	2024-08-29	tcp: add sanity tests to TCP_QUEUE_SEQ
CVE-2024-29731	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29730	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29729	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29728	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29727	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29726	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29725	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29724	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-29723	2024-08-29	Multiple vulnerabilities in SportsNET
CVE-2024-6551	2024-08-29	GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure
CVE-2024-7895	2024-08-29	Beaver Builder (Lite Version) <= 2.8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter
CVE-2024-8294	2024-08-29	FeehiCMS index.php update unrestricted upload
CVE-2024-8295	2024-08-29	FeehiCMS index.php createBanner unrestricted upload
CVE-2024-2541	2024-08-29	Popup Builder <= 4.3.3 - Sensitive Information Exposure via Imported Subscribers CSV File
CVE-2024-8296	2024-08-29	FeehiCMS index.php insert unrestricted upload
CVE-2024-1384	2024-08-29	Premium Portfolio Features for Phlox theme <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-3679	2024-08-29	Premium SEO Pack – WP SEO Plugin <= 1.6.001 - Unauthenticated Information Exposure
CVE-2024-8297	2024-08-29	kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs
CVE-2024-8301	2024-08-29	dingfanzu CMS checkin.php sql injection
CVE-2024-1056	2024-08-29	Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post
CVE-2024-8302	2024-08-29	dingfanzu CMS chpwd.php sql injection
CVE-2024-5057	2024-08-29	WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability
CVE-2024-38693	2024-08-29	WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability
CVE-2024-38793	2024-08-29	WordPress Best Restaurant Menu by Pricelisto plugin <= 1.4.1 - SQL Injection vulnerability
CVE-2024-38795	2024-08-29	WordPress ListingPro plugin <= 2.9.4 - Unauthenticated SQL Injection vulnerability
CVE-2024-39620	2024-08-29	WordPress ListingPro plugin <= 2.9.4 - SQL Injection vulnerability
CVE-2024-39622	2024-08-29	WordPress ListingPro theme <= 2.9.4 - Unauthenticated SQL Injection vulnerability
CVE-2024-39638	2024-08-29	WordPress Registrations for the Events Calendar plugin <= 2.12.2 - SQL Injection vulnerability
CVE-2024-39653	2024-08-29	WordPress VikRentCar Car Rental Management System plugin <= 1.4.0 - SQL Injection vulnerability
CVE-2024-8303	2024-08-29	dingfanzu CMS getBasicInfo.php sql injection
CVE-2024-8304	2024-08-29	jpress Template Module edit path traversal
CVE-2024-39658	2024-08-29	WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability
CVE-2024-43132	2024-08-29	WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability
CVE-2024-43144	2024-08-29	WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
CVE-2024-43917	2024-08-29	WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
CVE-2024-43918	2024-08-29	WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability
CVE-2024-43922	2024-08-29	WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability
CVE-2024-43931	2024-08-29	WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - PHP Object Injection vulnerability
CVE-2024-43939	2024-08-29	WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability
CVE-2024-43940	2024-08-29	WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability
CVE-2024-43941	2024-08-29	WordPress Propovoice Pro plugin <= 1.7.0.3 - Unauthenticated SQL Injection vulnerability
CVE-2024-43942	2024-08-29	WordPress Greenshift Query and Meta Addon plugin < 3.9.2 - Subscriber+ SQL Injection vulnerability
CVE-2024-43943	2024-08-29	WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability
CVE-2024-43944	2024-08-29	WordPress Maintenance & Coming Soon Redirect Animation plugin <= 2.1.3 - IP Bypass vulnerability
CVE-2024-43954	2024-08-29	WordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure Vulnerability
CVE-2024-8255	2024-08-29	Path Traversal in Ocean Data Systems Dream Report
CVE-2024-43955	2024-08-29	WordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability
CVE-2024-35118	2024-08-29	IBM MaaS360 information disclosure
CVE-2024-43957	2024-08-29	WordPress Animated Number Counters plugin <= 1.9 - Editor+ Limited Local File Inclusion vulnerability
CVE-2024-43965	2024-08-29	WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
CVE-2024-41964	2024-08-29	Insufficient permission checks in the language settings in Kirby CMS
CVE-2024-35133	2024-08-29	IBM Security Verify Access HTTP open redirect
CVE-2024-43804	2024-08-29	OS Command Injection via Port Scan Functionality in Roxy-WI
CVE-2024-45045	2024-08-29	JavaScript Injection via url encoded values in links in Collabora Office Android
CVE-2024-45056	2024-08-29	`fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
CVE-2024-43964	2024-08-29	WordPress DSGVO All in one for WP plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43963	2024-08-29	WordPress Visual CSS Style Editor plugin <= 7.6.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43961	2024-08-29	WordPress azurecurve Toggle Show/Hide plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43960	2024-08-29	WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43958	2024-08-29	WordPress Into The Dark theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43953	2024-08-29	WordPress Classic Addons – WPBakery Page Builder plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43952	2024-08-29	WordPress Esotera theme <= 1.2.5.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43951	2024-08-29	WordPress Tempera theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43950	2024-08-29	WordPress Brickscore plugin <= 1.4.2.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43949	2024-08-29	WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability
CVE-2024-43948	2024-08-29	WordPress WP Armour Extended plugin <= 1.26 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43946	2024-08-29	WordPress SKT Blocks plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43936	2024-08-29	WordPress EmbedPress plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability