The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-34050 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0]) in reader.go. | -- | Apr 30, 2024 |
| CVE-2024-34049 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in return plmnIdString[0:3], plmnIdString[3:] in reader.go. | -- | Apr 30, 2024 |
| CVE-2024-34048 | O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | -- | Apr 30, 2024 |
| CVE-2024-34047 | O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | -- | Apr 30, 2024 |
| CVE-2024-34046 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). | -- | Apr 30, 2024 |
| CVE-2024-34045 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). | -- | Apr 30, 2024 |
| CVE-2024-34044 | The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. | -- | Apr 30, 2024 |
| CVE-2024-34043 | O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | -- | Apr 30, 2024 |
| CVE-2024-34020 | A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. | -- | Apr 29, 2024 |
| CVE-2024-34011 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | -- | Apr 29, 2024 |
| CVE-2024-34010 | Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | -- | Apr 29, 2024 |
| CVE-2024-33905 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. | -- | Apr 29, 2024 |
| CVE-2024-33904 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. | -- | Apr 29, 2024 |
| CVE-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. | -- | Apr 29, 2024 |
| CVE-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. | -- | Apr 29, 2024 |
| CVE-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute. | -- | Apr 29, 2024 |
| CVE-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | -- | Apr 29, 2024 |
| CVE-2024-33851 | phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.) | -- | Apr 29, 2024 |
| CVE-2024-33697 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rimes Gold CF7 File Download – File Download for CF7 allows Stored XSS.This issue affects CF7 File Download – File Download for CF7: from n/a through 2.0. | -- | Apr 26, 2024 |
| CVE-2024-33696 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0. | -- | Apr 26, 2024 |
| CVE-2024-33695 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. | -- | Apr 26, 2024 |
| CVE-2024-33694 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5. | -- | Apr 26, 2024 |
| CVE-2024-33693 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4. | -- | Apr 26, 2024 |
| CVE-2024-33692 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3. | -- | Apr 26, 2024 |
| CVE-2024-33691 | Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. | -- | Apr 26, 2024 |
| CVE-2024-33690 | Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. | -- | Apr 26, 2024 |
| CVE-2024-33689 | Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7. | -- | Apr 26, 2024 |
| CVE-2024-33688 | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | -- | Apr 26, 2024 |
| CVE-2024-33686 | Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7. | -- | Apr 29, 2024 |
| CVE-2024-33684 | Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0. | -- | Apr 29, 2024 |
| CVE-2024-33683 | Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. | -- | Apr 26, 2024 |
| CVE-2024-33682 | Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | -- | Apr 26, 2024 |
| CVE-2024-33681 | Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3. | -- | Apr 29, 2024 |
| CVE-2024-33680 | Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | -- | Apr 26, 2024 |
| CVE-2024-33679 | Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. | -- | Apr 26, 2024 |
| CVE-2024-33678 | Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4. | -- | Apr 26, 2024 |
| CVE-2024-33677 | Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. | -- | Apr 26, 2024 |
| CVE-2024-33673 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | -- | Apr 26, 2024 |
| CVE-2024-33672 | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | -- | Apr 26, 2024 |
| CVE-2024-33671 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | -- | Apr 26, 2024 |
| CVE-2024-33670 | Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. | -- | Apr 26, 2024 |
| CVE-2024-33669 | An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt\'s HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. | -- | Apr 26, 2024 |
| CVE-2024-33668 | An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. | -- | Apr 26, 2024 |
| CVE-2024-33667 | An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist. | -- | Apr 26, 2024 |
| CVE-2024-33666 | An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents. | -- | Apr 26, 2024 |
| CVE-2024-33665 | angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks. | -- | Apr 26, 2024 |
| CVE-2024-33664 | python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a JWT bomb. This is similar to CVE-2024-21319. | -- | Apr 26, 2024 |
| CVE-2024-33663 | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | -- | Apr 26, 2024 |
| CVE-2024-33661 | Portainer before 2.20.0 allows redirects when the target is not index.yaml. | -- | Apr 26, 2024 |
| CVE-2024-33652 | Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. | -- | Apr 29, 2024 |
