Lista CVE 2024/9xxx

CVE nel gruppo: 9xxx

CVE-2024-9065 (Clicca per dettagli)

CVE-2024-9066 (WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test)

CVE-2024-9067 (Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9068 (Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion)

CVE-2024-9069 (OneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9070 (Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9071 (Deserialization Vulnerability in BentoML’s Runner Server in bentoml/bentoml)

CVE-2024-9072 (Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9073 (GDPR-Extensions-com – Consent Manager <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9074 (GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9075 (Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9076 (Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting)

CVE-2024-9077 (DedeCMS article_string_mix.php os command injection)

CVE-2024-9078 (dingfangzu Order Checkout order.js cross site scripting)

CVE-2024-9079 (code-projects Student Record System course.php sql injection)

CVE-2024-9080 (code-projects Student Record System marks.php sql injection)

CVE-2024-9081 (code-projects Student Record System pincode-verification.php sql injection)

CVE-2024-9082 (SourceCodester Online Eyewear Shop view_category.php sql injection)

CVE-2024-9083 (SourceCodester Online Eyewear Shop User Creation Users.phpf=save improper authorization)

CVE-2024-9084 (SourceCodester Employee Management System add-admin.php cross site scripting)

CVE-2024-9085 (code-projects Blood Bank System bbms.php cross site scripting)

CVE-2024-9086 (code-projects Restaurant Reservation System index.php sql injection)

CVE-2024-9087 (code-projects Restaurant Reservation System filter.php sql injection)

CVE-2024-9088 (code-projects Vehicle Management edit1.php sql injection)

CVE-2024-9089 (SourceCodester Telecom Billing Management System login buffer overflow)

CVE-2024-9090 (SourceCodester Modern Loan Management System update_loan_record.php cross site scripting)

CVE-2024-9091 (SourceCodester Modern Loan Management System search_member.php sql injection)

CVE-2024-9092 (code-projects Student Record System index.php sql injection)

CVE-2024-9093 (SourceCodester Profile Registration without Reload Refresh Registration Form add.php cross site scripting)

CVE-2024-9094 (SourceCodester Profile Registration without Reload Refresh GET Parameter del.php sql injection)

CVE-2024-9095 (code-projects Blood Bank System o-.php sql injection)

CVE-2024-9096 (Improper Authorization in lunary-ai/lunary)

CVE-2024-9097 (Improper Authorization in lunary-ai/lunary)

CVE-2024-9098 (IDOR)

CVE-2024-9099 (Privilege Escalation in lunary-ai/lunary)

CVE-2024-9100 (Exposure of Private API Keys in lunary-ai/lunary)

CVE-2024-9101 (Local File Inclusion)

CVE-2024-9102 (phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php)

CVE-2024-9104 (phpLDAPadmin: Improper Neutralization of Formula Elements)

CVE-2024-9105 (UltimateAI <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check)

CVE-2024-9106 (UltimateAI <= 2.8.3 - Authentication Bypass)

CVE-2024-9107 (Wechat Social login <= 1.3.0 - Authentication Bypass)

CVE-2024-9108 (Stored XSS in gaizhenbiao/chuanhuchatgpt)

CVE-2024-9109 (Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload)

CVE-2024-9110 (UPS Live Rates and Access Points <= 2.3.11 - Missing Authorization to Plugin API key reset)

CVE-2024-9111 (Cross-Site Scripting In Privileged Identity)

CVE-2024-9112 (Product Designer <= 1.0.35 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9113 (FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability)

CVE-2024-9114 (FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability)

CVE-2024-9115 (FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability)

CVE-2024-9116 (Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9117 (Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9118 (Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9119 (QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9120 (SVG Complete <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9121 (Clicca per dettagli)

CVE-2024-9122 (Clicca per dettagli)

CVE-2024-9123 (Clicca per dettagli)

CVE-2024-9124 (Clicca per dettagli)

CVE-2024-9125 (Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability)

CVE-2024-9127 (king_IE <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-9129 (Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter)

CVE-2024-9130 (Format String Injection in Zend Server)

CVE-2024-9131 (GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter)

CVE-2024-9132 (A user with administrator privileges can perform command injection)

CVE-2024-9133 (The administrator is able to configure an insecure captive portal script)

CVE-2024-9134 (A user with administrator privileges is able to retrieve authentication tokens)

CVE-2024-9135 (Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.)

CVE-2024-9136 (On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.)

CVE-2024-9137 (Clicca per dettagli)

CVE-2024-9138 (Moxa Service Missing Authentication for Critical Function)

CVE-2024-9139 (Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances)

CVE-2024-9140 (OS Command Injection in Restricted Command)

CVE-2024-9141 (Clicca per dettagli)

CVE-2024-9142 (Cross-Site Scripting (XSS) vulnerability in Oct8ne)

CVE-2024-9143 (Local File Inclusion (LFI) in Olgu Computer Systems’ e-Belediye)

CVE-2024-9145 (Low-level invalid GF(2^m) parameters lead to OOB memory access)

CVE-2024-9146 (Local command injection in Wiz Code Visual Studio Code extension)

CVE-2024-9147 (WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability)

CVE-2024-9148 (HTML Injection in Bna Informatics’ PosPratik)