The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-43609 - Microsoft Office Spoofing Vulnerability
Published: October 08, 2024; 2:15:29 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2024-43497 - DeepSpeed Remote Code Execution Vulnerability
Published: October 08, 2024; 2:15:11 PM -0400V3.1: 7.8 HIGH
-
CVE-2024-43480 - Azure Service Fabric for Linux Remote Code Execution Vulnerability
Published: October 08, 2024; 2:15:09 PM -0400V3.1: 6.6 MEDIUM
-
CVE-2024-48911 - OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for t... read CVE-2024-48911
Published: October 14, 2024; 5:15:12 PM -0400V3.1: 7.8 HIGH
-
CVE-2024-9687 - The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for a... read CVE-2024-9687
Published: October 14, 2024; 10:15:02 PM -0400V3.1: 8.8 HIGH
-
CVE-2024-6757 - The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated at... read CVE-2024-6757
Published: October 14, 2024; 10:15:02 PM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-43501 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published: October 08, 2024; 2:15:11 PM -0400V3.1: 7.8 HIGH
-
CVE-2024-30117 - A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
Published: October 14, 2024; 7:15:11 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-43500 - Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Published: October 08, 2024; 2:15:11 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-9953 - A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the p... read CVE-2024-9953
Published: October 14, 2024; 6:15:03 PM -0400V3.1: 4.9 MEDIUM
-
CVE-2024-43502 - Windows Kernel Elevation of Privilege Vulnerability
Published: October 08, 2024; 2:15:11 PM -0400V3.1: 7.1 HIGH
-
CVE-2024-45461 - The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-admini... read CVE-2024-45461
Published: October 16, 2024; 4:15:05 AM -0400V3.1: 6.3 MEDIUM
-
CVE-2024-9895 - The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping ... read CVE-2024-9895
Published: October 15, 2024; 5:15:03 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-9944 - The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthentica... read CVE-2024-9944
Published: October 15, 2024; 2:15:02 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-21535 - Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
Published: October 15, 2024; 1:15:11 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-9971 - The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
Published: October 15, 2024; 12:15:05 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-9970 - The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
Published: October 15, 2024; 12:15:04 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-9964 - Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Published: October 15, 2024; 5:15:12 PM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-45462 - The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to... read CVE-2024-45462
Published: October 16, 2024; 4:15:05 AM -0400V3.1: 7.1 HIGH
-
CVE-2024-45693 - Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenti... read CVE-2024-45693
Published: October 16, 2024; 4:15:06 AM -0400V3.1: 8.8 HIGH