| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-33000 | Missing Authorization check in SAP Bank Account Management | | |
| CVE-2024-33001 | Denial of service (DOS) in SAP NetWeaver and ABAP platform | S | |
| CVE-2024-33002 | Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS) | | |
| CVE-2024-33003 | Information Disclosure Vulnerability in SAP Commerce Cloud | | |
| CVE-2024-33004 | Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) | | |
| CVE-2024-33005 | Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server | | |
| CVE-2024-33006 | File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | | |
| CVE-2024-33007 | Client-side script execution vulnerability in SAP UI5(PDFViewer) | | |
| CVE-2024-33008 | Memory Corruption vulnerability in SAP Replication Server | | |
| CVE-2024-33009 | SQL injection vulnerability in SAP Global Label Management (GLM) | | |
| CVE-2024-33010 | Use After Free in WLAN Host | S | |
| CVE-2024-33011 | Buffer Over-read in WLAN Host | | |
| CVE-2024-33012 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33013 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33014 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33015 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33016 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Storage | | |
| CVE-2024-33018 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33019 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33020 | Buffer Over-read in WLAN HOST | S | |
| CVE-2024-33021 | Use of Uninitialized Variable in Automotive GPU | S | |
| CVE-2024-33022 | Integer Overflow or Wraparound in Automotive GPU | S | |
| CVE-2024-33023 | Use After Free in Graphics Linux | S | |
| CVE-2024-33024 | Integer Overflow or Wraparound in WLAN Host | S | |
| CVE-2024-33025 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33026 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33027 | Improper Access Control in Graphics Linux | S | |
| CVE-2024-33028 | Use After Free in Automotive Telematics | S | |
| CVE-2024-33029 | Use After Free in DSP Services | S | |
| CVE-2024-33030 | Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Performance | S | |
| CVE-2024-33031 | Improper Input Validation in RIL | S | |
| CVE-2024-33032 | Improper Validation of Array Index in Camera_Linux | S | |
| CVE-2024-33033 | Use After Free in ComputerVision | S | |
| CVE-2024-33034 | Use After Free in Graphics Linux | S | |
| CVE-2024-33035 | Integer Overflow or Wraparound in Display | | |
| CVE-2024-33036 | Use of Out-of-range Pointer Offset in Camera Driver | S | |
| CVE-2024-33037 | Buffer Over-read in Neural Processing Unit | S | |
| CVE-2024-33038 | Untrusted Pointer Dereference in Computer Vision | S | |
| CVE-2024-33039 | Untrusted Pointer Dereference in Audio | S | |
| CVE-2024-33040 | Use After Free in Camera Driver | S | |
| CVE-2024-33041 | Use of Out-of-range Pointer Offset in Computer Vision | S | |
| CVE-2024-33042 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host | S | |
| CVE-2024-33043 | Buffer Over-read in FM Host | S | |
| CVE-2024-33044 | Improper Validation of Array Index in Hypervisor | | |
| CVE-2024-33045 | Return of Stack Variable Address in Buses | S | |
| CVE-2024-33047 | Buffer Over-read in Display | | |
| CVE-2024-33048 | Buffer Over-read in WLAN Host | S | |
| CVE-2024-33049 | Buffer Over-read in WLAN Host Communication | | |
| CVE-2024-33050 | Buffer Over-read in WLAN Host Communication | S | |
| CVE-2024-33051 | Buffer Over-read in WLAN Firmware | | |
| CVE-2024-33052 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host | S | |
| CVE-2024-33053 | Use After Free in Video | S | |
| CVE-2024-33054 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Computer Vision | S | |
| CVE-2024-33055 | Use After Free in Computer Vision | S | |
| CVE-2024-33056 | Buffer Over-read in MProc | | |
| CVE-2024-33057 | Buffer Over-read in WLAN Host Communication | S | |
| CVE-2024-33058 | Insufficient Granularity of Access Control in Core | | |
| CVE-2024-33059 | Use After Free in Computer Vision | S | |
| CVE-2024-33060 | Use After Free in DSP Service | S | |
| CVE-2024-33061 | Buffer Over-read in DSP Service | S | |
| CVE-2024-33063 | Integer Overflow or Wraparound in WLAN Host Communication | S | |
| CVE-2024-33064 | Buffer Over-read in WLAN Host Communication | | |
| CVE-2024-33065 | Improper Input Validation in Camera | | |
| CVE-2024-33066 | Improper Input Validation in WLAN Resource Manager | | |
| CVE-2024-33067 | Buffer Over-read in Audio | S | |
| CVE-2024-33068 | Use After Free in WLAN Host Communication | S | |
| CVE-2024-33069 | Use After Free in WLAN Host | | |
| CVE-2024-33070 | Buffer Over-read in WLAN Host Communication | | |
| CVE-2024-33071 | Buffer Over-read in WLAN Host Communication | | |
| CVE-2024-33073 | Buffer Over-read in WLAN Host Communication | | |
| CVE-2024-33078 | Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a o... | | |
| CVE-2024-33101 | A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.... | E | |
| CVE-2024-33102 | A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3... | E | |
| CVE-2024-33103 | An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows... | | |
| CVE-2024-33109 | Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allow... | | |
| CVE-2024-33110 | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php c... | | |
| CVE-2024-33111 | D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/j... | | |
| CVE-2024-33112 | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()f... | E | |
| CVE-2024-33113 | D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.... | | |
| CVE-2024-33117 | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList m... | | |
| CVE-2024-33118 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload ... | | |
| CVE-2024-33120 | Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath par... | | |
| CVE-2024-33121 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the se... | | |
| CVE-2024-33122 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the ... | | |
| CVE-2024-33124 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in ... | | |
| CVE-2024-33139 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33144 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33146 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33147 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33148 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33149 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33153 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33155 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33161 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33164 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter... | | |
| CVE-2024-33180 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via ... | E | |
| CVE-2024-33181 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via ... | E | |
| CVE-2024-33182 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via ... | E | |
| CVE-2024-33209 | FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScr... | E | |
| CVE-2024-33210 | A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability ... | | |
| CVE-2024-33211 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-33212 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-33213 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-33214 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-33215 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-33217 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability... | E | |
| CVE-2024-33218 | An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.3... | | |
| CVE-2024-33219 | An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 all... | E | |
| CVE-2024-33220 | An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows atta... | E | |
| CVE-2024-33221 | An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 all... | | |
| CVE-2024-33222 | An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows at... | | |
| CVE-2024-33223 | An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attac... | | |
| CVE-2024-33224 | An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.20... | | |
| CVE-2024-33225 | An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audi... | | |
| CVE-2024-33226 | An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allow... | | |
| CVE-2024-33227 | An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 allows attackers to escalate p... | | |
| CVE-2024-33228 | An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 ... | | |
| CVE-2024-33231 | Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute ar... | | |
| CVE-2024-33247 | Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-... | E | |
| CVE-2024-33250 | An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.... | | |
| CVE-2024-33253 | Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and be... | E | |
| CVE-2024-33255 | Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQU... | | |
| CVE-2024-33258 | Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_l... | | |
| CVE-2024-33259 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scan... | | |
| CVE-2024-33260 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component pars... | | |
| CVE-2024-33263 | QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *... | | |
| CVE-2024-33266 | SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attack... | | |
| CVE-2024-33267 | SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate ... | | |
| CVE-2024-33268 | SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitr... | | |
| CVE-2024-33269 | SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arb... | | |
| CVE-2024-33270 | An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker ... | | |
| CVE-2024-33271 | An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive informatio... | | |
| CVE-2024-33272 | SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker t... | | |
| CVE-2024-33273 | SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges... | | |
| CVE-2024-33274 | Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote att... | | |
| CVE-2024-33275 | SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker t... | | |
| CVE-2024-33276 | SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote ... | | |
| CVE-2024-33278 | Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allo... | | |
| CVE-2024-33292 | SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive i... | | |
| CVE-2024-33294 | An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execut... | | |
| CVE-2024-33297 | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitra... | E | |
| CVE-2024-33298 | Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to exec... | | |
| CVE-2024-33299 | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitra... | E | |
| CVE-2024-33300 | Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerab... | | |
| CVE-2024-33302 | SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Mid... | E | |
| CVE-2024-33303 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" un... | E | |
| CVE-2024-33304 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" und... | E | |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Mid... | E | |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Fir... | E | |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Las... | E | |
| CVE-2024-33308 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote att... | | |
| CVE-2024-33309 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote att... | | |
| CVE-2024-33326 | A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp ... | | |
| CVE-2024-33327 | A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisx... | | |
| CVE-2024-33328 | A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x a... | | |
| CVE-2024-33329 | A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authenticatio... | | |
| CVE-2024-33331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33891. Reason: This candidat... | R | |
| CVE-2024-33332 | An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafte... | | |
| CVE-2024-33335 | SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to ex... | | |
| CVE-2024-33338 | Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive ... | E | |
| CVE-2024-33339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-33342 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog... | E | |
| CVE-2024-33343 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of ... | E | |
| CVE-2024-33344 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware... | E | |
| CVE-2024-33345 | D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of ... | E | |
| CVE-2024-33350 | Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary co... | E | |
| CVE-2024-33365 | Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacke... | | |
| CVE-2024-33368 | An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code ... | | |
| CVE-2024-33369 | Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker t... | | |
| CVE-2024-33371 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrar... | E | |
| CVE-2024-33373 | An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity require... | | |
| CVE-2024-33374 | Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows at... | | |
| CVE-2024-33375 | LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's fir... | | |
| CVE-2024-33377 | LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator ... | | |
| CVE-2024-33382 | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful ... | E | |
| CVE-2024-33383 | Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain ... | | |
| CVE-2024-33386 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-33393 | An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary ... | | |
| CVE-2024-33394 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code vi... | | |
| CVE-2024-33396 | An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code v... | | |
| CVE-2024-33398 | There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets pe... | | |
| CVE-2024-33401 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary co... | E | |
| CVE-2024-33402 | A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based Schoo... | E | |
| CVE-2024-33403 | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Manage... | E | |
| CVE-2024-33404 | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Base... | E | |
| CVE-2024-33405 | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management Sys... | E | |
| CVE-2024-33406 | SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Bas... | E | |
| CVE-2024-33407 | SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-33408 | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Man... | E | |
| CVE-2024-33409 | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.... | E | |
| CVE-2024-33410 | SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School ... | E | |
| CVE-2024-33411 | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School... | E | |
| CVE-2024-33423 | Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to ... | E | |
| CVE-2024-33424 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers t... | E | |
| CVE-2024-33427 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-33428 | Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to exe... | | |
| CVE-2024-33429 | Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to e... | | |
| CVE-2024-33430 | An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to exe... | | |
| CVE-2024-33431 | An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a de... | | |
| CVE-2024-33433 | Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote a... | E | |
| CVE-2024-33434 | An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df... | | |
| CVE-2024-33435 | Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high... | | |
| CVE-2024-33436 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information du... | | |
| CVE-2024-33437 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information du... | | |
| CVE-2024-33438 | File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary... | E S | |
| CVE-2024-33439 | An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to... | | |
| CVE-2024-33442 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.p... | E | |
| CVE-2024-33443 | An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script t... | E | |
| CVE-2024-33444 | SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a ... | E | |
| CVE-2024-33445 | An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script... | | |
| CVE-2024-33449 | An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and e... | | |
| CVE-2024-33450 | SQL Injection in Finereport v.8.0 allows a remote attacker to obtain sensitive information... | | |
| CVE-2024-33452 | An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP... | | |
| CVE-2024-33453 | Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive informat... | | |
| CVE-2024-33454 | Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code vi... | | |
| CVE-2024-33465 | Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate priv... | | |
| CVE-2024-33469 | An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to exe... | | |
| CVE-2024-33470 | An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access t... | | |
| CVE-2024-33471 | An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SM... | | |
| CVE-2024-33485 | SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V... | | |
| CVE-2024-33489 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected app... | | |
| CVE-2024-33490 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected app... | | |
| CVE-2024-33491 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected app... | | |
| CVE-2024-33492 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected app... | | |
| CVE-2024-33493 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected app... | | |
| CVE-2024-33494 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33495 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33496 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33497 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33498 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33499 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33500 | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0)... | | |
| CVE-2024-33501 | Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabili... | S | |
| CVE-2024-33502 | An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiM... | S | |
| CVE-2024-33503 | A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through ... | S | |
| CVE-2024-33504 | A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiMana... | S | |
| CVE-2024-33505 | A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.... | S | |
| CVE-2024-33506 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManage... | S | |
| CVE-2024-33508 | An improper neutralization of special elements used in a command ('Command Injection') vulnerability... | S | |
| CVE-2024-33509 | An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all ... | S | |
| CVE-2024-33510 | An improper neutralization of special elements in output used by a downstream component ('Injection'... | S | |
| CVE-2024-33511 | There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could le... | | |
| CVE-2024-33512 | There is a buffer overflow vulnerability in the underlying Local User Authentication Database servic... | | |
| CVE-2024-33513 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed ... | | |
| CVE-2024-33514 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed ... | | |
| CVE-2024-33515 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed ... | | |
| CVE-2024-33516 | An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the... | | |
| CVE-2024-33517 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager servi... | | |
| CVE-2024-33518 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager servi... | | |
| CVE-2024-33519 | Authenticated Server-Side prototype pollution Leading to Information Disclosure | | |
| CVE-2024-33522 | Privilege escalation in Calico CNI install binary | E S | |
| CVE-2024-33525 | A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title o... | | |
| CVE-2024-33526 | A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role... | | |
| CVE-2024-33527 | A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" fe... | | |
| CVE-2024-33528 | A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 all... | | |
| CVE-2024-33529 | ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attacker... | | |
| CVE-2024-33530 | In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lob... | | |
| CVE-2024-33531 | cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by craftin... | | |
| CVE-2024-33533 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-... | | |
| CVE-2024-33535 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unaut... | | |
| CVE-2024-33536 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to ... | | |
| CVE-2024-33537 | WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33538 | WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-33539 | WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33540 | WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33541 | WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability | S | |
| CVE-2024-33542 | WordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2024-33543 | WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability | S | |
| CVE-2024-33544 | WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-33545 | WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability | | |
| CVE-2024-33546 | WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability | | |
| CVE-2024-33547 | WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability | | |
| CVE-2024-33548 | WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33549 | WordPress WZone plugin <= 14.0.10 - Privilege Escalation vulnerability | | |
| CVE-2024-33550 | WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability | | |
| CVE-2024-33551 | WordPress XStore Core plugin <= 5.3.5 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-33552 | WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability | S | |
| CVE-2024-33553 | WordPress XStore Core plugin <= 5.3.5 - Unauthenticated PHP Object Injection vulnerability | | |
| CVE-2024-33554 | WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33555 | WordPress XStore Core plugin <= 5.3.8 - Multiple Authenticated Broken Access Control vulnerability | S | |
| CVE-2024-33556 | WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability | S | |
| CVE-2024-33557 | WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability | S | |
| CVE-2024-33558 | WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability | | |
| CVE-2024-33559 | WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-33560 | WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability | S | |
| CVE-2024-33561 | WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2024-33562 | WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33563 | WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability | S | |
| CVE-2024-33564 | WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability | S | |
| CVE-2024-33565 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2024-33566 | WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability | S | |
| CVE-2024-33567 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Privilege Escalation vulnerability | S | |
| CVE-2024-33568 | WordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerability | S | |
| CVE-2024-33569 | WordPress Instant Images plugin <= 6.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability | S | |
| CVE-2024-33570 | WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability | S | |
| CVE-2024-33571 | WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33572 | WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability | S | |
| CVE-2024-33573 | WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33574 | WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33575 | WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-33576 | WordPress WPPizza plugin <= 3.18.10 - Broken Access Control vulnerability | S | |
| CVE-2024-33577 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat... | | |
| CVE-2024-33578 | A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute... | S | |
| CVE-2024-33579 | A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execu... | S | |
| CVE-2024-33580 | A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker t... | S | |
| CVE-2024-33581 | A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allo... | S | |
| CVE-2024-33582 | A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacke... | S | |
| CVE-2024-33583 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions <... | | |
| CVE-2024-33584 | WordPress Video Conferencing with Zoom plugin <= 4.4.4 - Open Redirection vulnerability | S | |
| CVE-2024-33585 | WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33586 | WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability | S | |
| CVE-2024-33587 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability | S | |
| CVE-2024-33588 | WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33589 | WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability | S | |
| CVE-2024-33590 | WordPress basepress plugin <= 2.16.1 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-33591 | WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability | S | |
| CVE-2024-33592 | WordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-33593 | WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability | S | |
| CVE-2024-33594 | WordPress Leaky Paywall plugin <= 4.20.8 - Price Manipulation vulnerability | S | |
| CVE-2024-33595 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability | S | |
| CVE-2024-33596 | WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability | S | |
| CVE-2024-33597 | WordPress SSU plugin <= 1.5.0 - Broken Access Control vulnerability | S | |
| CVE-2024-33598 | WordPress Annual Archive plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33599 | nscd: Stack-based buffer overflow in netgroup cache | | |
| CVE-2024-33600 | nscd: Null pointer crashes after notfound response | | |
| CVE-2024-33601 | nscd: netgroup cache may terminate daemon on memory allocation failure | | |
| CVE-2024-33602 | nscd: netgroup cache assumes NSS callback uses in-buffer strings | | |
| CVE-2024-33603 | The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, whi... | E | |
| CVE-2024-33604 | BIG-IP Configuration utility XSS vulnerability | | |
| CVE-2024-33605 | Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vuln... | | |
| CVE-2024-33606 | MicroDicom DICOM Viewer Improper Authorization in Handler for Custom URL Scheme | S | |
| CVE-2024-33608 | BIG-IP IPsec vulnerability | | |
| CVE-2024-33610 | "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlis... | | |
| CVE-2024-33611 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version... | | |
| CVE-2024-33612 | BIG-IP Next Central Manager vulnerability | | |
| CVE-2024-33615 | CyberPower PowerPanel business Relative Path Traversal | S | |
| CVE-2024-33616 | Admin authentication can be bypassed with some specific invalid credentials, which allows logging in... | | |
| CVE-2024-33617 | Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version... | | |
| CVE-2024-33619 | efi: libstub: only free priv.runtime_map when allocated | S | |
| CVE-2024-33620 | Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. I... | | |
| CVE-2024-33621 | ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound | | |
| CVE-2024-33622 | Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Sof... | | |
| CVE-2024-33623 | A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R... | E | |
| CVE-2024-33624 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version... | | |
| CVE-2024-33625 | CyberPower PowerPanel business Use of Hard-coded Password | S | |
| CVE-2024-33626 | The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthe... | | |
| CVE-2024-33627 | WordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-33628 | WordPress XforWooCommerce plugin <= 2.0.2 - Authenticated Local File Inclusion vulnerability | | |
| CVE-2024-33629 | WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.0.0 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-33630 | WordPress Piotnet Addons For Elementor plugin <= 2.4.26 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33631 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33632 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33633 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33634 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-33635 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability | | |
| CVE-2024-33636 | WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability | | |
| CVE-2024-33637 | WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability | | |
| CVE-2024-33638 | WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33639 | WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33640 | WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33641 | WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability | S | |
| CVE-2024-33642 | WordPress Advanced Post List plugin <= 0.5.6.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33643 | WordPress Advanced Most Recent Posts Mod plugin <= 1.6.5.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33644 | WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-33645 | WordPress Easy Set Favicon plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33646 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability | | |
| CVE-2024-33647 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene base... | | |
| CVE-2024-33648 | WordPress Recencio Book Reviews plugin <= 1.66.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33649 | WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33650 | WordPress Serious Slider plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33651 | WordPress MF Gig Calendar plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33652 | WordPress Client Dash plugin <= 2.2.1 - Broken Access Control vulnerability | | |
| CVE-2024-33653 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat... | | |
| CVE-2024-33654 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat... | | |
| CVE-2024-33655 | The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resou... | | |
| CVE-2024-33656 | Memory Leak in SmmComuptrace Module | | |
| CVE-2024-33657 | Smm Callout in SmmComputrace Module | | |
| CVE-2024-33658 | Buffer Overflow Vulnerability In OFBD | | |
| CVE-2024-33659 | BiosGuard Buffer Overflow and TOCTOU Vulnerability | | |
| CVE-2024-33660 | Potential Firmware update without integrity check | | |
| CVE-2024-33661 | Portainer before 2.20.0 allows redirects when the target is not index.yaml.... | S | |
| CVE-2024-33662 | Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.... | | |
| CVE-2024-33663 | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. Thi... | | |
| CVE-2024-33664 | python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) durin... | | |
| CVE-2024-33665 | angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directiv... | | |
| CVE-2024-33666 | An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have ac... | | |
| CVE-2024-33667 | An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial... | | |
| CVE-2024-33668 | An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially gue... | | |
| CVE-2024-33669 | An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to... | | |
| CVE-2024-33670 | Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content bein... | | |
| CVE-2024-33671 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplicat... | | |
| CVE-2024-33672 | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup... | | |
| CVE-2024-33673 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls a... | | |
| CVE-2024-33677 | WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33678 | WordPress ClickCease Click Fraud Protection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33679 | WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-33680 | WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-33681 | WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability | | |
| CVE-2024-33682 | WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-33683 | WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-33684 | WordPress Save as PDF plugin by Pdfcrowd plugin <= 3.2.0 - Broken Access Control to Stored XSS vulnerability | S | |
| CVE-2024-33686 | Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes | S | |
| CVE-2024-33687 | Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and N... | | |
| CVE-2024-33688 | WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-33689 | WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-33690 | WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-33691 | WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability | S | |
| CVE-2024-33692 | WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33693 | WordPress Meks Smart Social Widget plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33694 | WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33695 | WordPress Fan Page Widget by ThemeNcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33696 | WordPress WordPress Ad Widget plugin <= 2.20.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33697 | WordPress CF7 File Download plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33698 | A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Qualit... | | |
| CVE-2024-33699 | The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, ... | E | |
| CVE-2024-33700 | The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within ... | E | |
| CVE-2024-33748 | Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.1... | | |
| CVE-2024-33749 | DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.... | E | |
| CVE-2024-33752 | An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin... | | |
| CVE-2024-33753 | Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords o... | | |
| CVE-2024-33763 | lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cp... | E | |
| CVE-2024-33764 | lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.... | E | |
| CVE-2024-33766 | lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tile... | E | |
| CVE-2024-33767 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_soli... | E | |
| CVE-2024-33768 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_soli... | E | |
| CVE-2024-33771 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allo... | E | |
| CVE-2024-33772 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allow... | E | |
| CVE-2024-33773 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup a... | E | |
| CVE-2024-33774 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard... | E | |
| CVE-2024-33775 | An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate... | | |
| CVE-2024-33780 | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOu... | | |
| CVE-2024-33781 | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in... | | |
| CVE-2024-33782 | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::ex... | | |
| CVE-2024-33783 | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::Silent... | | |
| CVE-2024-33786 | An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allow... | | |
| CVE-2024-33787 | Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQ... | | |
| CVE-2024-33788 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode ... | | |
| CVE-2024-33789 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl pa... | | |
| CVE-2024-33791 | A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to exec... | | |
| CVE-2024-33792 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payloa... | | |
| CVE-2024-33793 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payloa... | | |
| CVE-2024-33799 | A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-33800 | A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Mana... | E | |
| CVE-2024-33801 | A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based Scho... | E | |
| CVE-2024-33802 | A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based Scho... | E | |
| CVE-2024-33803 | A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Manageme... | E | |
| CVE-2024-33804 | A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-33805 | A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Manag... | E | |
| CVE-2024-33806 | A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Managem... | E | |
| CVE-2024-33807 | A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based Sc... | E | |
| CVE-2024-33808 | A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Man... | E | |
| CVE-2024-33809 | PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to d... | | |
| CVE-2024-33818 | Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via... | | |
| CVE-2024-33819 | Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerabil... | | |
| CVE-2024-33820 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulner... | | |
| CVE-2024-33829 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-33830 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-33831 | A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of y... | | |
| CVE-2024-33832 | OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the compo... | | |
| CVE-2024-33835 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSaf... | E | |
| CVE-2024-33836 | In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a ... | | |
| CVE-2024-33844 | The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255),... | | |
| CVE-2024-33847 | f2fs: compress: don't allow unaligned truncation on released compress inode | | |
| CVE-2024-33848 | Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated use... | | |
| CVE-2024-33849 | ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.... | | |
| CVE-2024-33850 | Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see t... | | |
| CVE-2024-33851 | phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. ... | | |
| CVE-2024-33852 | A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.... | | |
| CVE-2024-33853 | A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.0... | | |
| CVE-2024-33854 | A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before ... | | |
| CVE-2024-33856 | An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of username... | | |
| CVE-2024-33857 | An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threa... | | |
| CVE-2024-33858 | An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while addin... | | |
| CVE-2024-33859 | An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped i... | | |
| CVE-2024-33860 | An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbit... | | |
| CVE-2024-33862 | A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.0... | | |
| CVE-2024-33863 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inc... | | |
| CVE-2024-33864 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template gene... | | |
| CVE-2024-33865 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/... | | |
| CVE-2024-33866 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XS... | | |
| CVE-2024-33867 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt.... | | |
| CVE-2024-33868 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.... | | |
| CVE-2024-33869 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution ... | | |
| CVE-2024-33870 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafte... | | |
| CVE-2024-33871 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitr... | S | |
| CVE-2024-33872 | Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could res... | | |
| CVE-2024-33873 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.... | | |
| CVE-2024-33874 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.... | | |
| CVE-2024-33875 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, r... | | |
| CVE-2024-33876 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.... | | |
| CVE-2024-33877 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.... | | |
| CVE-2024-33878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-33879 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Vi... | | |
| CVE-2024-33880 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It dis... | | |
| CVE-2024-33881 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Vi... | | |
| CVE-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollutio... | | |
| CVE-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API ... | E | |
| CVE-2024-33892 | Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmw... | E | |
| CVE-2024-33893 | Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable t... | E | |
| CVE-2024-33894 | Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmwa... | | |
| CVE-2024-33895 | Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key... | E | |
| CVE-2024-33896 | Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable t... | E | |
| CVE-2024-33897 | A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from ... | E | |
| CVE-2024-33898 | Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Contro... | | |
| CVE-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output,... | | |
| CVE-2024-33900 | KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext crede... | | |
| CVE-2024-33901 | Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some p... | | |
| CVE-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or ... | | |
| CVE-2024-33904 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a l... | | |
| CVE-2024-33905 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_o... | | |
| CVE-2024-33907 | WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability | S | |
| CVE-2024-33908 | WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability | | |
| CVE-2024-33910 | WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability | S | |
| CVE-2024-33911 | WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability | | |
| CVE-2024-33912 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability | S | |
| CVE-2024-33913 | WordPress Xserver Migrator plugin <= 1.6.1 - CSRF to Arbitrary File Upload vulnerability | | |
| CVE-2024-33914 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability | S | |
| CVE-2024-33915 | WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33916 | WordPress CPO Companion plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33917 | WordPress WTI Like Post plugin <= 1.4.6 - IP Restriction Bypass Vulnerability vulnerability | | |
| CVE-2024-33918 | WordPress AJAX Login and Registration modal popup + inline form plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33919 | WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33920 | WordPress Democracy Poll plugin <= 6.0.3 - Broken Access Control vulnerability | | |
| CVE-2024-33921 | WordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerability | S | |
| CVE-2024-33922 | WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-33923 | WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability | | |
| CVE-2024-33924 | WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33925 | WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability | | |
| CVE-2024-33926 | WordPress GWP-Histats plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33927 | WordPress Giphypress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33928 | WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33929 | WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability | S | |
| CVE-2024-33930 | WordPress Share This Image plugin <= 1.97 - Open Redirection vulnerability | | |
| CVE-2024-33931 | WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability | S | |
| CVE-2024-33932 | WordPress Login Logout Register Menu plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33933 | WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33934 | WordPress Mini Loops plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33935 | WordPress PB MailCrypt plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33936 | WordPress Print-O-Matic plugin <= 2.1.10 - Auth. Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33937 | WordPress Progressive WordPress (PWA) plugin <= 2.1.13 - Broken Access Control vulnerability | | |
| CVE-2024-33938 | WordPress Sliding Widgets plugin <= 1.5.0 - Broken Access Control to XSS vulnerability | | |
| CVE-2024-33939 | WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability | S | |
| CVE-2024-33940 | WordPress EventON plugin <= 2.2.14 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33941 | WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability | S | |
| CVE-2024-33942 | WordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerability | | |
| CVE-2024-33943 | WordPress Ultimate Under Construction plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33944 | WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability | S | |
| CVE-2024-33945 | WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33946 | WordPress WPify Woo Czech plugin <= 4.0.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33947 | WordPress RegistrationMagic plugin <= 5.3.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33948 | WordPress TweetScroll Widget plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33949 | WordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33950 | WordPress Archives Calendar Widget plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33951 | WordPress Perfect Pullquotes plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33952 | WordPress Unique theme <= 0.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33953 | WordPress Adventure Journal theme <= 1.7.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-33954 | WordPress Pliska theme <= 0.3.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33955 | WordPress Freesia Empire theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-33956 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability | S | |
| CVE-2024-33957 | SQL injection in Janobe E-Negosyo System | S | |
| CVE-2024-33958 | SQL injection in Janobe E-Negosyo System | S | |
| CVE-2024-33959 | SQL injection in Janobe products | S | |
| CVE-2024-33960 | SQL injection in Janobe products | S | |
| CVE-2024-33961 | SQL injection in Janobe products | S | |
| CVE-2024-33962 | SQL injection in Janobe products | S | |
| CVE-2024-33963 | SQL injection in Janobe products | S | |
| CVE-2024-33964 | SQL injection in Janobe products | S | |
| CVE-2024-33965 | SQL injection in Janobe products | S | |
| CVE-2024-33966 | SQL injection in Janobe products | S | |
| CVE-2024-33967 | SQL injection in Janobe products | S | |
| CVE-2024-33968 | SQL injection in Janobe products | S | |
| CVE-2024-33969 | SQL injection in Janobe products | S | |
| CVE-2024-33970 | SQL injection in Janobe products | S | |
| CVE-2024-33971 | SQL injection in Janobe products | S | |
| CVE-2024-33972 | SQL injection in Janobe products | S | |
| CVE-2024-33973 | SQL injection in Janobe products | S | |
| CVE-2024-33974 | SQL injection in Janobe products | S | |
| CVE-2024-33975 | Cross-site Scripting in Janobe E-Negosyo System | S | |
| CVE-2024-33976 | Cross-site Scripting in Janobe E-Negosyo System | S | |
| CVE-2024-33977 | Cross-site Scripting in Janobe E-Negosyo System | S | |
| CVE-2024-33978 | Cross-site Scripting in Janobe E-Negosyo System | S | |
| CVE-2024-33979 | Cross-site Scripting in Janobe products | S | |
| CVE-2024-33980 | Cross-site Scripting in Janobe products | S | |
| CVE-2024-33981 | Cross-site Scripting in Janobe products | S | |
| CVE-2024-33982 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33983 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33984 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33985 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33986 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33987 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33988 | Cross-Site Scripting (XSS) vulnerability in Janobe products | S | |
| CVE-2024-33989 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System | S | |
| CVE-2024-33990 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System | S | |
| CVE-2024-33991 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System | S | |
| CVE-2024-33992 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System | S | |
| CVE-2024-33993 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System | S | |
| CVE-2024-33994 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System | S | |
| CVE-2024-33996 | moodle: broken access control when setting calendar event type | | |
| CVE-2024-33997 | moodle: stored XSS risk when editing another user's equation in equation editor | | |
| CVE-2024-33998 | moodle: stored XSS via user's name on participants page when opening some options | | |
| CVE-2024-33999 | moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php | |