The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-32551 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71. | -- | Apr 18, 2024 |
| CVE-2024-32550 | Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1. | -- | Apr 17, 2024 |
| CVE-2024-32549 | Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3. | -- | Apr 17, 2024 |
| CVE-2024-32548 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Hideki Tanaka What\'s New Generator allows Stored XSS.This issue affects What\'s New Generator: from n/a through 2.0.2. | -- | Apr 17, 2024 |
| CVE-2024-32547 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through 2.5.3. | -- | Apr 17, 2024 |
| CVE-2024-32546 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5. | -- | Apr 17, 2024 |
| CVE-2024-32545 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Canva Canva – Design beautiful blog graphics allows Reflected XSS.This issue affects Canva – Design beautiful blog graphics: from n/a through 1.2.4. | -- | Apr 17, 2024 |
| CVE-2024-32544 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through 2.8. | -- | Apr 17, 2024 |
| CVE-2024-32543 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Minoji MJ Update History allows Reflected XSS.This issue affects MJ Update History: from n/a through 1.0.4. | -- | Apr 17, 2024 |
| CVE-2024-32542 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Organic Themes Bulk Block Converter allows Reflected XSS.This issue affects Bulk Block Converter: from n/a through 1.0.1. | -- | Apr 17, 2024 |
| CVE-2024-32541 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tobias Battenberg WP-Cufon allows Stored XSS.This issue affects WP-Cufon: from n/a through 1.6.10. | -- | Apr 17, 2024 |
| CVE-2024-32540 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Web357 Fixed HTML Toolbar allows Stored XSS.This issue affects Fixed HTML Toolbar: from n/a through 1.0.7. | -- | Apr 17, 2024 |
| CVE-2024-32539 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in JoomUnited WP File Download Light allows Stored XSS.This issue affects WP File Download Light: from n/a through 1.3.3. | -- | Apr 17, 2024 |
| CVE-2024-32538 | Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8. | -- | Apr 17, 2024 |
| CVE-2024-32536 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Trade Pips WP TradingView allows Stored XSS.This issue affects WP TradingView: from n/a through 1.7. | -- | Apr 17, 2024 |
| CVE-2024-32535 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jojaba Access Category Password allows Reflected XSS.This issue affects Access Category Password: from n/a through 1.5.1. | -- | Apr 17, 2024 |
| CVE-2024-32534 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23. | -- | Apr 17, 2024 |
| CVE-2024-32533 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Peter Shaw LH Add Media From Url allows Reflected XSS.This issue affects LH Add Media From Url: from n/a through 1.22. | -- | Apr 17, 2024 |
| CVE-2024-32532 | Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6. | -- | Apr 17, 2024 |
| CVE-2024-32531 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8. | -- | Apr 17, 2024 |
| CVE-2024-32530 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PressTigers Simple Testimonials Showcase allows Stored XSS.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. | -- | Apr 17, 2024 |
| CVE-2024-32529 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Momoyoga Yoga Schedule Momoyoga allows Stored XSS.This issue affects Yoga Schedule Momoyoga: from n/a through 2.7.0. | -- | Apr 17, 2024 |
| CVE-2024-32528 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18. | -- | Apr 17, 2024 |
| CVE-2024-32527 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1. | -- | Apr 17, 2024 |
| CVE-2024-32526 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Flector Easy Textillate allows Stored XSS.This issue affects Easy Textillate: from n/a through 2.02. | -- | Apr 17, 2024 |
| CVE-2024-32525 | Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6. | -- | Apr 17, 2024 |
| CVE-2024-32524 | Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | -- | Apr 17, 2024 |
| CVE-2024-32522 | Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1. | -- | Apr 17, 2024 |
| CVE-2024-32520 | Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2. | -- | Apr 17, 2024 |
| CVE-2024-32519 | Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6. | -- | Apr 17, 2024 |
| CVE-2024-32518 | Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0. | -- | Apr 17, 2024 |
| CVE-2024-32517 | Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12. | -- | Apr 17, 2024 |
| CVE-2024-32516 | Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. | -- | Apr 17, 2024 |
| CVE-2024-32515 | Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8. | -- | Apr 17, 2024 |
| CVE-2024-32514 | Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | -- | Apr 17, 2024 |
| CVE-2024-32513 | Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. | -- | Apr 17, 2024 |
| CVE-2024-32510 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75. | -- | Apr 17, 2024 |
| CVE-2024-32509 | Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76. | -- | Apr 17, 2024 |
| CVE-2024-32508 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.0.2. | -- | Apr 17, 2024 |
| CVE-2024-32506 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | -- | Apr 17, 2024 |
| CVE-2024-32505 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Wpmet Elements kit Elementor addons allows Stored XSS.This issue affects Elements kit Elementor addons: from n/a through 3.0.6. | -- | Apr 17, 2024 |
| CVE-2024-32489 | TCPDF before 6.7.4 mishandles calls that use HTML syntax. | -- | Apr 15, 2024 |
| CVE-2024-32488 | In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. | -- | Apr 15, 2024 |
| CVE-2024-32487 | less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. | -- | Apr 15, 2024 |
| CVE-2024-32482 | The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. | -- | Apr 23, 2024 |
| CVE-2024-32480 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. | -- | Apr 23, 2024 |
| CVE-2024-32479 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. | -- | Apr 23, 2024 |
| CVE-2024-32478 | Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users\' privileges. This vulnerability is fixed in 2.5.0. | -- | Apr 19, 2024 |
| CVE-2024-32477 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it\'s possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the user input. Some ANSI escape sequences act as a info request to the master terminal emulator and the terminal emulator sends back the reply in the PTY channel. standard streams also use this channel to send and get data. For example the `\\033[6n` sequence requests the current cursor position. These sequences allow us to append data to the standard input of Deno. This vulnerability allows an attacker to bypass Deno permission policy. This vulnerability is fixed in 1.42.2. | -- | Apr 18, 2024 |
| CVE-2024-32475 | Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. | -- | Apr 18, 2024 |
