The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-34050 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0]) in reader.go. | -- | Apr 30, 2024 |
| CVE-2024-34049 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in return plmnIdString[0:3], plmnIdString[3:] in reader.go. | -- | Apr 30, 2024 |
| CVE-2024-34048 | O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | -- | Apr 30, 2024 |
| CVE-2024-34047 | O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | -- | Apr 30, 2024 |
| CVE-2024-34046 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). | -- | Apr 30, 2024 |
| CVE-2024-34045 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). | -- | Apr 30, 2024 |
| CVE-2024-34044 | The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. | -- | Apr 30, 2024 |
| CVE-2024-34043 | O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | -- | Apr 30, 2024 |
| CVE-2024-34020 | A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. | -- | Apr 29, 2024 |
| CVE-2024-34011 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | -- | Apr 29, 2024 |
| CVE-2024-34010 | Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | -- | Apr 29, 2024 |
| CVE-2024-33905 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. | -- | Apr 29, 2024 |
| CVE-2024-33904 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. | -- | Apr 29, 2024 |
| CVE-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. | -- | Apr 29, 2024 |
| CVE-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. | -- | Apr 29, 2024 |
| CVE-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute. | -- | Apr 29, 2024 |
| CVE-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | -- | Apr 29, 2024 |
| CVE-2024-33851 | phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.) | -- | Apr 29, 2024 |
| CVE-2024-33697 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rimes Gold CF7 File Download – File Download for CF7 allows Stored XSS.This issue affects CF7 File Download – File Download for CF7: from n/a through 2.0. | -- | Apr 26, 2024 |
| CVE-2024-33696 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0. | -- | Apr 26, 2024 |
| CVE-2024-33695 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. | -- | Apr 26, 2024 |
| CVE-2024-33694 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5. | -- | Apr 26, 2024 |
| CVE-2024-33693 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4. | -- | Apr 26, 2024 |
| CVE-2024-33692 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3. | -- | Apr 26, 2024 |
| CVE-2024-33691 | Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. | -- | Apr 26, 2024 |
| CVE-2024-33690 | Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. | -- | Apr 26, 2024 |
| CVE-2024-33689 | Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7. | -- | Apr 26, 2024 |
| CVE-2024-33688 | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | -- | Apr 26, 2024 |
| CVE-2024-33686 | Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7. | -- | Apr 29, 2024 |
| CVE-2024-33684 | Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0. | -- | Apr 29, 2024 |
| CVE-2024-33683 | Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. | -- | Apr 26, 2024 |
| CVE-2024-33682 | Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | -- | Apr 26, 2024 |
| CVE-2024-33681 | Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3. | -- | Apr 29, 2024 |
| CVE-2024-33680 | Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | -- | Apr 26, 2024 |
| CVE-2024-33679 | Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. | -- | Apr 26, 2024 |
| CVE-2024-33678 | Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4. | -- | Apr 26, 2024 |
| CVE-2024-33677 | Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. | -- | Apr 26, 2024 |
| CVE-2024-33673 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | -- | Apr 26, 2024 |
| CVE-2024-33672 | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | -- | Apr 26, 2024 |
| CVE-2024-33671 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | -- | Apr 26, 2024 |
| CVE-2024-33652 | Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. | -- | Apr 29, 2024 |
| CVE-2024-33651 | Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. | -- | Apr 26, 2024 |
| CVE-2024-33650 | Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4. | -- | Apr 26, 2024 |
| CVE-2024-33649 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9. | -- | Apr 29, 2024 |
| CVE-2024-33648 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from n/a through 1.66.0. | -- | Apr 29, 2024 |
| CVE-2024-33646 | Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5. | -- | Apr 29, 2024 |
| CVE-2024-33645 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Easy Set Favicon: from n/a through 1.1. | -- | Apr 29, 2024 |
| CVE-2024-33643 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2. | -- | Apr 29, 2024 |
| CVE-2024-33642 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1. | -- | Apr 26, 2024 |
| CVE-2024-33641 | Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. | -- | Apr 29, 2024 |
