The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-29366 | A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. | -- | Mar 22, 2024 |
| CVE-2024-29368 | An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content. | -- | Apr 23, 2024 |
| CVE-2024-29374 | A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the GET /?lang= URL parameter. | -- | Mar 21, 2024 |
| CVE-2024-29375 | CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. | -- | Apr 4, 2024 |
| CVE-2024-29376 | Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the Province field in Address Book. | -- | Apr 22, 2024 |
| CVE-2024-29384 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions. | -- | May 1, 2024 |
| CVE-2024-29385 | DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. | -- | Mar 22, 2024 |
| CVE-2024-29386 | projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php. | -- | Apr 5, 2024 |
| CVE-2024-29387 | projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. | -- | Apr 5, 2024 |
| CVE-2024-29399 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | -- | Apr 11, 2024 |
| CVE-2024-29400 | An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | -- | Apr 12, 2024 |
| CVE-2024-29401 | xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. | -- | Mar 26, 2024 |
| CVE-2024-29402 | cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity. | -- | Apr 16, 2024 |
| CVE-2024-29413 | Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function. | -- | Apr 4, 2024 |
| CVE-2024-29417 | Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. | -- | May 3, 2024 |
| CVE-2024-29419 | There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | -- | Mar 20, 2024 |
| CVE-2024-29432 | Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. | -- | Apr 2, 2024 |
| CVE-2024-29433 | A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. | -- | Apr 2, 2024 |
| CVE-2024-29434 | An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. | -- | Apr 2, 2024 |
| CVE-2024-29435 | An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. | -- | Apr 2, 2024 |
| CVE-2024-29439 | An unauthorized node injection vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29440 | An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Mar 26, 2024 |
| CVE-2024-29441 | An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29442 | An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Mar 26, 2024 |
| CVE-2024-29443 | A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29444 | An OS command injection vulnerability has been discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29445 | An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3 where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29447 | An issue was discovered in the default configurations of ROS2 Humble Hawksbill in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29448 | A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29449 | An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via man-in-the-middle attacks due to cleartext transmission of data across the ROS2 nodes\' communication channels. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29450 | An issue has been discovered in the permission and access control components within ROS2 Humble Hawksbill, in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the authentication system, including protocols, processes, and checks designed to verify the identities of users or devices attempting to access the ROS2 system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29452 | An insecure deserialization vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29454 | An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary commands potentially leading to unauthorized system control, data breaches, system and network compromise, and operational disruption. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29455 | An arbitrary file upload vulnerability has been discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | -- | Apr 11, 2024 |
| CVE-2024-29460 | An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. | -- | Apr 11, 2024 |
| CVE-2024-29461 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | -- | Apr 15, 2024 |
| CVE-2024-29466 | Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. | -- | May 1, 2024 |
| CVE-2024-29469 | A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | -- | Mar 21, 2024 |
| CVE-2024-29470 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | -- | Mar 21, 2024 |
| CVE-2024-29471 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | -- | Mar 21, 2024 |
| CVE-2024-29472 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. | -- | Mar 21, 2024 |
| CVE-2024-29473 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | -- | Mar 21, 2024 |
| CVE-2024-29474 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. | -- | Mar 21, 2024 |
| CVE-2024-29477 | Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input. | -- | Apr 3, 2024 |
| CVE-2024-29489 | Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | -- | Mar 28, 2024 |
| CVE-2024-29499 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. | -- | Mar 22, 2024 |
| CVE-2024-29500 | An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | -- | Apr 11, 2024 |
| CVE-2024-29502 | An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | -- | Apr 11, 2024 |
| CVE-2024-29504 | Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. | -- | Apr 11, 2024 |
| CVE-2024-29514 | File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. | -- | Apr 2, 2024 |
