Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2024-29794 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1. -- Mar 27, 2024
CVE-2024-29793 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2. -- Mar 27, 2024
CVE-2024-29792 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93. -- Mar 27, 2024
CVE-2024-29791 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01. -- Mar 27, 2024
CVE-2024-29790 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16. -- Mar 27, 2024
CVE-2024-29789 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5. -- Mar 27, 2024
CVE-2024-29788 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1. -- Mar 27, 2024
CVE-2024-29777 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0. -- Mar 27, 2024
CVE-2024-29776 Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. -- Mar 27, 2024
CVE-2024-29775 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1. -- Mar 27, 2024
CVE-2024-29774 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9. -- Mar 27, 2024
CVE-2024-29773 Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. -- Mar 27, 2024
CVE-2024-29772 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7. -- Mar 27, 2024
CVE-2024-29771 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8. -- Mar 27, 2024
CVE-2024-29770 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2. -- Mar 27, 2024
CVE-2024-29769 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6. -- Mar 27, 2024
CVE-2024-29768 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4. -- Mar 27, 2024
CVE-2024-29767 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2. -- Mar 27, 2024
CVE-2024-29766 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5. -- Mar 27, 2024
CVE-2024-29765 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0. -- Mar 27, 2024
CVE-2024-29764 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7. -- Mar 27, 2024
CVE-2024-29763 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. -- Mar 27, 2024
CVE-2024-29762 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1. -- Mar 27, 2024
CVE-2024-29761 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3. -- Mar 27, 2024
CVE-2024-29760 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. -- Mar 27, 2024
CVE-2024-29759 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54. -- Mar 27, 2024
CVE-2024-29758 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72. -- Mar 27, 2024
CVE-2024-28853 Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1. -- Mar 27, 2024
CVE-2024-28852 Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1 -- Mar 27, 2024
CVE-2024-28815 A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system. -- Mar 27, 2024
CVE-2024-28784 IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. -- Mar 27, 2024
CVE-2024-28335 Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim\'s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the lektor server command. -- Mar 27, 2024
CVE-2024-27270 IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. -- Mar 27, 2024
CVE-2024-27188 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3. -- Mar 27, 2024
CVE-2024-27091 GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user\'s email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3. -- Mar 27, 2024
CVE-2024-26652 In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn\'t call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened. -- Mar 27, 2024
CVE-2024-26651 In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. -- Mar 27, 2024
CVE-2024-25962 Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. -- Mar 27, 2024
CVE-2024-25926 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1. -- Mar 27, 2024
CVE-2024-25920 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. -- Mar 27, 2024
CVE-2024-25736 An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request. -- Mar 27, 2024
CVE-2024-25735 An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request. -- Mar 27, 2024
CVE-2024-25734 An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts. -- Mar 27, 2024
CVE-2024-25395 A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. -- Mar 27, 2024
CVE-2024-25394 A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing \'\\0\' character. -- Mar 27, 2024
CVE-2024-25393 A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. -- Mar 27, 2024
CVE-2024-25392 An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. -- Mar 27, 2024
CVE-2024-25391 A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. -- Mar 27, 2024
CVE-2024-25390 A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. -- Mar 27, 2024
CVE-2024-25389 RT-Thread through 5.0.2 generates random numbers with a weak algorithm of seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF; in calc_random in drivers/misc/rt_random.c. -- Mar 27, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online