Lista CVE 2024/7xxx

CVE nel gruppo: 7xxx

CVE-2024-7044 (N/A)

CVE-2024-7045 (Stored XSS in open-webui/open-webui)

CVE-2024-7046 (Improper Access Control in open-webui/open-webui)

CVE-2024-7047 (Improper Access Control in open-webui/open-webui)

CVE-2024-7048 (Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab)

CVE-2024-7049 (IDOR in open-webui/open-webui)

CVE-2024-7050 (Exposure of Token in open-webui/open-webui)

CVE-2024-7051 (N/A)

CVE-2024-7052 (N/A)

CVE-2024-7053 (Forminator < 1.38.3 - Admin+ Stored XSS)

CVE-2024-7054 (Session Fixation in open-webui/open-webui)

CVE-2024-7055 (Popup Maker <= 1.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-7056 (FFmpeg pnmdec.c pnm_decode_frame heap-based overflow)

CVE-2024-7057 (WPForms < 1.9.1.6 - Admin+ Stored XSS)

CVE-2024-7058 (Improper Access Control in GitLab)

CVE-2024-7059 (Relative Path Traversal in parisneo/lollms-webui)

CVE-2024-7060 (N/A)

CVE-2024-7061 (Exposure of Sensitive Information to an Unauthorized Actor in GitLab)

CVE-2024-7062 (N/A)

CVE-2024-7063 (Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087)

CVE-2024-7064 (ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure)

CVE-2024-7065 (ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-7066 (Spina CMS cross-site request forgery)

CVE-2024-7067 (F-logic DataCube3 HTTP POST Request config_time_sync.php os command injection)

CVE-2024-7068 (kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization)

CVE-2024-7069 (SourceCodester Insurance Management System update_sub_category cross site scripting)

CVE-2024-7071 (SourceCodester Employee and Visitor Gate Pass Logging System sql injection)

CVE-2024-7076 (Unauthenticate SQLi in Brain Information Technologies’ Brain Low-Code)

CVE-2024-7077 (SQLi in Semtek Informatics Software’s Semtek Sempos)

CVE-2024-7078 (Reflected XSS in Semtek Informatics Software’s Semtek Sempos)

CVE-2024-7079 (Unauthenticate SQLi in Semtek Informatics Software’s Semtek Sempos)

CVE-2024-7080 (Openshift-console: unauthenticated installation of helm charts)

CVE-2024-7081 (SourceCodester Insurance Management System direct request)

CVE-2024-7082 (itsourcecode Tailoring Management System expcatadd.php sql injection)

CVE-2024-7084 (easy-table-of-contents < 2.0.68 - Editor+ Stored XSS)

CVE-2024-7085 (Ajax Search Lite < 4.12.1 - Admin+ Stored XSS)

CVE-2024-7090 (Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM).)

CVE-2024-7091 (LH Add Media From Url <= 1.23 - Reflected Cross-Site Scripting)

CVE-2024-7092 (Exposure of Sensitive Information to an Unauthorized Actor in GitLab)

CVE-2024-7093 (Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter)

CVE-2024-7094 (Server-Side Template Injection in Dispatch Message Templates)

CVE-2024-7095 (JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution)

CVE-2024-7098 (On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term)

CVE-2024-7099 (XML Injection in SFS Consulting’s ww.Winsure)

CVE-2024-7100 (SQL Injection in netease-youdao/qanything)

CVE-2024-7101 (Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode)

CVE-2024-7102 (ForIP Tecnologia Administração PABX Authentication Form login sql injection)

CVE-2024-7104 (Execution with Unnecessary Privileges in GitLab)

CVE-2024-7105 (Remote Code Execution in SFS Consulting’s ww.Winsure)

CVE-2024-7106 (ForIP Tecnologia Administração PABX Lista Ura Page detalheIdUra sql injection)

CVE-2024-7107 (Spina CMS media_folders cross-site request forgery)

CVE-2024-7108 (Directory Traversal in National Keep’s CyberMath)

CVE-2024-7110 (Incorrect Authorization in National Keep’s CyberMath)

CVE-2024-7112 (Improper Neutralization of Special Elements used in a Command (‘Command Injection’) in GitLab)

CVE-2024-7113 (Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection)

CVE-2024-7114 (Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server)

CVE-2024-7115 (Tianchoy Blog so.php sql injection)

CVE-2024-7116 (MD-MAFUJUL-HASAN Online-Payroll-Management-System designation_viewmore.php sql injection)

CVE-2024-7117 (MD-MAFUJUL-HASAN Online-Payroll-Management-System branch_viewmore.php sql injection)

CVE-2024-7118 (MD-MAFUJUL-HASAN Online-Payroll-Management-System shift_viewmore.php sql injection)