The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-32341 | Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | -- | Apr 18, 2024 |
| CVE-2024-32340 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module. | -- | Apr 18, 2024 |
| CVE-2024-32339 | Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | -- | Apr 18, 2024 |
| CVE-2024-32338 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. | -- | Apr 18, 2024 |
| CVE-2024-32337 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | -- | Apr 18, 2024 |
| CVE-2024-32335 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. | -- | Apr 18, 2024 |
| CVE-2024-32334 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | -- | Apr 18, 2024 |
| CVE-2024-32333 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | -- | Apr 18, 2024 |
| CVE-2024-32332 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | -- | Apr 18, 2024 |
| CVE-2024-32327 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | -- | Apr 18, 2024 |
| CVE-2024-32326 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | -- | Apr 18, 2024 |
| CVE-2024-32325 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | -- | Apr 18, 2024 |
| CVE-2024-32320 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. | -- | Apr 17, 2024 |
| CVE-2024-32318 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. | -- | Apr 17, 2024 |
| CVE-2024-32317 | Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32316 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. | -- | Apr 17, 2024 |
| CVE-2024-32315 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32314 | Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32313 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32312 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32311 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32310 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32307 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32306 | Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32305 | Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32303 | Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32302 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32301 | Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32299 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32293 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. | -- | Apr 17, 2024 |
| CVE-2024-32292 | Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32291 | Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. | -- | Apr 17, 2024 |
| CVE-2024-32290 | Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. | -- | Apr 17, 2024 |
| CVE-2024-32288 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. | -- | Apr 17, 2024 |
| CVE-2024-32287 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. | -- | Apr 17, 2024 |
| CVE-2024-32286 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. | -- | Apr 17, 2024 |
| CVE-2024-32285 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. | -- | Apr 17, 2024 |
| CVE-2024-32283 | Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32282 | Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32281 | Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32256 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. | -- | Apr 16, 2024 |
| CVE-2024-32254 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image. | -- | Apr 16, 2024 |
| CVE-2024-32163 | CMSeasy 7.7.7.9 is vulnerable to code execution. | -- | Apr 17, 2024 |
| CVE-2024-32162 | CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. | -- | Apr 17, 2024 |
| CVE-2024-32161 | jizhiCMS 2.5 suffers from a File upload vulnerability. | -- | Apr 17, 2024 |
| CVE-2024-32149 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5. | -- | Apr 15, 2024 |
| CVE-2024-32147 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23. | -- | Apr 15, 2024 |
| CVE-2024-32145 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0. | -- | Apr 15, 2024 |
| CVE-2024-32142 | Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0. | -- | Apr 18, 2024 |
| CVE-2024-32141 | Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | -- | Apr 15, 2024 |
