The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-33428 | Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33424 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. | -- | May 1, 2024 |
| CVE-2024-33423 | Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section. | -- | May 2, 2024 |
| CVE-2024-33401 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. | -- | Apr 29, 2024 |
| CVE-2024-33398 | There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | -- | May 3, 2024 |
| CVE-2024-33396 | An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 3, 2024 |
| CVE-2024-33394 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 3, 2024 |
| CVE-2024-33393 | An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 1, 2024 |
| CVE-2024-33383 | Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. | -- | May 1, 2024 |
| CVE-2024-33371 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | -- | May 1, 2024 |
| CVE-2024-33350 | Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | -- | Apr 29, 2024 |
| CVE-2024-33345 | D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. | -- | Apr 29, 2024 |
| CVE-2024-33344 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | -- | Apr 26, 2024 |
| CVE-2024-33343 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | -- | Apr 26, 2024 |
| CVE-2024-33342 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | -- | Apr 26, 2024 |
| CVE-2024-33339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 29, 2024 |
| CVE-2024-33338 | Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | -- | Apr 29, 2024 |
| CVE-2024-33332 | An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | -- | May 1, 2024 |
| CVE-2024-33331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33891. Reason: This candidate is a reservation duplicate of CVE-2024-33891. Notes: All CVE users should reference CVE-2024-33891 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Apr 28, 2024 |
| CVE-2024-33309 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | -- | May 5, 2024 |
| CVE-2024-33308 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | -- | May 5, 2024 |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via Last Name parameter in Create User. | -- | May 2, 2024 |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via First Name parameter in Create User. | -- | May 2, 2024 |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via Middle Name parameter in Create User. | -- | May 2, 2024 |
| CVE-2024-33304 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via Last Name under Add Users. | -- | May 1, 2024 |
| CVE-2024-33303 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via First Name under Add Users. | -- | May 2, 2024 |
| CVE-2024-33302 | SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via Middle Name under Add Users. | -- | May 2, 2024 |
| CVE-2024-33300 | Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | -- | May 1, 2024 |
| CVE-2024-33292 | SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | -- | May 1, 2024 |
| CVE-2024-33276 | SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. | -- | Apr 29, 2024 |
| CVE-2024-33275 | SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | -- | Apr 30, 2024 |
| CVE-2024-33274 | Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php | -- | Apr 30, 2024 |
| CVE-2024-33273 | SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. | -- | Apr 30, 2024 |
| CVE-2024-33272 | SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components. | -- | Apr 29, 2024 |
| CVE-2024-33271 | An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. | -- | Apr 29, 2024 |
| CVE-2024-33270 | An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component. | -- | Apr 30, 2024 |
| CVE-2024-33269 | SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. | -- | Apr 29, 2024 |
| CVE-2024-33268 | SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. | -- | Apr 29, 2024 |
| CVE-2024-33267 | SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. | -- | Apr 30, 2024 |
| CVE-2024-33266 | SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function. | -- | Apr 29, 2024 |
| CVE-2024-33260 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c | -- | Apr 26, 2024 |
| CVE-2024-33259 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. | -- | Apr 26, 2024 |
| CVE-2024-33258 | Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. | -- | Apr 26, 2024 |
| CVE-2024-33255 | Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. | -- | Apr 26, 2024 |
| CVE-2024-33247 | Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. | -- | Apr 25, 2024 |
| CVE-2024-33217 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. | -- | Apr 23, 2024 |
| CVE-2024-33215 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. | -- | Apr 23, 2024 |
| CVE-2024-33214 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. | -- | Apr 23, 2024 |
| CVE-2024-33213 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. | -- | Apr 23, 2024 |
| CVE-2024-33212 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. | -- | Apr 23, 2024 |
