Lista CVE 2024/9xxx

CVE nel gruppo: 9xxx

CVE-2024-9043 (N/A)

CVE-2024-9044 (Cellopoint Secure Email Gateway – Buffer Overflow)

CVE-2024-9046 (XML External Entity (XXE) Vulnerability in EasyTax)

CVE-2024-9047 (N/A)

CVE-2024-9048 (WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php)

CVE-2024-9049 (y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting)

CVE-2024-9050 (Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module)

CVE-2024-9051 (Networkmanager-libreswan: local privilege escalation via leftupdown)

CVE-2024-9052 (WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode)

CVE-2024-9053 (Remote Code Execution by Pickle Deserialization in vllm-project/vllm)

CVE-2024-9054 (Remote Code Execution in vllm-project/vllm)

CVE-2024-9055 (Remote code Execution inTimeProvider® 4100)

CVE-2024-9056 (DPA Countermeasures need reseeding)

CVE-2024-9057 (Denial of Service in bentoml/bentoml)

CVE-2024-9058 (Curator.io: Show all your social media posts in a beautiful feed. <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via feed_id Attribute)

CVE-2024-9059 (Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget)

CVE-2024-9060 (Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget)

CVE-2024-9061 (AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9063 (WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add)

CVE-2024-9064 (N/A)

CVE-2024-9065 (Elementor Inline SVG <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9066 (WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test)

CVE-2024-9067 (Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9068 (Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion)

CVE-2024-9069 (OneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9070 (Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9071 (Deserialization Vulnerability in BentoML’s Runner Server in bentoml/bentoml)

CVE-2024-9072 (Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9073 (GDPR-Extensions-com – Consent Manager <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9074 (GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9075 (Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9076 (Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting)

CVE-2024-9077 (DedeCMS article_string_mix.php os command injection)

CVE-2024-9078 (dingfangzu Order Checkout order.js cross site scripting)

CVE-2024-9079 (code-projects Student Record System course.php sql injection)

CVE-2024-9080 (code-projects Student Record System marks.php sql injection)

CVE-2024-9081 (code-projects Student Record System pincode-verification.php sql injection)

CVE-2024-9082 (SourceCodester Online Eyewear Shop view_category.php sql injection)

CVE-2024-9083 (SourceCodester Online Eyewear Shop User Creation Users.phpf=save improper authorization)

CVE-2024-9084 (SourceCodester Employee Management System add-admin.php cross site scripting)

CVE-2024-9085 (code-projects Blood Bank System bbms.php cross site scripting)

CVE-2024-9086 (code-projects Restaurant Reservation System index.php sql injection)

CVE-2024-9087 (code-projects Restaurant Reservation System filter.php sql injection)

CVE-2024-9088 (code-projects Vehicle Management edit1.php sql injection)

CVE-2024-9089 (SourceCodester Telecom Billing Management System login buffer overflow)

CVE-2024-9090 (SourceCodester Modern Loan Management System update_loan_record.php cross site scripting)

CVE-2024-9091 (SourceCodester Modern Loan Management System search_member.php sql injection)

CVE-2024-9092 (code-projects Student Record System index.php sql injection)

CVE-2024-9093 (SourceCodester Profile Registration without Reload Refresh Registration Form add.php cross site scripting)

CVE-2024-9094 (SourceCodester Profile Registration without Reload Refresh GET Parameter del.php sql injection)

CVE-2024-9095 (code-projects Blood Bank System o-.php sql injection)

CVE-2024-9096 (Improper Authorization in lunary-ai/lunary)

CVE-2024-9097 (Improper Authorization in lunary-ai/lunary)

CVE-2024-9098 (IDOR)

CVE-2024-9099 (Privilege Escalation in lunary-ai/lunary)

CVE-2024-9100 (Exposure of Private API Keys in lunary-ai/lunary)

CVE-2024-9101 (Local File Inclusion)

CVE-2024-9102 (phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php)

CVE-2024-9104 (phpLDAPadmin: Improper Neutralization of Formula Elements)

CVE-2024-9105 (UltimateAI <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check)