Lista CVE 2024/10xxx

CVE nel gruppo: 10xxx

CVE-2024-10047 (N/A)

CVE-2024-10048 (Directory Listing Vulnerability in parisneo/lollms-webui)

CVE-2024-10049 (Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page)

CVE-2024-10050 (Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page)

CVE-2024-10051 (Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode)

CVE-2024-10055 (Unauthenticated Denial of Service in shaunwei/realchar)

CVE-2024-10056 (Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode)

CVE-2024-10057 (Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode)

CVE-2024-10068 (RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode)

CVE-2024-10069 (OpenSight Software FlashFXP FlashFXP.exe uncontrolled search path)

CVE-2024-10070 (ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection)

CVE-2024-10071 (ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection)

CVE-2024-10072 (ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection)

CVE-2024-10073 (ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection)

CVE-2024-10074 (flairNLP flair Mode File Loader clustering.py ClusteringModel code injection)

CVE-2024-10078 (Liteos_a has an use after free vulnerability)

CVE-2024-10079 (WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions)

CVE-2024-10080 (WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection)

CVE-2024-10081 (WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta)

CVE-2024-10082 (N/A)

CVE-2024-10083 (N/A)

CVE-2024-10084 (N/A)

CVE-2024-10086 (Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode)

CVE-2024-10091 (Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation)

CVE-2024-10092 (ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget)

CVE-2024-10093 (Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation)

CVE-2024-10094 (VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path)

CVE-2024-10095 (N/A)

CVE-2024-10096 (Progress UI for WPF format provider unsafe deserialization vulnerability)

CVE-2024-10097 (N/A)

CVE-2024-10099 (Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider)

CVE-2024-10100 (Stored XSS in comfyanonymous/comfyui)

CVE-2024-10101 (Path Traversal in binary-husky/gpt_academic)

CVE-2024-10102 (Stored XSS in binary-husky/gpt_academic)

CVE-2024-10103 (Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS)

CVE-2024-10104 (MailPoet < 5.3.2 - Admin+ Stored XSS)

CVE-2024-10105 (Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS)

CVE-2024-10106 (Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS)

CVE-2024-10108 (Ember ZNet buffer overflow in ‘packet handoff’ plugin)

CVE-2024-10109 (WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode)

CVE-2024-10110 (Incorrect Authorization in mintplex-labs/anything-llm)

CVE-2024-10111 (Denial of Service in aimhubio/aim)

CVE-2024-10112 (OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass)

CVE-2024-10113 (Simple News <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode)

CVE-2024-10114 (WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode)

CVE-2024-10115 (Social Login – WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider)

CVE-2024-10116 (N/A)

CVE-2024-10117 (Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter)

CVE-2024-10118 (WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode)

CVE-2024-10119 (SECOM WRTR-304GN-304TW-UPSC – OS Command Injection)

CVE-2024-10120 (SECOM WRTM326 – OS Command Injection)

CVE-2024-10121 (wfh45678 Radar upload unrestricted upload)

CVE-2024-10122 (wfh45678 Radar Interface authorization)

CVE-2024-10123 (Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking)

CVE-2024-10124 (Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow)

CVE-2024-10125 (Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation)

CVE-2024-10126 (Lack of JWT issuer and signer validation)

CVE-2024-10127 (Local file inclusion vulnerability in M-Files Server)

CVE-2024-10128 (Support for authentication bypass condition in M-Files LDAP authentication)

CVE-2024-10129 (Topdata Inner Rep Plus WebServer td.js.gz risky encryption)