The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-32134 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook: from n/a through 1.1.12. | -- | Apr 15, 2024 |
| CVE-2024-32133 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3. | -- | Apr 15, 2024 |
| CVE-2024-32132 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20. | -- | Apr 15, 2024 |
| CVE-2024-32129 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.4. | -- | Apr 15, 2024 |
| CVE-2024-32128 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. | -- | Apr 15, 2024 |
| CVE-2024-32127 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6. | -- | Apr 15, 2024 |
| CVE-2024-32125 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4. | -- | Apr 15, 2024 |
| CVE-2024-32112 | Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0. | -- | Apr 11, 2024 |
| CVE-2024-32109 | Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8. | -- | Apr 11, 2024 |
| CVE-2024-32108 | Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. | -- | Apr 11, 2024 |
| CVE-2024-32107 | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | -- | Apr 11, 2024 |
| CVE-2024-32106 | Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. | -- | Apr 11, 2024 |
| CVE-2024-32105 | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | -- | Apr 11, 2024 |
| CVE-2024-32104 | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. | -- | Apr 15, 2024 |
| CVE-2024-32103 | Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This issue affects Siteimprove: from n/a through 2.0.6. | -- | Apr 15, 2024 |
| CVE-2024-32102 | Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0. | -- | Apr 15, 2024 |
| CVE-2024-32101 | Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.14.3. | -- | Apr 15, 2024 |
| CVE-2024-32099 | Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6. | -- | Apr 15, 2024 |
| CVE-2024-32098 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6. | -- | Apr 15, 2024 |
| CVE-2024-32097 | Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.1. | -- | Apr 15, 2024 |
| CVE-2024-32096 | Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2. | -- | Apr 15, 2024 |
| CVE-2024-32095 | Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9. | -- | Apr 15, 2024 |
| CVE-2024-32094 | Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church Content – Sermons, Events and More.This issue affects Church Content – Sermons, Events and More: from n/a through 2.6. | -- | Apr 15, 2024 |
| CVE-2024-32093 | Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2. | -- | Apr 15, 2024 |
| CVE-2024-32092 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | -- | Apr 15, 2024 |
| CVE-2024-32091 | Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2. | -- | Apr 15, 2024 |
| CVE-2024-32090 | Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | -- | Apr 15, 2024 |
| CVE-2024-32089 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | -- | Apr 15, 2024 |
| CVE-2024-32088 | Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. | -- | Apr 15, 2024 |
| CVE-2024-32087 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7. | -- | Apr 15, 2024 |
| CVE-2024-32086 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | -- | Apr 16, 2024 |
| CVE-2024-32085 | Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | -- | Apr 15, 2024 |
| CVE-2024-32084 | Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9. | -- | Apr 15, 2024 |
| CVE-2024-32083 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. | -- | Apr 11, 2024 |
| CVE-2024-32082 | Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting (XSS).This issue affects Sync Post With Other Site: from n/a through 1.5.1. | -- | Apr 15, 2024 |
| CVE-2024-32080 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | -- | Apr 11, 2024 |
| CVE-2024-32079 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2. | -- | Apr 15, 2024 |
| CVE-2024-32041 | -- | Apr 17, 2024 | |
| CVE-2024-32040 | -- | Apr 17, 2024 | |
| CVE-2024-32039 | -- | Apr 17, 2024 | |
| CVE-2024-32036 | ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp\'s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8. | -- | Apr 16, 2024 |
| CVE-2024-32035 | ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8. | -- | Apr 16, 2024 |
| CVE-2024-32028 | OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Apr 15, 2024 |
| CVE-2024-32027 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 |
| CVE-2024-32026 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 |
| CVE-2024-32025 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 |
| CVE-2024-32024 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 |
| CVE-2024-32023 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 |
| CVE-2024-32022 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 |
| CVE-2024-32019 | Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Apr 15, 2024 |
