The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-34462 | Alinto SOGo through 5.10.0 allows XSS during attachment preview. | -- | May 4, 2024 |
| CVE-2024-34461 | Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator. | -- | May 4, 2024 |
| CVE-2024-34460 | The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.) | -- | May 4, 2024 |
| CVE-2024-34459 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. | -- | May 14, 2024 |
| CVE-2024-34455 | Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2. | -- | May 3, 2024 |
| CVE-2024-34453 | TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). | -- | May 3, 2024 |
| CVE-2024-34449 | Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true. | -- | May 3, 2024 |
| CVE-2024-34447 | An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning. | -- | May 3, 2024 |
| CVE-2024-34446 | Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers. | -- | May 3, 2024 |
| CVE-2024-34445 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8. | -- | May 14, 2024 |
| CVE-2024-34441 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2. | -- | May 14, 2024 |
| CVE-2024-34440 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63. | -- | May 14, 2024 |
| CVE-2024-34439 | Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4. | -- | May 14, 2024 |
| CVE-2024-34437 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24. | -- | May 14, 2024 |
| CVE-2024-34436 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8. | -- | May 14, 2024 |
| CVE-2024-34433 | Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0. | -- | May 14, 2024 |
| CVE-2024-34432 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4. | -- | May 14, 2024 |
| CVE-2024-34431 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP-etracker WP etracker allows Reflected XSS.This issue affects WP etracker: from n/a through 1.0.2. | -- | May 14, 2024 |
| CVE-2024-34430 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rashed Latif TT Custom Post Type Creator allows Stored XSS.This issue affects TT Custom Post Type Creator: from n/a through 1.0. | -- | May 14, 2024 |
| CVE-2024-34429 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data allows Stored XSS.This issue affects Corona Virus (COVID-19) Banner & Live Data: from n/a through 1.8.0.2. | -- | May 14, 2024 |
| CVE-2024-34428 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Harknell AWSOM News Announcement allows Stored XSS.This issue affects AWSOM News Announcement: from n/a through 1.6.0. | -- | May 14, 2024 |
| CVE-2024-34427 | Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8. | -- | May 14, 2024 |
| CVE-2024-34426 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5. | -- | May 14, 2024 |
| CVE-2024-34425 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Phil Baylog QuickieBar allows Stored XSS.This issue affects QuickieBar: from n/a through 1.8.4. | -- | May 14, 2024 |
| CVE-2024-34424 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0. | -- | May 14, 2024 |
| CVE-2024-34423 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a through 1.4. | -- | May 14, 2024 |
| CVE-2024-34422 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in trinhtuantai Viet Affiliate Link allows Stored XSS.This issue affects Viet Affiliate Link: from n/a through 1.2. | -- | May 14, 2024 |
| CVE-2024-34421 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wpsurface BlogLentor allows Stored XSS.This issue affects BlogLentor: from n/a through 1.0.8. | -- | May 14, 2024 |
| CVE-2024-34420 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n/a through 1.6.3. | -- | May 14, 2024 |
| CVE-2024-34419 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0. | -- | May 14, 2024 |
| CVE-2024-34418 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a through 1.1. | -- | May 14, 2024 |
| CVE-2024-34417 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.This issue affects Viet Nam Affiliate: from n/a through 1.0.0. | -- | May 14, 2024 |
| CVE-2024-34416 | Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | -- | May 14, 2024 |
| CVE-2024-34415 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8. | -- | May 14, 2024 |
| CVE-2024-34414 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Nobita allows Stored XSS.This issue affects raindrops: from n/a through 1.600. | -- | May 8, 2024 |
| CVE-2024-34413 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10. | -- | May 7, 2024 |
| CVE-2024-34412 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | -- | May 6, 2024 |
| CVE-2024-34411 | Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. | -- | May 14, 2024 |
| CVE-2024-34408 | Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. | -- | May 3, 2024 |
| CVE-2024-34404 | A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode (which could cause premature deletion). | -- | May 3, 2024 |
| CVE-2024-34403 | An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. | -- | May 3, 2024 |
| CVE-2024-34402 | An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. | -- | May 3, 2024 |
| CVE-2024-34401 | Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | -- | May 3, 2024 |
| CVE-2024-34397 | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | -- | May 7, 2024 |
| CVE-2024-34394 | libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. | -- | May 3, 2024 |
| CVE-2024-34393 | libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). | -- | May 3, 2024 |
| CVE-2024-34392 | libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. | -- | May 3, 2024 |
| CVE-2024-34391 | libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). | -- | May 3, 2024 |
| CVE-2024-34390 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8. | -- | May 6, 2024 |
| CVE-2024-34389 | Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. | -- | May 6, 2024 |
