Lista CVE - 2024 / Settembre
Visualizzazione 1801 - 1900 di 2518 CVE per Settembre 2024 (Pagina 19 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-8652 | 2024-09-19 | Netcat CMS: reflected cross-site scripting in openstat module |
| CVE-2024-8653 | 2024-09-19 | Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module |
| CVE-2024-38016 | 2024-09-19 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2024-8963 | 2024-09-19 | Path Traversal in the Ivanti CSA before 4.6 Patch 519... |
| CVE-2024-47159 | 2024-09-19 | In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could... |
| CVE-2024-47160 | 2024-09-19 | In JetBrains YouTrack before 2024.3.44799 access to global app config... |
| CVE-2024-47162 | 2024-09-19 | In JetBrains YouTrack before 2024.3.44799 token could be revealed on... |
| CVE-2024-9001 | 2024-09-19 | TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection |
| CVE-2024-38221 | 2024-09-19 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-43496 | 2024-09-19 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43489 | 2024-09-19 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-9003 | 2024-09-19 | Jinan Chicheng Company JFlow Attachment EntityMutliFile_Load.do AttachmentUploadController access control |
| CVE-2024-9004 | 2024-09-19 | D-Link DAR-7000 Backup_Server_commit.php os command injection |
| CVE-2024-9006 | 2024-09-19 | jeanmarc77 123solar config_invt1.php code injection |
| CVE-2024-9007 | 2024-09-19 | jeanmarc77 123solar detailed.php cross site scripting |
| CVE-2024-46984 | 2024-09-19 | XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator |
| CVE-2024-45614 | 2024-09-19 | Header normalization allows for client to clobber proxy set headers in Puma |
| CVE-2024-46983 | 2024-09-19 | Remote Command Execution(RCE) Vulnerbility in sofa-hessian |
| CVE-2024-45410 | 2024-09-19 | HTTP client can remove the X-Forwarded headers in Traefik |
| CVE-2023-27584 | 2024-09-19 | Dragonfly2 vulnerable to hard coded cyptographic key |
| CVE-2024-9008 | 2024-09-19 | SourceCodester Best Online News Portal Comment Section news-details.php sql injection |
| CVE-2024-47060 | 2024-09-19 | Unauthorized Access After Organization or Project Deactivation in Zitadel |
| CVE-2024-47000 | 2024-09-19 | Service Users Deactivation not Working in Zitadel |
| CVE-2024-46999 | 2024-09-19 | User Grant Deactivation not Working in Zitadel |
| CVE-2024-9009 | 2024-09-19 | code-projects Online Quiz Site showtest.php sql injection |
| CVE-2024-45810 | 2024-09-19 | Envoy crashes for LocalReply in http async client |
| CVE-2024-45809 | 2024-09-19 | Jwt filter crash in the clear route cache with remote JWKs in envoy |
| CVE-2024-45808 | 2024-09-19 | Malicious log injection via access logs in envoy |
| CVE-2024-45807 | 2024-09-19 | oghttp2 crash on OnBeginHeadersForStream in envoy |
| CVE-2024-45806 | 2024-09-19 | Potential manipulate `x-envoy` headers from external sources in envoy |
| CVE-2023-47480 | 2024-09-20 | An issue in Pure Data 0.54-0 and fixed in 0.54-1... |
| CVE-2024-37879 | 2024-09-20 | Improper input validation in /admin/config/save in User-friendly SVN (USVN) before... |
| CVE-2024-42697 | 2024-09-20 | Cross Site Scripting vulnerability in Leotheme Leo Product Search Module... |
| CVE-2024-45489 | 2024-09-20 | Arc before 2024-08-26 allows remote code execution in JavaScript boosts.... |
| CVE-2024-46101 | 2024-09-20 | GDidees CMS <= v3.9.1 has a file upload vulnerability. |
| CVE-2024-46103 | 2024-09-20 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. |
| CVE-2024-46640 | 2024-09-20 | SeaCMS 13.2 has a remote code execution vulnerability located in... |
| CVE-2024-46644 | 2024-09-20 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via... |
| CVE-2024-46645 | 2024-09-20 | eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. |
| CVE-2024-46646 | 2024-09-20 | eNMS up to 4.7.1 is vulnerable to Directory Traversal via... |
| CVE-2024-46647 | 2024-09-20 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via... |
| CVE-2024-46648 | 2024-09-20 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via... |
| CVE-2024-46649 | 2024-09-20 | eNMS up to 4.7.1 is vulnerable to Directory Traversal via... |
| CVE-2024-46652 | 2024-09-20 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the... |
| CVE-2024-46654 | 2024-09-20 | A stored cross-site scripting (XSS) vulnerability in the Add Scheduled... |
| CVE-2024-9011 | 2024-09-20 | code-projects Crud Operation System updata.php sql injection |
| CVE-2024-8853 | 2024-09-20 | Webo-facto <= 1.40 - Unauthenticated Privilege Escalation |
| CVE-2024-41721 | 2024-09-20 | bhyve(8) out-of-bounds read access via XHCI emulation |
| CVE-2024-9043 | 2024-09-20 | Cellopoint Secure Email Gateway - Buffer Overflow |
| CVE-2024-9030 | 2024-09-20 | CodeCanyon CRMGo SaaS note cross site scripting |
| CVE-2024-9031 | 2024-09-20 | CodeCanyon CRMGo SaaS show cross site scripting |
| CVE-2024-9032 | 2024-09-20 | SourceCodester Simple Forum-Discussion System index.php path traversal |
| CVE-2024-9033 | 2024-09-20 | SourceCodester Best House Rental Management System ajax.php cross site scripting |
| CVE-2024-9034 | 2024-09-20 | code-projects Patient Record Management System login.php sql injection |
| CVE-2024-9035 | 2024-09-20 | code-projects Blood Bank Management System Admin Login login.php sql injection |
| CVE-2024-9036 | 2024-09-20 | itsourcecode Online Bookstore admin_add.php unrestricted upload |
| CVE-2024-9037 | 2024-09-20 | Codezips Internal Marks Calculation index.php sql injection |
| CVE-2024-9038 | 2024-09-20 | Codezips Online Shopping Portal insert-product.php unrestricted upload |
| CVE-2024-9039 | 2024-09-20 | SourceCodester Best House Rental Management System ajax.php sql injection |
| CVE-2024-9040 | 2024-09-20 | code-projects Blood Bank Management System Password cleartext storage in a file or on disk |
| CVE-2024-9041 | 2024-09-20 | SourceCodester Best House Rental Management System ajax.php sql injection |
| CVE-2024-8612 | 2024-09-20 | Qemu-kvm: information leak in virtio devices |
| CVE-2024-45229 | 2024-09-20 | The Versa Director offers REST APIs for orchestration and management.... |
| CVE-2024-42346 | 2024-09-20 | Stored Cross Site Scripting (Stored XSS) in Galaxy |
| CVE-2024-42351 | 2024-09-20 | Possible Data Tampering & Loss of Public Datasets in Galaxy |
| CVE-2024-47062 | 2024-09-20 | Multiple SQL Injections and ORM Leak in navidrome |
| CVE-2024-47061 | 2024-09-20 | Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs |
| CVE-2024-45793 | 2024-09-20 | Cross-site Scripting from in Confidant API call |
| CVE-2024-47210 | 2024-09-21 | Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing... |
| CVE-2024-47219 | 2024-09-21 | An issue was discovered in vesoft NebulaGraph through 3.8.0. It... |
| CVE-2024-6785 | 2024-09-21 | MXview One and MXview One Central Manager Series store cleartext credentials in a local file |
| CVE-2024-6786 | 2024-09-21 | MXview One Series vulnerable to Path Traversal |
| CVE-2024-6787 | 2024-09-21 | MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition |
| CVE-2024-9048 | 2024-09-21 | y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting |
| CVE-2024-8680 | 2024-09-21 | MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-42323 | 2024-09-21 | Apache HertzBeat: RCE by snakeYaml deser load malicious xml |
| CVE-2024-9075 | 2024-09-21 | Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting |
| CVE-2024-47218 | 2024-09-22 | An issue was discovered in vesoft NebulaGraph through 3.8.0. It... |
| CVE-2024-47220 | 2024-09-22 | An issue was discovered in the WEBrick toolkit through 1.8.1... |
| CVE-2024-47221 | 2024-09-22 | CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an... |
| CVE-2024-47226 | 2024-09-22 | A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0... |
| CVE-2024-9076 | 2024-09-22 | DedeCMS article_string_mix.php os command injection |
| CVE-2024-9077 | 2024-09-22 | dingfangzu Order Checkout order.js cross site scripting |
| CVE-2024-9078 | 2024-09-22 | code-projects Student Record System course.php sql injection |
| CVE-2024-9079 | 2024-09-22 | code-projects Student Record System marks.php sql injection |
| CVE-2024-9080 | 2024-09-22 | code-projects Student Record System pincode-verification.php sql injection |
| CVE-2024-9081 | 2024-09-22 | SourceCodester Online Eyewear Shop view_category.php sql injection |
| CVE-2024-9085 | 2024-09-22 | code-projects Restaurant Reservation System index.php sql injection |
| CVE-2024-9082 | 2024-09-22 | SourceCodester Online Eyewear Shop User Creation Users.php improper authorization |
| CVE-2024-9083 | 2024-09-22 | SourceCodester Employee Management System add-admin.php cross site scripting |
| CVE-2024-9084 | 2024-09-22 | code-projects Blood Bank System bbms.php cross site scripting |
| CVE-2024-40703 | 2024-09-22 | IBM Cognos Analytics information disclosure |
| CVE-2024-9086 | 2024-09-22 | code-projects Restaurant Reservation System filter.php sql injection |
| CVE-2024-9087 | 2024-09-22 | code-projects Vehicle Management edit1.php sql injection |
| CVE-2024-9088 | 2024-09-22 | SourceCodester Telecom Billing Management System login buffer overflow |
| CVE-2024-9089 | 2024-09-22 | SourceCodester Modern Loan Management System update_loan_record.php cross site scripting |
| CVE-2024-9090 | 2024-09-22 | SourceCodester Modern Loan Management System search_member.php sql injection |
| CVE-2024-43989 | 2024-09-22 | WordPress Justified Image Grid plugin <= 4.6.1 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-46948 | 2024-09-23 | A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos... |
| CVE-2024-34331 | 2024-09-23 | A lack of code signature verification in Parallels Desktop for... |