Lista CVE 2024/9xxx

CVE nel gruppo: 9xxx

CVE-2024-9023 (N/A)

CVE-2024-9024 (WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode)

CVE-2024-9025 (Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode)

CVE-2024-9026 (Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title)

CVE-2024-9027 (PHP-FPM logs from children may be altered)

CVE-2024-9028 (WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode)

CVE-2024-9029 (WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode)

CVE-2024-9030 (Freeimage: heap buffer overflow in tiff_read_iptc_profile)

CVE-2024-9031 (CodeCanyon CRMGo SaaS note cross site scripting)

CVE-2024-9032 (CodeCanyon CRMGo SaaS show cross site scripting)

CVE-2024-9033 (SourceCodester Simple Forum-Discussion System index.php path traversal)

CVE-2024-9034 (SourceCodester Best House Rental Management System ajax.php cross site scripting)

CVE-2024-9035 (code-projects Patient Record Management System login.php sql injection)

CVE-2024-9036 (code-projects Blood Bank Management System Admin Login login.php sql injection)

CVE-2024-9037 (itsourcecode Online Bookstore admin_add.php unrestricted upload)

CVE-2024-9038 (Codezips Internal Marks Calculation index.php sql injection)

CVE-2024-9039 (Codezips Online Shopping Portal insert-product.php unrestricted upload)

CVE-2024-9040 (SourceCodester Best House Rental Management System ajax.php sql injection)

CVE-2024-9041 (code-projects Blood Bank Management System Password cleartext storage in a file or on disk)

CVE-2024-9042 (SourceCodester Best House Rental Management System ajax.php sql injection)

CVE-2024-9043 (N/A)

CVE-2024-9044 (Cellopoint Secure Email Gateway – Buffer Overflow)

CVE-2024-9046 (XML External Entity (XXE) Vulnerability in EasyTax)

CVE-2024-9047 (N/A)

CVE-2024-9048 (WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php)

CVE-2024-9049 (y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting)

CVE-2024-9050 (Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module)

CVE-2024-9051 (Networkmanager-libreswan: local privilege escalation via leftupdown)

CVE-2024-9052 (WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode)

CVE-2024-9053 (Remote Code Execution by Pickle Deserialization in vllm-project/vllm)

CVE-2024-9054 (Remote Code Execution in vllm-project/vllm)

CVE-2024-9055 (Remote code Execution inTimeProvider® 4100)

CVE-2024-9056 (DPA Countermeasures need reseeding)

CVE-2024-9057 (Denial of Service in bentoml/bentoml)

CVE-2024-9058 (Curator.io: Show all your social media posts in a beautiful feed. <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via feed_id Attribute)

CVE-2024-9059 (Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget)

CVE-2024-9060 (Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget)

CVE-2024-9061 (AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9063 (WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add)

CVE-2024-9064 (N/A)