Lista CVE 2024/7xxx

CVE nel gruppo: 7xxx

CVE-2024-7023 (N/A)

CVE-2024-7024 (N/A)

CVE-2024-7025 (N/A)

CVE-2024-7026 (N/A)

CVE-2024-7027 (SQLi in Teknogis Informatics’ Closed Circuit Vehicle Tracking Software)

CVE-2024-7029 (WooCommerce – PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor)

CVE-2024-7030 (Command Injection in AVTech AVM1203 (IP Camera))

CVE-2024-7031 (Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update)

CVE-2024-7032 (File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update)

CVE-2024-7033 (Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion)

CVE-2024-7034 (Arbitrary File Write in open-webui/open-webui)

CVE-2024-7035 (Remote Code Execution due to Arbitrary File Write in open-webui/open-webui)

CVE-2024-7036 (Cross-Site Request Forgery (CSRF) in open-webui/open-webui)

CVE-2024-7037 (Denial of Service in open-webui/open-webui)

CVE-2024-7038 (Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui)

CVE-2024-7039 (Information Disclosure in open-webui/open-webui)

CVE-2024-7040 (Improper Privilege Management in open-webui/open-webui)

CVE-2024-7041 (Improper Access Control in open-webui/open-webui)

CVE-2024-7042 (IDOR in open-webui/open-webui)

CVE-2024-7043 (Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection)

CVE-2024-7044 (Improper Access Control in open-webui/open-webui)

CVE-2024-7045 (Stored XSS in open-webui/open-webui)

CVE-2024-7046 (Improper Access Control in open-webui/open-webui)

CVE-2024-7047 (Improper Access Control in open-webui/open-webui)

CVE-2024-7048 (Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab)

CVE-2024-7049 (IDOR in open-webui/open-webui)

CVE-2024-7050 (Exposure of Token in open-webui/open-webui)

CVE-2024-7051 (N/A)

CVE-2024-7052 (N/A)

CVE-2024-7053 (Forminator < 1.38.3 - Admin+ Stored XSS)

CVE-2024-7054 (Session Fixation in open-webui/open-webui)

CVE-2024-7055 (Popup Maker <= 1.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-7056 (FFmpeg pnmdec.c pnm_decode_frame heap-based overflow)

CVE-2024-7057 (WPForms < 1.9.1.6 - Admin+ Stored XSS)

CVE-2024-7058 (Improper Access Control in GitLab)

CVE-2024-7059 (Relative Path Traversal in parisneo/lollms-webui)

CVE-2024-7060 (N/A)

CVE-2024-7061 (Exposure of Sensitive Information to an Unauthorized Actor in GitLab)

CVE-2024-7062 (N/A)

CVE-2024-7063 (Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087)