Pagina 2 – Azienda Sicura

Lista CVE 2024/12xxx

CVE nel gruppo: 12xxx

CVE-2024-12021 (N/A)

CVE-2024-12022 (Stored Cross-Site Scripting)

CVE-2024-12024 (N/A)

CVE-2024-12025 (EventPrime – Events Calendar, Bookings and Tickets <= 4.0.5.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name)

CVE-2024-12026 (Collapsing Categories <= 3.0.8 - Unauthenticated SQL Injection)

CVE-2024-12027 (Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation)

CVE-2024-12028 (Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions)

CVE-2024-12029 (Friends <= 3.2.1 - Missing Authorization)

CVE-2024-12030 (Remote Code Execution via Model Deserialization in invoke-ai/invokeai)

CVE-2024-12031 (MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection)

CVE-2024-12032 (Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection)

CVE-2024-12033 (Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection)

CVE-2024-12034 (Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync)

CVE-2024-12035 (Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock)

CVE-2024-12036 (CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion)

CVE-2024-12037 (CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read)

CVE-2024-12038 (Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12039 (Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode)

CVE-2024-12040 (Improper Restriction of Excessive Authentication Attempts in langgenius/dify)

CVE-2024-12041 (Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme')

CVE-2024-12042 (Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure)

CVE-2024-12043 (MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting))

CVE-2024-12044 (Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12045 (Remote Code Execution by Pickle Deserialization in open-mmlab/mmdetection)

CVE-2024-12046 (Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting)

CVE-2024-12047 (Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode)

CVE-2024-12048 (WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter)

CVE-2024-12049 (IDOR Vulnerability in transformeroptimus/superagi)

CVE-2024-12053 (Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters)

CVE-2024-12054 (N/A)

CVE-2024-12055 (ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness)

CVE-2024-12056 (DoS using malicious gguf model file in ollama/ollama)

CVE-2024-12057 (Client Secret not checked with OAuth Password grant type)

CVE-2024-12058 (User credentials recorded in log files)

CVE-2024-12059 (N/A)

CVE-2024-12060 (ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read)

CVE-2024-12061 (WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters)

CVE-2024-12062 (Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12063 (Charity Addon for Elementor <= 1.3.2 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12064 (Denial of Service in imartinez/privategpt)

Precedente Successivo