CVE-2024-32xxx

There are 743 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-32000 Truncated content of messages can be leaked from matrix-appservice-irc
CVE-2024-32001 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
S
CVE-2024-32003 Dusk plugin may allow unfettered user authentication in misconfigured installs
CVE-2024-32004 Git vulnerable to Remote Code Execution while cloning special-crafted local repositories
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
CVE-2024-32006 A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The a...
CVE-2024-32007 Apache CXF Denial of Service vulnerability in JOSE
CVE-2024-32017 Buffer overflows in RIOT
CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT
CVE-2024-32019 ndsudo: local privilege escalation via untrusted search path
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
CVE-2024-32021 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory
CVE-2024-32022 Kohya_ss is vulnerable to a command injection in basic_caption_gui.py (GHSL-2024-019)
CVE-2024-32023 Kohya_ss vulnerable to path injection in `common_gui.py` `find_and_replace` function (`GHSL-2024-024`)
CVE-2024-32024 Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023`)
CVE-2024-32025 Kohya_ss is vulnerable to a command injection in `group_images_gui.py` (`GHSL-2024-021`)
CVE-2024-32026 Kohya_ss is vulnerable to a command injection in `git_caption_gui.py` (`GHSL-2024-020`)
CVE-2024-32027 Kohya_ss is vulnerable to a command injection in `finetune_gui.py` (`GHSL-2024-022`)
CVE-2024-32028 Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
CVE-2024-32029 Rejected reason: This CVE is a duplicate of another CVE....
R
CVE-2024-32030 Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI
CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log
S
CVE-2024-32035 Memory Allocation with Excessive Size Value in SixLabors.ImageSharp
S
CVE-2024-32036 SixLabors.ImageSharp vulnerable to data leakage
S
CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers
CVE-2024-32038 Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-32039 FreeRDP Integer overflow & OutOfBound Write in clear_decompress_residual_data
M
CVE-2024-32040 FreeRDP vulnerable to integer underflow in nsc_rle_decode
M
CVE-2024-32041 FreeRDP OutOfBound Read in zgfx_decompress_segment
E
CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format
S
CVE-2024-32044 Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31...
CVE-2024-32045 Playbook run link to private channel grants channel access
S
CVE-2024-32046 Detailed error discloses full file path with dev mode off
S
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
S
CVE-2024-32048 Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before ...
CVE-2024-32049 BIG-IP Next Central Manager vulnerability
CVE-2024-32051 Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If th...
CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials
S
CVE-2024-32055 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32056 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32057 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32058 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32059 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32060 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32061 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32062 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32063 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32064 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32065 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32066 A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat...
CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
S
CVE-2024-32078 WordPress FV Player plugin <= 7.5.44.7212 - Unvalidated Redirects and Forwards vulnerability
S
CVE-2024-32079 WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32080 WordPress Search Keyword Redirect plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32081 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability
CVE-2024-32082 WordPress Sync Post With Other Site plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability
CVE-2024-32083 WordPress Easy Logo plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32084 WordPress Before And After plugin <= 3.9 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32085 WordPress Citadela Listing plugin < 5.20.0 - Cross-Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32086 WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability
CVE-2024-32087 WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability
CVE-2024-32088 WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32089 WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32090 WordPress Church Admin plugin <= 4.0.27 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32091 WordPress Sangar Slider plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32092 WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32093 WordPress Novelist plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32094 WordPress Church Content plugin <= 2.6 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32095 WordPress MultiParcels Shipping For WooCommerce plugin < 1.16.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32096 WordPress WP Synchro plugin <= 1.11.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32097 WordPress GEO my WordPress plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32098 WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability
CVE-2024-32099 WordPress WP Mail Catcher plugin <= 2.1.6 - Cross Site Request Forgery vulnerability
S
CVE-2024-32100 WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability
S
CVE-2024-32101 WordPress Email Marketing for WooCommerce plugin <= 1.14.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32102 WordPress Crony Cronjob Manager plugin <= 0.5.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32103 WordPress Siteimprove plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32104 WordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32105 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32106 WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32107 WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32108 WordPress Convert Post Types plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32109 WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
S
CVE-2024-32112 WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE
KEV S
CVE-2024-32114 Apache ActiveMQ: Jolokia and REST API were not secured with default configuration
CVE-2024-32115 A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4...
S
CVE-2024-32116 Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 thr...
S
CVE-2024-32117 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE...
S
CVE-2024-32118 Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') ...
S
CVE-2024-32122 A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows ...
S
CVE-2024-32123 Multiple improper neutralization of special elements used in an os command ('os command injection') ...
S
CVE-2024-32125 WordPress BA Book Everything plugin <= 1.6.4 - Auth. SQL Injection vulnerability
S
CVE-2024-32126 WordPress Navigation menu as dropdown Widget plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32127 WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability
CVE-2024-32128 WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Unauthenticated SQL Injection vulnerability
CVE-2024-32129 WordPress Freshdesk (official) plugin <= 2.3.6 - Open Redirection vulnerability
S
CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability
S
CVE-2024-32132 WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - SQL Injection vulnerability
CVE-2024-32133 WordPress EZ Form Calculator plugin <= 2.14.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability
CVE-2024-32135 WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability
CVE-2024-32136 WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability
S
CVE-2024-32137 WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability
CVE-2024-32138 WordPress Short URL plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32139 WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability
S
CVE-2024-32140 WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32141 WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32142 WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability
CVE-2024-32143 WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability
S
CVE-2024-32144 WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability
S
CVE-2024-32145 WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability
S
CVE-2024-32146 WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability
CVE-2024-32147 WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32148 WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability
S
CVE-2024-32149 WordPress Jobs for WordPress plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32151 User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwor...
CVE-2024-32152 A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specia...
E
CVE-2024-32161 jizhiCMS 2.5 suffers from a File upload vulnerability....
E
CVE-2024-32162 CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion....
E
CVE-2024-32163 CMSeasy 7.7.7.9 is vulnerable to code execution....
E
CVE-2024-32166 Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnera...
CVE-2024-32167 Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerab...
E
CVE-2024-32205 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ...
R
CVE-2024-32206 A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHI...
E
CVE-2024-32210 The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded p...
CVE-2024-32211 An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obta...
CVE-2024-32212 SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an at...
CVE-2024-32213 The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak pas...
CVE-2024-32228 FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc...
CVE-2024-32229 FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column....
CVE-2024-32230 FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvi...
E
CVE-2024-32231 Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter....
CVE-2024-32236 An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via th...
E
CVE-2024-32238 H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management s...
CVE-2024-32254 Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerou...
E
CVE-2024-32256 Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerou...
E
CVE-2024-32258 The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrit...
CVE-2024-32268 An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via ...
CVE-2024-32269 An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a cr...
CVE-2024-32281 Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand fu...
E
CVE-2024-32282 Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeComma...
CVE-2024-32283 Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via...
E
CVE-2024-32285 Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password paramete...
E
CVE-2024-32286 Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page para...
E
CVE-2024-32287 Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in ...
E
CVE-2024-32288 Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page para...
E
CVE-2024-32290 Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in...
E
CVE-2024-32291 Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in...
E
CVE-2024-32292 Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCo...
E
CVE-2024-32293 Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in...
E
CVE-2024-32299 Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromW...
E
CVE-2024-32301 Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the ...
E
CVE-2024-32302 Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the...
CVE-2024-32303 Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerabili...
CVE-2024-32305 Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in ...
CVE-2024-32306 Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parame...
E
CVE-2024-32307 Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter...
E
CVE-2024-32310 Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the...
E
CVE-2024-32311 Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the f...
E
CVE-2024-32312 Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of...
E
CVE-2024-32313 Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd param...
E
CVE-2024-32314 Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeComman...
E
CVE-2024-32315 Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in...
CVE-2024-32316 Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient fun...
E
CVE-2024-32317 Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the ad...
E
CVE-2024-32318 Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the...
E
CVE-2024-32320 Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in...
E
CVE-2024-32324 Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a l...
CVE-2024-32325 TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through th...
E
CVE-2024-32326 TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through th...
E
CVE-2024-32327 TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in P...
E
CVE-2024-32332 TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in W...
E
CVE-2024-32333 TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in M...
E
CVE-2024-32334 TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in I...
E
CVE-2024-32335 TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in A...
E
CVE-2024-32337 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32338 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32339 Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows at...
E
CVE-2024-32340 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32341 Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows atta...
E
CVE-2024-32342 A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to...
E
CVE-2024-32343 A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to...
E
CVE-2024-32344 A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers t...
E
CVE-2024-32345 A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers t...
E
CVE-2024-32349 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command ex...
E
CVE-2024-32350 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command ex...
E
CVE-2024-32351 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command ex...
E
CVE-2024-32352 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command ex...
E
CVE-2024-32353 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability ...
E
CVE-2024-32354 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability ...
E
CVE-2024-32355 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability ...
E
CVE-2024-32358 An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script t...
CVE-2024-32359 An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary...
CVE-2024-32368 Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0...
CVE-2024-32369 SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a r...
CVE-2024-32370 An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to o...
CVE-2024-32371 An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account...
CVE-2024-32391 Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execu...
E
CVE-2024-32392 Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary ...
E
CVE-2024-32394 An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-0...
CVE-2024-32399 Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote atta...
CVE-2024-32404 Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote...
CVE-2024-32405 Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to esc...
CVE-2024-32406 Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remot...
CVE-2024-32407 An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a ...
CVE-2024-32409 An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script....
CVE-2024-32418 An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.p...
E
CVE-2024-32428 WordPress MWW Disclaimer Buttons plugin <= 3.0.2 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32429 WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32430 WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32431 WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
S
CVE-2024-32432 WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability
CVE-2024-32433 WordPress BEAF plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32434 WordPress Order Delivery Date for WooCommerce plugin <= 3.20.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32435 WordPress AffiEasy plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32436 WordPress Gift Cards plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32437 WordPress eCommerce Product Catalog plugin <= 3.3.28 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32438 WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32439 WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32440 WordPress Asgaros Forum plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32441 WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32442 WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32443 WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32445 WordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32446 WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32447 WordPress AWP Classifieds plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32448 WordPress Ads.txt Admin plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-32449 WordPress RestroPress plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32450 WordPress WpTravelly plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32451 WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32452 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32453 WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32454 WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32455 WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability
S
CVE-2024-32456 WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32457 WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32458 FreeRDP Out-Of-Bounds Read in planar_skip_plane_rle
M
CVE-2024-32459 FreeRDP Out-Of-Bounds Read in ncrush_decompress
CVE-2024-32460 FreeRDP Out-Of-Bounds Read in interleaved_decompress
M
CVE-2024-32461 LibreNMS vulnerable to time-based SQL injection that leads to database extraction
E S
CVE-2024-32462 Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
CVE-2024-32463 phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `` tags
CVE-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML
S
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
CVE-2024-32467 Meteraphsere vulnerable to unauthorized viewing by workspace members
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator
CVE-2024-32469 Decidim has cross-site scripting (XSS) in the pagination
CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check
CVE-2024-32472 excalidraw vulnerable to a Stored XSS in excalidraw's web embed component
CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces
CVE-2024-32474 Sentry's superuser cleartext password leaked in logs
CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences
S
CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass
CVE-2024-32478 Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files
CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS
E S
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction
E S
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers
E S
CVE-2024-32482 Tillitis TKey Signer possible RAM disclosure vulnerability
CVE-2024-32483 Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenti...
CVE-2024-32484 An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankite...
E
CVE-2024-32485 Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an auth...
CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file, because ...
CVE-2024-32488 In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update c...
CVE-2024-32489 TCPDF before 6.7.4 mishandles calls that use HTML syntax....
S
CVE-2024-32491 An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 w...
CVE-2024-32492 An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer f...
CVE-2024-32493 An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logg...
CVE-2024-32498 An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29...
S
CVE-2024-32499 Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remo...
CVE-2024-32501 A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x ...
CVE-2024-32502 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, ...
CVE-2024-32503 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, ...
CVE-2024-32504 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, ...
CVE-2024-32505 WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32506 WordPress Radio Player plugin <= 2.0.73 - Sensitive Data Exposure vulnerability
S
CVE-2024-32507 WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability
S
CVE-2024-32508 WordPress DethemeKit For Elementor plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability
S
CVE-2024-32510 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32511 WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-32512 WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability
S
CVE-2024-32513 WordPress Product Feed PRO for WooCommerce plugin <= 13.3.1 - Sensitive Data Exposure vulnerability
S
CVE-2024-32514 WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability
CVE-2024-32515 WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability
CVE-2024-32516 WordPress Multi Currency For WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
S
CVE-2024-32517 WordPress Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin <= 1.4.12 - Broken Access Control vulnerability
S
CVE-2024-32518 WordPress PeproDev Ultimate Invoice plugin <= 2.0.0 - Broken Access Control vulnerability
CVE-2024-32519 WordPress GG Woo Feed for WooCommerce plugin <= 1.2.6 - Broken Access Control vulnerability
S
CVE-2024-32520 WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability
S
CVE-2024-32521 WordPress Zero Spam for WordPress plugin <= 5.5.6 - Bypass Spam Protection vulnerability
S
CVE-2024-32522 WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability
S
CVE-2024-32523 WordPress Mailster plugin <= 4.0.6 - Unauthenticated Local File Inclusion vulnerability
S
CVE-2024-32524 WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability
CVE-2024-32525 WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability
S
CVE-2024-32526 WordPress Easy Textillate plugin <= 2.02 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32527 WordPress Jotform Online Forms plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32528 WordPress WP Dynamic Keywords Injector plugin <= 2.3.18 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32529 WordPress Yoga Schedule Momoyoga plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32530 WordPress Simple Testimonials Showcase plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32531 WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32532 WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability
S
CVE-2024-32533 WordPress LH Add Media From Url plugin <= 1.22 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32534 WordPress Form Maker plugin <= 1.15.23 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32535 WordPress Access Category Password plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32536 WordPress WP TradingView plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32538 WordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerability
CVE-2024-32539 WordPress WP File Download Light plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32540 WordPress Fixed HTML Toolbar plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32541 WordPress WP-Cufon plugin <= 1.6.10 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32542 WordPress Bulk Block Converter plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32543 WordPress MJ Update History plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32544 WordPress Netgsm plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32545 WordPress Canva – Design beautiful blog graphics plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32546 WordPress Tax Rate Upload plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32548 WordPress What's New Generator plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32549 WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability
CVE-2024-32550 WordPress BMI Adult & Kid Calculator plugin <= 1.2.1 - CSRF to XSS vulnerability
S
CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability
CVE-2024-32552 WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32553 WordPress Superfly Menu plugin <= 5.0.25 - Auth. Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-32554 WordPress Knight Lab Timeline plugin <= 3.9.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32555 WordPress Easy Real Estate plugin <= 2.2.6 - Privilege Escalation vulnerability
CVE-2024-32556 WordPress HurryTimer plugin <=2.9.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32557 WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32558 WordPress eCommerce Product Catalog plugin <= 3.3.32 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32559 WordPress WP 404 Auto Redirect to Similar Post plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-32560 WordPress QR Code Composer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-32561 WordPress Tagembed plugin <= 4.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32562 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability
CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32564 WordPress Post Grid Blocks and WordPress News Plugin – PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32565 WordPress App Builder plugin <= 3.8.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32566 WordPress WP Club Manager plugin <= 2.2.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32567 WordPress DirectoryPress plugin <= 3.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32568 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32569 WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32570 WordPress Cornerstone plugin <= 0.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32571 WordPress WP Stripe Checkout plugin <= 1.2.2.41 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32572 WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32573 WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32574 WordPress WP Simple HTML Sitemap plugin <= 2.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32576 WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32577 WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32578 WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32579 WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32580 WordPress Master Slider plugin <= 3.9.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32581 WordPress Mortgage Calculators WP plugin <= 1.56 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32582 WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32583 WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32584 WordPress TeraWallet plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32585 WordPress Import Content in WordPress & WooCommerce with Excel plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32586 WordPress Gutenberg Block Editor Toolkit plugin <= 1.40.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32587 WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32588 WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32590 WordPress Kattene plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32591 WordPress Backend Designer plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32592 WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32593 WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.3.4.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32594 WordPress Attesa Extra plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32595 WordPress WP Helper Premium plugin < 4.6.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32596 WordPress DSGVO Youtube plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32597 WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32598 WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32599 WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability
S
CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability
S
CVE-2024-32601 WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability
S
CVE-2024-32602 WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability
S
CVE-2024-32603 WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability
S
CVE-2024-32604 WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-32605 HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called fro...
CVE-2024-32606 HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in...
CVE-2024-32607 HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the...
CVE-2024-32608 HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the i...
CVE-2024-32609 HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c....
CVE-2024-32610 HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruct...
CVE-2024-32611 HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c....
CVE-2024-32612 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLca...
CVE-2024-32613 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserial...
CVE-2024-32614 HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c....
CVE-2024-32615 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte i...
CVE-2024-32616 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5...
CVE-2024-32617 HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdu...
CVE-2024-32618 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnati...
CVE-2024-32619 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resul...
CVE-2024-32620 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint....
CVE-2024-32621 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called fro...
CVE-2024-32622 HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (ca...
CVE-2024-32623 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (call...
CVE-2024-32624 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref....
CVE-2024-32625 Uninitialized scalar field
CVE-2024-32631 Out-of-bounds read in telephony
CVE-2024-32632 Printf arg type mismatch in ATCMD
CVE-2024-32633 Unsigned compared against 0
CVE-2024-32634 Logically dead code
CVE-2024-32635 A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V...
CVE-2024-32636 A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V...
CVE-2024-32637 A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V...
CVE-2024-32638 Apache APISIX: Forward-Auth Request Smuggling
CVE-2024-32639 A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011)...
CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles
S
CVE-2024-32645 vyper performs incorrect topic logging in raw_log
CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations
CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint
CVE-2024-32648 vyper default functions don't respect nonreentrancy keys
S
CVE-2024-32649 vyper performs double eval of the argument of sqrt
CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution
CVE-2024-32652 @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed
CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
CVE-2024-32656 Ant Media Server vulnerable to local privilege escalation
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
CVE-2024-32658 FreeRDP ExtractRunLengthRegular* out of bound read
S
CVE-2024-32659 freerdp_image_copy out of bound read
S
CVE-2024-32660 FreeRDP zgfx_decompress out of memory vulnerability
S
CVE-2024-32661 FreeRDP rdp_write_logon_info_v1 NULL access
S
CVE-2024-32662 FreeRDP rdp_redirection_read_base64_wchar out of bound read
S
CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation
S
CVE-2024-32664 Suricata's base64 contains an out of bounds write
S
CVE-2024-32666 NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authent...
CVE-2024-32667 Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enabl...
CVE-2024-32668 bhyve(8) privileged guest escape via USB controller
CVE-2024-32669 Possible stack overflow due to a string encoding processing error
CVE-2024-32670 Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20...
CVE-2024-32671 Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Ov...
CVE-2024-32672 A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows r...
CVE-2024-32673 Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime e...
S
CVE-2024-32674 Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If thi...
CVE-2024-32675 WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability
S
CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability
S
CVE-2024-32677 WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability
S
CVE-2024-32678 WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability
S
CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability
S
CVE-2024-32680 WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
S
CVE-2024-32681 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
S
CVE-2024-32682 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
S
CVE-2024-32683 WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-32684 WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability
S
CVE-2024-32685 WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability
S
CVE-2024-32686 WordPress Backup Migration plugin <= 1.4.3 - Sensitive Data Exposure via Log vulnerability
S
CVE-2024-32687 WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability
S
CVE-2024-32688 WordPress MyRewards plugin <= 5.3.0 - Broken Access Control vulnerability
S
CVE-2024-32689 WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability
S
CVE-2024-32690 WordPress RSS Feed Widget plugin <= 2.9.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32691 WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability
S
CVE-2024-32692 WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability
S
CVE-2024-32693 WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32694 WordPress 3D FlipBook, PDF Viewer, PDF Embedder plugin <= 3.62 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32695 WordPress Language Switcher for Transposh plugin <= 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32696 WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32697 WordPress HelloAsso plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32698 WordPress Happy Addons for Elementor plugin <= 3.10.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32699 WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32700 WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability
S
CVE-2024-32701 WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability
S
CVE-2024-32702 WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32703 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability
S
CVE-2024-32704 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
S
CVE-2024-32705 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
S
CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Auth. SQL Injection vulnerability
S
CVE-2024-32707 WordPress Image Slider plugin <= 1.1.125 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32708 WordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerability
S
CVE-2024-32709 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability
S
CVE-2024-32710 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability
S
CVE-2024-32711 WordPress myCred plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32712 WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability
S
CVE-2024-32713 WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability
S
CVE-2024-32714 WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability
S
CVE-2024-32715 WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability
S
CVE-2024-32716 WordPress StreamWeasels Twitch Integration plugin <= 1.7.8 - API Sensitive Data Exposure vulnerability
S
CVE-2024-32717 WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability
S
CVE-2024-32718 WordPress The Pack Elementor addons plugin <= 2.0.8.2 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32719 WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability
S
CVE-2024-32720 WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability
S
CVE-2024-32721 WordPress Jeg Elementor Kit plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32722 WordPress Coupon & Discount Code Reveal Button plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32723 WordPress Advanced Floating Content plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32724 WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability
S
CVE-2024-32725 WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability
S
CVE-2024-32726 WordPress Frontend Dashboard plugin <= 2.2.2 - Sensitive Data Exposure on PII vulnerability
S
CVE-2024-32727 WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability
S
CVE-2024-32728 WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32730 Missing authorization check in SAP Enable Now Manager
CVE-2024-32731 Missing Authorization check in SAP My Travel Requests
CVE-2024-32732 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
CVE-2024-32735 CyberPower PowerPanel Enterprise Missing Authentication
CVE-2024-32736 CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32737 CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32738 CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32739 CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32740 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device co...
CVE-2024-32741 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device co...
CVE-2024-32742 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device co...
CVE-2024-32743 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32744 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32745 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32746 A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attack...
E
CVE-2024-32752 Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool
S
CVE-2024-32753 TYCO Illustra Pro Gen 4 - JQuery version
S
CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information
S
CVE-2024-32755 American Dynamics Illustra Essentials Gen 4 - Log Filter Input Validation
S
CVE-2024-32756 American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - Linux
S
CVE-2024-32757 American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak
S
CVE-2024-32758 exacqVision - Key exchanges
S
CVE-2024-32759 Johnson Controls Software House C●CURE 9000 installer password strength
S
CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability
CVE-2024-32761 BIG-IP TMM tenants on VELOS and rSeries vulnerability
CVE-2024-32762 QuLog Center
S
CVE-2024-32763 QTS, QuTS hero
S
CVE-2024-32764 myQNAPcloud Link
S
CVE-2024-32765 QTS, QuTS hero
S
CVE-2024-32766 QTS, QuTS hero, QuTScloud
S
CVE-2024-32767 Photo Station
S
CVE-2024-32768 Photo Station
S
CVE-2024-32769 Photo Station
S
CVE-2024-32770 Photo Station
S
CVE-2024-32771 QTS, QuTS hero
S
CVE-2024-32772 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-32773 WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32774 WordPress ProfileGrid plugin <= 5.8.2 - Group Members Limit Bypass vulnerability
S
CVE-2024-32775 WordPress Embed Google Photos album plugin <= 2.1.9 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32776 WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability
S
CVE-2024-32777 WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
S
CVE-2024-32778 WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability
S
CVE-2024-32779 WordPress Vision – Image Map Builder plugin <= 1.7.1 - Broken Access Control vulnerability
S
CVE-2024-32780 WordPress VikRentCar Car Rental Management System plugin <= 1.3.2 - Sensitive Data Exposure via Invoices vulnerability
S
CVE-2024-32781 WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability
S
CVE-2024-32782 WordPress HT Mega plugin <= 2.4.7 - Sensitive Data Exposure vulnerability
S
CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability
S
CVE-2024-32784 WordPress CookieHub plugin <= 1.1.0 - Broken Access Control vulnerability
S
CVE-2024-32785 WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability
S
CVE-2024-32786 WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability
S
CVE-2024-32787 WordPress Secure Copy Content Protection and Content Locking plugin <= 3.7.1 - Broken Access Control vulnerability
S
CVE-2024-32788 WordPress FG Joomla to Wordpress plugin <= 4.20.2 - Sensitive Data Exposure via Log File vulnerability
S
CVE-2024-32789 WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability
S
CVE-2024-32790 WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability
S
CVE-2024-32791 WordPress Premium Addons for Elementor plugin <= 4.10.25 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32792 WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability
S
CVE-2024-32793 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32794 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32795 WordPress WPCal.io <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32796 WordPress WP Fusion Lite <= 3.42.10 - Sensitive Data Exposure vulnerability
S
CVE-2024-32797 WordPress WP LinkedIn Auto Publish plugin <= 8.11 - Broken Access Control vulnerability
S
CVE-2024-32798 WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability
S
CVE-2024-32799 WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability
S
CVE-2024-32800 WordPress Popup – Popup More Popups plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32801 WordPress Widget Post Slider plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32802 WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability
S
CVE-2024-32803 WordPress SuperFaktura WooCommerce plugin <= 1.40.3 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32804 WordPress WP GoToWebinar plugin <= 14.46 - Broken Access Control vulnerability
S
CVE-2024-32805 WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability
S
CVE-2024-32806 WordPress Headline Analyzer plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32807 WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability
S
CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability
S
CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability
S
CVE-2024-32810 WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability
S
CVE-2024-32811 WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability
S
CVE-2024-32812 WordPress Podlove Podcast Publisher plugin <= 4.0.11 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32813 WordPress Integrate Google Drive plugin <= 1.3.9 - Broken Access Control vulnerability
S
CVE-2024-32814 WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability
S
CVE-2024-32815 WordPress All-in-one Like Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability
S
CVE-2024-32817 WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability
S
CVE-2024-32818 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Broken Access Control vulnerability
S
CVE-2024-32819 WordPress Culqi plugin <= 3.0.14 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability
S
CVE-2024-32821 WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability
S
CVE-2024-32822 WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability
S
CVE-2024-32823 WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-32824 WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability
S
CVE-2024-32825 WordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerability
S
CVE-2024-32826 WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability
S
CVE-2024-32827 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability
S
CVE-2024-32828 WordPress Table Rate Shipping Method for WooCommerce by Flexible Shipping plugin <= 4.24.15 - Broken Access Control vulnerability
S
CVE-2024-32829 WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability
S
CVE-2024-32830 WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability
S
CVE-2024-32831 WordPress Accessibility Widget plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32833 WordPress List Custom Taxonomy Widget plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32834 WordPress WooCommerce Shipping Label plugin <= 2.3.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32835 WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
S
CVE-2024-32836 WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Arbitrary File Upload vulnerability
S
CVE-2024-32838 Apache Fineract: SQL injection vulnerabilities in offices API endpoint
CVE-2024-32839 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S...
CVE-2024-32840 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re...
CVE-2024-32841 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S...
CVE-2024-32842 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re...
CVE-2024-32843 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re...
CVE-2024-32844 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S...
CVE-2024-32845 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re...
CVE-2024-32846 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re...
CVE-2024-32847 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S...
CVE-2024-32848 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re...
CVE-2024-32849 Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that coul...
CVE-2024-32850 Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBri...
CVE-2024-32852 Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographi...
CVE-2024-32853 Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privile...
CVE-2024-32854 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln...
CVE-2024-32855 Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed c...
CVE-2024-32856 Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel...
CVE-2024-32857 Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulner...
CVE-2024-32858 Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel...
CVE-2024-32859 Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel...
CVE-2024-32860 Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel...
CVE-2024-32861 Software House C•CURE - CouchDB executable protection
S
CVE-2024-32862 exacqVision CORS
S
CVE-2024-32863 exacqVison - CSRF issues with Web Service
S
CVE-2024-32864 exacqVison - HTTPS Session Establishment
S
CVE-2024-32865 exacqVison - TLS certificate validation
S
CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function
CVE-2024-32867 Suricata's defrag contains various issues leading to policy bypass
S
CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
CVE-2024-32869 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
CVE-2024-32870 iTop hub connector Information disclosure
CVE-2024-32871 Pimcore Vulnerable to Flooding Server with Thumbnail files
E S
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
CVE-2024-32873 evmos allows transferring unvested tokens after delegations
S
CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks
CVE-2024-32876 NewPipe has potential security vulnerability when importing settings
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
CVE-2024-32878 Use of Uninitialized Variable Vulnerability in llama.cpp
CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
CVE-2024-32882 Permission check bypass when editing a model with per-field restrictions in wagtail
CVE-2024-32883 MCUboot Injection attack of unprotected TLV values
CVE-2024-32884 gix-transport indirect code execution via malicious username
CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash
CVE-2024-32887 Reflected XSS in sidekiq
CVE-2024-32888 Amazon JDBC Driver for Redshift SQL Injection via line comment generation
CVE-2024-32890 Stored Cross-site Scripting in results JSON API in librespeed/speedtest
CVE-2024-32891 In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. Th...
CVE-2024-32892 In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. T...
CVE-2024-32893 In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper ca...
CVE-2024-32894 In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to...
CVE-2024-32895 In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds chec...
CVE-2024-32896 there is a possible way to bypass due to a logic error in the code. This could lead to local escala...
KEV
CVE-2024-32897 In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out...
CVE-2024-32898 In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bound...
CVE-2024-32899 In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected mem...
CVE-2024-32900 In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. Th...
CVE-2024-32901 In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bo...
CVE-2024-32902 Remote prevention of access to cellular service with no user interaction (for example, crashing the ...
CVE-2024-32903 In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to imp...
CVE-2024-32904 In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read...
CVE-2024-32905 In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incor...
CVE-2024-32906 In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to ...
CVE-2024-32907 In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. Th...
CVE-2024-32908 In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This...
CVE-2024-32909 In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. Th...
CVE-2024-32910 In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack dat...
CVE-2024-32911 There is a possible escalation of privilege due to improperly used crypto. This could lead to remote...
CVE-2024-32912 there is a possible persistent Denial of Service due to test/debugging code left in a production bui...
CVE-2024-32913 In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integ...
CVE-2024-32914 In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data....
CVE-2024-32915 In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds...
CVE-2024-32916 In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized...
CVE-2024-32917 In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a mis...
CVE-2024-32918 Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key ...
CVE-2024-32919 In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to typ...
CVE-2024-32920 In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds c...
CVE-2024-32921 In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due t...
CVE-2024-32922 In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memo...
CVE-2024-32923 there is a possible cellular denial of service due to a logic error in the code. This could lead to ...
CVE-2024-32924 In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a l...
CVE-2024-32925 In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missi...
CVE-2024-32926 there is a possible information disclosure due to side channel information disclosure. This could le...
CVE-2024-32927 In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. ...
CVE-2024-32928 The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest producti...
CVE-2024-32929 In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This coul...
CVE-2024-32930 In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitializ...
CVE-2024-32931 exacqVison - Token Disclosed in URL
S
CVE-2024-32932 American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface
S
CVE-2024-32936 media: ti: j721e-csi2rx: Fix races while restarting DMA
CVE-2024-32937 An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grands...
CVE-2024-32938 Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 m...
CVE-2024-32939 Email addresses of remote users visible in props regardless of server settings
S
CVE-2024-32940 Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenti...
CVE-2024-32941 NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authentic...
CVE-2024-32942 Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 m...
CVE-2024-32943 Westermo L210-F2G Lynx Improper Control of Interaction Frequency
M
CVE-2024-32944 Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product inst...
CVE-2024-32945 LaTeX post content manipulation via renderer state leak across contexts
S
CVE-2024-32946 A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive informat...
CVE-2024-32947 WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-32948 WordPress ARMember – Membership Plugin plugin <= 4.0.28 - Broken Access Control vulnerability
S
CVE-2024-32950 WordPress WP Media Category Management plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32951 WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability
S
CVE-2024-32952 WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32953 WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability
S
CVE-2024-32954 WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability
S
CVE-2024-32955 WordPress FV Flowplayer Video Player plugin <= 7.5.43.7212 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-32956 WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32957 WordPress Page Builder: Live Composer plugin <= 1.5.38 - Broken Access Control vulnerability
S
CVE-2024-32958 WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability
S
CVE-2024-32959 WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability
S
CVE-2024-32960 WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability
S
CVE-2024-32961 WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
CVE-2024-32963 Parameter Tampering vulnerability in Navidrome
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
CVE-2024-32965 ssrf vulnerability in lobe-chat
CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server
CVE-2024-32967 Zitadel exposes internal database user name and host information
S
CVE-2024-32969 vantage6 collaboration admins can extend their influence by expanding the collaboration
CVE-2024-32970 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
CVE-2024-32972 go-ethereum denial of service via malicious p2p message
CVE-2024-32973 Remote for TLS session may be trusted despite constraints in Pluto lang
CVE-2024-32974 Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
E
CVE-2024-32975 Envoy crashes in QuicheDataReader::PeekVarInt62Length()
E
CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input
E
CVE-2024-32977 OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
E S
CVE-2024-32978 Kaminari Insecure File Permissions Vulnerability
CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot
CVE-2024-32980 Spin contains a potential network sandbox escape for specifically configured Spin applications
CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework
CVE-2024-32982 Litestar and Starlite affected by Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-32983 Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities
CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
CVE-2024-32985 Stellar-core's Overlay - security fix for DDoS mitigation
CVE-2024-32986 Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox
CVE-2024-32987 Microsoft SharePoint Server Information Disclosure Vulnerability
S
CVE-2024-32988 'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6...
CVE-2024-32989 Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful explo...
CVE-2024-32990 Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploit...
CVE-2024-32991 Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation o...
CVE-2024-32992 Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of th...
CVE-2024-32993 Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vuln...
CVE-2024-32995 Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vuln...
CVE-2024-32996 Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vul...
CVE-2024-32997 Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vul...
CVE-2024-32998 NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulner...
CVE-2024-32999 Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerabili...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.