Lista CVE 2024/10xxx

CVE nel gruppo: 10xxx

CVE-2024-10021 (N/A)

CVE-2024-10022 (code-projects Pharmacy Management System manage_purchase.php sql injection)

CVE-2024-10023 (code-projects Pharmacy Management System manage_supplier.php sql injection)

CVE-2024-10024 (code-projects Pharmacy Management System add_new_medicine.php sql injection)

CVE-2024-10025 (code-projects Pharmacy Management System manage_medicine_stock.php sql injection)

CVE-2024-10026 (Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx)

CVE-2024-10027 (Improved Seeding and Hashing In gVisor)

CVE-2024-10028 (WP Booking Calendar < 10.6.3 - Admin+ Stored XSS)

CVE-2024-10033 (Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log)

CVE-2024-10034 (Aap-gateway: xss on aap-gateway)

CVE-2024-10035 (Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting)

CVE-2024-10037 (Code Injection in BG-TEK’s CoslatV3)

CVE-2024-10038 (N/A)

CVE-2024-10040 (WP-Strava <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting)

CVE-2024-10041 (Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update)

CVE-2024-10042 (Pam: libpam: libpam vulnerable to read hashed password)

CVE-2024-10043 (N/A)

CVE-2024-10044 (Incorrect Authorization in GitLab)

CVE-2024-10045 (SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat)

CVE-2024-10046 (Transients Manager <= 2.0.6 - Cross-Site Request Forgery)

CVE-2024-10047 (افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting)

CVE-2024-10048 (Directory Listing Vulnerability in parisneo/lollms-webui)

CVE-2024-10049 (Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page)

CVE-2024-10050 (Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page)

CVE-2024-10051 (Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode)

CVE-2024-10055 (Unauthenticated Denial of Service in shaunwei/realchar)

CVE-2024-10056 (Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode)

CVE-2024-10057 (Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode)

CVE-2024-10068 (RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode)

CVE-2024-10069 (OpenSight Software FlashFXP FlashFXP.exe uncontrolled search path)

CVE-2024-10070 (ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection)

CVE-2024-10071 (ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection)

CVE-2024-10072 (ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection)

CVE-2024-10073 (ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection)

CVE-2024-10074 (flairNLP flair Mode File Loader clustering.py ClusteringModel code injection)

CVE-2024-10078 (Liteos_a has an use after free vulnerability)

CVE-2024-10079 (WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions)

CVE-2024-10080 (WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection)

CVE-2024-10081 (WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta)

CVE-2024-10082 (N/A)