The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-31025 | SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component. | -- | Apr 4, 2024 |
| CVE-2024-31031 | An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. | -- | Apr 17, 2024 |
| CVE-2024-31032 | An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | -- | Apr 1, 2024 |
| CVE-2024-31033 | JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the ignores behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date. | -- | Apr 1, 2024 |
| CVE-2024-31036 | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | -- | Apr 23, 2024 |
| CVE-2024-31040 | Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. | -- | Apr 17, 2024 |
| CVE-2024-31041 | Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. | -- | Apr 17, 2024 |
| CVE-2024-31047 | An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. | -- | Apr 9, 2024 |
| CVE-2024-31061 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. | -- | Mar 28, 2024 |
| CVE-2024-31062 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | -- | Mar 28, 2024 |
| CVE-2024-31063 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. | -- | Mar 28, 2024 |
| CVE-2024-31064 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. | -- | Mar 28, 2024 |
| CVE-2024-31065 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | -- | Mar 28, 2024 |
| CVE-2024-31069 | IO-1020 Micro ELD web server uses a default password for authentication. | -- | Apr 15, 2024 |
| CVE-2024-31077 | Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition. | -- | Apr 23, 2024 |
| CVE-2024-31080 | A heap-based buffer over-read vulnerability was found in the X.org server\'s ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\'s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | -- | Apr 4, 2024 |
| CVE-2024-31081 | A heap-based buffer over-read vulnerability was found in the X.org server\'s ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\'s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | -- | Apr 4, 2024 |
| CVE-2024-31082 | A heap-based buffer over-read vulnerability was found in the X.org server\'s ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\'s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | -- | Apr 4, 2024 |
| CVE-2024-31083 | A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. | -- | Apr 5, 2024 |
| CVE-2024-31084 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19. | -- | Apr 1, 2024 |
| CVE-2024-31085 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1. | -- | Apr 1, 2024 |
| CVE-2024-31086 | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0. | -- | Apr 15, 2024 |
| CVE-2024-31087 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joel Starnes pageMash > Page Management allows Reflected XSS.This issue affects pageMash > Page Management: from n/a through 1.3.0. | -- | Apr 1, 2024 |
| CVE-2024-31089 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through 2.4.0. | -- | Apr 1, 2024 |
| CVE-2024-31090 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ???? Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6. | -- | Apr 1, 2024 |
| CVE-2024-31091 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1. | -- | Apr 1, 2024 |
| CVE-2024-31092 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15. | -- | Apr 1, 2024 |
| CVE-2024-31093 | Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting (XSS).This issue affects Broken Images: from n/a through 0.2. | -- | Apr 15, 2024 |
| CVE-2024-31094 | Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | -- | Apr 1, 2024 |
| CVE-2024-31095 | Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0. | -- | Apr 1, 2024 |
| CVE-2024-31096 | Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. | -- | Apr 1, 2024 |
| CVE-2024-31097 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through 3.5.9. | -- | Apr 1, 2024 |
| CVE-2024-31099 | Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.5. | -- | Apr 1, 2024 |
| CVE-2024-31100 | Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Cart Lite for WooCommerce.This issue affects Popup Cart Lite for WooCommerce: from n/a through 1.1. | -- | Apr 1, 2024 |
| CVE-2024-31101 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through 2.4. | -- | Apr 1, 2024 |
| CVE-2024-31102 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scimone Ignazio Prenotazioni allows Stored XSS.This issue affects Prenotazioni: from n/a through 1.7.4. | -- | Apr 1, 2024 |
| CVE-2024-31103 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | -- | Apr 1, 2024 |
| CVE-2024-31104 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33. | -- | Apr 1, 2024 |
| CVE-2024-31105 | Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5. | -- | Apr 2, 2024 |
| CVE-2024-31106 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Yooslider Yoo Slider allows Reflected XSS.This issue affects Yoo Slider: from n/a through 2.1.1. | -- | Apr 1, 2024 |
| CVE-2024-31107 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1. | -- | Apr 1, 2024 |
| CVE-2024-31108 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2. | -- | Apr 1, 2024 |
| CVE-2024-31109 | Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0. | -- | Apr 2, 2024 |
| CVE-2024-31110 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2. | -- | Apr 1, 2024 |
| CVE-2024-31112 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4. | -- | Apr 1, 2024 |
| CVE-2024-31114 | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | -- | Apr 1, 2024 |
| CVE-2024-31115 | Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9. | -- | Apr 1, 2024 |
| CVE-2024-31116 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74. | -- | Apr 1, 2024 |
| CVE-2024-31117 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36. | -- | Apr 1, 2024 |
| CVE-2024-31120 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | -- | Apr 1, 2024 |
