Lista CVE - 2024 / Settembre
Visualizzazione 1401 - 1500 di 2518 CVE per Settembre 2024 (Pagina 15 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-40842 | 2024-09-16 | An issue was addressed with improved validation of environment variables.... |
| CVE-2024-44148 | 2024-09-16 | This issue was addressed with improved validation of file attributes.... |
| CVE-2024-44164 | 2024-09-16 | This issue was addressed with improved checks. This issue is... |
| CVE-2024-44133 | 2024-09-16 | This issue was addressed by removing the vulnerable code. This... |
| CVE-2024-44125 | 2024-09-16 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-40845 | 2024-09-16 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-44152 | 2024-09-16 | A privacy issue was addressed with improved private data redaction... |
| CVE-2024-44168 | 2024-09-16 | A library injection issue was addressed with additional restrictions. This... |
| CVE-2024-44187 | 2024-09-16 | A cross-origin issue existed with "iframe" elements. This was addressed... |
| CVE-2024-44129 | 2024-09-16 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-44191 | 2024-09-16 | This issue was addressed through improved state management. This issue... |
| CVE-2024-44190 | 2024-09-16 | A path handling issue was addressed with improved validation. This... |
| CVE-2024-44128 | 2024-09-16 | This issue was addressed by adding an additional prompt for... |
| CVE-2024-44169 | 2024-09-16 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-44186 | 2024-09-16 | An access issue was addressed with additional sandbox restrictions. This... |
| CVE-2024-40852 | 2024-09-16 | This issue was addressed by restricting options offered on a... |
| CVE-2024-44153 | 2024-09-16 | The issue was addressed with improved permissions logic. This issue... |
| CVE-2024-40844 | 2024-09-16 | A privacy issue was addressed with improved handling of temporary... |
| CVE-2024-44124 | 2024-09-16 | This issue was addressed through improved state management. This issue... |
| CVE-2024-44132 | 2024-09-16 | This issue was addressed with improved handling of symlinks. This... |
| CVE-2024-40825 | 2024-09-16 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-44165 | 2024-09-16 | A logic issue was addressed with improved checks. This issue... |
| CVE-2024-44149 | 2024-09-16 | A permissions issue was addressed with additional restrictions. This issue... |
| CVE-2024-40848 | 2024-09-16 | A downgrade issue was addressed with additional code-signing restrictions. This... |
| CVE-2024-7387 | 2024-09-16 | Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy |
| CVE-2024-45496 | 2024-09-16 | Openshift-controller-manager: elevated build pods can lead to node compromise in openshift |
| CVE-2024-46085 | 2024-09-17 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-46362 | 2024-09-17 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-47047 | 2024-09-17 | An issue was discovered in the powermail extension through 12.4.0... |
| CVE-2024-47049 | 2024-09-17 | The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used... |
| CVE-2024-8110 | 2024-09-17 | Denial of Service (DoS) vulnerability has been found in Dual-redundant... |
| CVE-2024-5170 | 2024-09-17 | Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget |
| CVE-2024-8043 | 2024-09-17 | Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF |
| CVE-2024-8044 | 2024-09-17 | infolinks Ad Wrap <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-8047 | 2024-09-17 | Visual Sound (old) <= 1.06 - Settings Update via CSRF |
| CVE-2024-8051 | 2024-09-17 | Special Feed Items <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-8052 | 2024-09-17 | Review Ratings <= 1.6 - Stored XSS via CSRF |
| CVE-2024-8091 | 2024-09-17 | Enhanced Search Box <= 0.6.1 - Settings Update via CSRF |
| CVE-2024-8092 | 2024-09-17 | Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF |
| CVE-2024-8093 | 2024-09-17 | Posts reminder <= 0.20 - Settings Update via CSRF |
| CVE-2024-8490 | 2024-09-17 | PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details |
| CVE-2024-8761 | 2024-09-17 | Share This Image <= 2.03 - Open Redirect via link Parameter |
| CVE-2024-8767 | 2024-09-17 | Sensitive data disclosure and manipulation due to unnecessary privileges assignment.... |
| CVE-2024-5998 | 2024-09-17 | Deserialization of Untrusted Data in langchain-ai/langchain |
| CVE-2024-8897 | 2024-09-17 | Under certain conditions, an attacker with the ability to redirect... |
| CVE-2024-7873 | 2024-09-17 | Stored XSS in Veribilim Software's Veribase Order Management |
| CVE-2024-21743 | 2024-09-17 | WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability |
| CVE-2024-22303 | 2024-09-17 | WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability |
| CVE-2024-38860 | 2024-09-17 | Reflected links in error message facilitate phishing attacks |
| CVE-2021-27915 | 2024-09-17 | XSS Cross-site Scripting Stored (XSS) - Description field |
| CVE-2021-27916 | 2024-09-17 | Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) |
| CVE-2024-7788 | 2024-09-17 | Signatures in "repair mode" should not be trusted |
| CVE-2024-8768 | 2024-09-17 | Vllm: a completions api request with an empty prompt will crash the vllm api server. |
| CVE-2024-8939 | 2024-09-17 | Vllm: denials of service in vllm json web api |
| CVE-2024-8796 | 2024-09-17 | Insufficient Default OTP Shared Secret Length |
| CVE-2024-38812 | 2024-09-17 | Heap-overflow vulnerability |
| CVE-2024-38813 | 2024-09-17 | Privilege escalation vulnerability |
| CVE-2024-45682 | 2024-09-17 | Millbeck Communications Proroute H685t-w Command Injection. |
| CVE-2024-42501 | 2024-09-17 | Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE) |
| CVE-2024-42502 | 2024-09-17 | Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface |
| CVE-2024-38380 | 2024-09-17 | Millbeck Communications Proroute H685t-w Cross-site Scripting. |
| CVE-2024-42503 | 2024-09-17 | Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI) |
| CVE-2024-8944 | 2024-09-17 | code-projects Hospital Management System check_availability.php sql injection |
| CVE-2024-8945 | 2024-09-17 | CodeCanyon RISE Ultimate Project Manager save sql injection |
| CVE-2024-45798 | 2024-09-17 | Multiple Poisoned Pipeline Execution (PPE) vulnerabilities |
| CVE-2024-8660 | 2024-09-17 | Stored XSS in the "Top Navigator Bar" block |
| CVE-2024-8900 | 2024-09-17 | An attacker could write data to the user's clipboard, bypassing... |
| CVE-2024-38183 | 2024-09-17 | GroupMe Elevation of Privilege Vulnerability |
| CVE-2024-43460 | 2024-09-17 | Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2024-45803 | 2024-09-17 | Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui |
| CVE-2024-45612 | 2024-09-17 | Insert tag injection via canonical URL in Contao |
| CVE-2024-8946 | 2024-09-17 | MicroPython VFS Unmount vfs.c mp_vfs_umount heap-based overflow |
| CVE-2024-8947 | 2024-09-17 | MicroPython objarray.c use after free |
| CVE-2024-45384 | 2024-09-17 | Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack |
| CVE-2024-45537 | 2024-09-17 | Apache Druid: Users can provide MySQL JDBC properties not on allow list |
| CVE-2024-8948 | 2024-09-17 | MicroPython objint.c mpz_as_bytes heap-based overflow |
| CVE-2024-8949 | 2024-09-17 | SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management |
| CVE-2024-45606 | 2024-09-17 | Improper authorization on muting of alert rules in sentry |
| CVE-2024-45605 | 2024-09-17 | Improper authorization on deletion of user issue alert notifications in sentry |
| CVE-2024-45398 | 2024-09-17 | Remote command execution through file upload in contao/core-bundle |
| CVE-2024-45604 | 2024-09-17 | Directory traversal in the file selector widget in contao/core-bundle |
| CVE-2024-8956 | 2024-09-17 | PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication |
| CVE-2024-8951 | 2024-09-17 | SourceCodester Resort Reservation System manage_fee.php cross site scripting |
| CVE-2024-45811 | 2024-09-17 | server.fs.deny bypassed when using ?import&raw in vite |
| CVE-2024-45812 | 2024-09-17 | DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite |
| CVE-2024-8957 | 2024-09-17 | PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration |
| CVE-2024-46976 | 2024-09-17 | Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend |
| CVE-2024-45816 | 2024-09-17 | Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend |
| CVE-2024-45815 | 2024-09-17 | Prototype pollution in @backstage/plugin-catalog-backend |
| CVE-2024-8904 | 2024-09-17 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.58... |
| CVE-2024-8905 | 2024-09-17 | Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58... |
| CVE-2024-8906 | 2024-09-17 | Incorrect security UI in Downloads in Google Chrome prior to... |
| CVE-2024-8907 | 2024-09-17 | Insufficient data validation in Omnibox in Google Chrome on Android... |
| CVE-2024-8908 | 2024-09-17 | Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58... |
| CVE-2024-8909 | 2024-09-17 | Inappropriate implementation in UI in Google Chrome on iOS prior... |
| CVE-2024-46982 | 2024-09-17 | Cache Poisoning in next.js |
| CVE-2024-45452 | 2024-09-17 | WordPress Septera theme <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45451 | 2024-09-17 | WordPress Roseta theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44051 | 2024-09-17 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44050 | 2024-09-17 | WordPress Verbosa theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability |