The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-28627 | An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. | -- | Apr 23, 2024 |
| CVE-2024-28635 | Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | -- | Mar 21, 2024 |
| CVE-2024-28639 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. | -- | Mar 17, 2024 |
| CVE-2024-28640 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. | -- | Mar 17, 2024 |
| CVE-2024-28661 | -- | Apr 7, 2024 | |
| CVE-2024-28662 | A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. | -- | Mar 14, 2024 |
| CVE-2024-28665 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php | -- | Mar 13, 2024 |
| CVE-2024-28666 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php | -- | Mar 13, 2024 |
| CVE-2024-28667 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php | -- | Mar 13, 2024 |
| CVE-2024-28668 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php | -- | Mar 13, 2024 |
| CVE-2024-28669 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. | -- | Mar 13, 2024 |
| CVE-2024-28670 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. | -- | Mar 13, 2024 |
| CVE-2024-28671 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. | -- | Mar 13, 2024 |
| CVE-2024-28672 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. | -- | Mar 13, 2024 |
| CVE-2024-28673 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. | -- | Mar 13, 2024 |
| CVE-2024-28675 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php | -- | Mar 13, 2024 |
| CVE-2024-28676 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. | -- | Mar 13, 2024 |
| CVE-2024-28677 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. | -- | Mar 13, 2024 |
| CVE-2024-28678 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php | -- | Mar 13, 2024 |
| CVE-2024-28679 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | -- | Mar 13, 2024 |
| CVE-2024-28680 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | -- | Mar 13, 2024 |
| CVE-2024-28681 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. | -- | Mar 13, 2024 |
| CVE-2024-28682 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. | -- | Mar 13, 2024 |
| CVE-2024-28683 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | -- | Mar 13, 2024 |
| CVE-2024-28684 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php | -- | Mar 13, 2024 |
| CVE-2024-28699 | A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. | -- | Apr 22, 2024 |
| CVE-2024-28713 | An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. | -- | Mar 28, 2024 |
| CVE-2024-28714 | SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. | -- | Mar 28, 2024 |
| CVE-2024-28715 | Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. | -- | Mar 20, 2024 |
| CVE-2024-28716 | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. | -- | Apr 30, 2024 |
| CVE-2024-28717 | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. | -- | Apr 22, 2024 |
| CVE-2024-28718 | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | -- | Apr 15, 2024 |
| CVE-2024-28722 | Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint | -- | Apr 22, 2024 |
| CVE-2024-28725 | Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. | -- | May 7, 2024 |
| CVE-2024-28732 | An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | -- | Apr 8, 2024 |
| CVE-2024-28734 | Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. | -- | Mar 19, 2024 |
| CVE-2024-28735 | Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request. | -- | Mar 20, 2024 |
| CVE-2024-28741 | Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. | -- | Apr 8, 2024 |
| CVE-2024-28744 | The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration. | -- | Apr 8, 2024 |
| CVE-2024-28745 | Improper export of Android application components issue exists in \'ABEMA\' App for Android prior to 10.65.0 allowing another app installed on the user\'s device to access an arbitrary URL on \'ABEMA\' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. | -- | Mar 18, 2024 |
| CVE-2024-28746 | Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability | -- | Mar 14, 2024 |
| CVE-2024-28752 | A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. | -- | Mar 15, 2024 |
| CVE-2024-28753 | RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. | -- | Mar 11, 2024 |
| CVE-2024-28754 | RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. | -- | Mar 11, 2024 |
| CVE-2024-28755 | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. | -- | Apr 3, 2024 |
| CVE-2024-28756 | The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. | -- | Mar 21, 2024 |
| CVE-2024-28757 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | LOW | Mar 11, 2024 |
| CVE-2024-28759 | A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. | MEDIUM | May 14, 2024 |
| CVE-2024-28760 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. | -- | May 14, 2024 |
| CVE-2024-28761 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\'s Web browser within the security context of the hosting site. IBM X-Force ID: 285245. | -- | May 14, 2024 |
