The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-25894 | ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. | -- | Feb 22, 2024 |
| CVE-2024-25895 | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php | -- | Feb 22, 2024 |
| CVE-2024-25896 | ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. | -- | Feb 22, 2024 |
| CVE-2024-25897 | ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | -- | Feb 22, 2024 |
| CVE-2024-25898 | A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. | -- | Feb 22, 2024 |
| CVE-2024-25902 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. | -- | Feb 28, 2024 |
| CVE-2024-25903 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. | -- | Mar 17, 2024 |
| CVE-2024-25904 | Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. | -- | Feb 21, 2024 |
| CVE-2024-25905 | Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. | -- | Feb 21, 2024 |
| CVE-2024-25907 | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | -- | Apr 11, 2024 |
| CVE-2024-25908 | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | -- | Apr 11, 2024 |
| CVE-2024-25909 | Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | -- | Feb 26, 2024 |
| CVE-2024-25910 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | -- | Feb 28, 2024 |
| CVE-2024-25911 | Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2. | -- | Apr 16, 2024 |
| CVE-2024-25912 | Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | -- | Apr 11, 2024 |
| CVE-2024-25913 | Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | -- | Feb 26, 2024 |
| CVE-2024-25914 | Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. | -- | Feb 13, 2024 |
| CVE-2024-25915 | Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2. | -- | Feb 23, 2024 |
| CVE-2024-25916 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23. | -- | Mar 15, 2024 |
| CVE-2024-25917 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1. | -- | Apr 25, 2024 |
| CVE-2024-25918 | Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. | -- | Apr 3, 2024 |
| CVE-2024-25919 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6. | -- | Mar 15, 2024 |
| CVE-2024-25920 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. | -- | Mar 27, 2024 |
| CVE-2024-25921 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2. | -- | Mar 15, 2024 |
| CVE-2024-25922 | Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | -- | Apr 11, 2024 |
| CVE-2024-25923 | Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. | -- | Mar 28, 2024 |
| CVE-2024-25924 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3. | -- | Mar 28, 2024 |
| CVE-2024-25925 | Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. | -- | Feb 26, 2024 |
| CVE-2024-25926 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1. | -- | Mar 27, 2024 |
| CVE-2024-25927 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. | -- | Feb 28, 2024 |
| CVE-2024-25928 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. | -- | Feb 23, 2024 |
| CVE-2024-25930 | Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | -- | Feb 29, 2024 |
| CVE-2024-25931 | Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8. | -- | Feb 29, 2024 |
| CVE-2024-25932 | Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0. | -- | Feb 29, 2024 |
| CVE-2024-25933 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. | -- | Mar 17, 2024 |
| CVE-2024-25934 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0. | -- | Mar 15, 2024 |
| CVE-2024-25935 | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | -- | Apr 11, 2024 |
| CVE-2024-25936 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1. | -- | Mar 15, 2024 |
| CVE-2024-25937 | SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. | -- | Mar 21, 2024 |
| CVE-2024-25938 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | -- | Apr 30, 2024 |
| CVE-2024-25940 | `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader\'s access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. | -- | Feb 15, 2024 |
| CVE-2024-25941 | The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by pstat -t may be leaked. | -- | Feb 15, 2024 |
| CVE-2024-25942 | Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | -- | Mar 19, 2024 |
| CVE-2024-25944 | Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application. | -- | Apr 1, 2024 |
| CVE-2024-25946 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | -- | Mar 28, 2024 |
| CVE-2024-25951 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. | -- | Mar 11, 2024 |
| CVE-2024-25952 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | -- | Mar 28, 2024 |
| CVE-2024-25953 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | -- | Mar 28, 2024 |
| CVE-2024-25954 | Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | -- | Mar 28, 2024 |
| CVE-2024-25955 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | -- | Mar 28, 2024 |
