Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2024-29864 Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. -- Mar 21, 2024
CVE-2024-29862 The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. -- Mar 21, 2024
CVE-2024-29859 In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. -- Mar 21, 2024
CVE-2024-29858 In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. -- Mar 21, 2024
CVE-2024-29833 The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users. -- Mar 26, 2024
CVE-2024-29832 The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue. Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited. -- Mar 26, 2024
CVE-2024-29820 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88. -- Mar 27, 2024
CVE-2024-29819 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2. -- Mar 27, 2024
CVE-2024-29818 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1. -- Mar 27, 2024
CVE-2024-29817 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5. -- Mar 27, 2024
CVE-2024-29816 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. -- Mar 27, 2024
CVE-2024-29815 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0. -- Mar 27, 2024
CVE-2024-29814 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0. -- Mar 27, 2024
CVE-2024-29813 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1. -- Mar 27, 2024
CVE-2024-29812 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. -- Mar 27, 2024
CVE-2024-29811 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. -- Mar 27, 2024
CVE-2024-29810 The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. -- Mar 26, 2024
CVE-2024-29809 The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. -- Mar 26, 2024
CVE-2024-29808 The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. -- Mar 26, 2024
CVE-2024-29807 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. -- Mar 27, 2024
CVE-2024-29806 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. -- Mar 27, 2024
CVE-2024-29805 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. -- Mar 27, 2024
CVE-2024-29804 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. -- Mar 27, 2024
CVE-2024-29803 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05. -- Mar 27, 2024
CVE-2024-29802 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3. -- Mar 27, 2024
CVE-2024-29801 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11. -- Mar 27, 2024
CVE-2024-29799 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211. -- Mar 27, 2024
CVE-2024-29798 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4. -- Mar 27, 2024
CVE-2024-29797 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1. -- Mar 27, 2024
CVE-2024-29796 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1. -- Mar 27, 2024
CVE-2024-29795 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24. -- Mar 27, 2024
CVE-2024-29794 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1. -- Mar 27, 2024
CVE-2024-29793 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2. -- Mar 27, 2024
CVE-2024-29792 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93. -- Mar 27, 2024
CVE-2024-29791 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01. -- Mar 27, 2024
CVE-2024-29790 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16. -- Mar 27, 2024
CVE-2024-29789 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5. -- Mar 27, 2024
CVE-2024-29788 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1. -- Mar 27, 2024
CVE-2024-29777 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0. -- Mar 27, 2024
CVE-2024-29776 Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. -- Mar 27, 2024
CVE-2024-29775 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1. -- Mar 27, 2024
CVE-2024-29774 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9. -- Mar 27, 2024
CVE-2024-29773 Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. -- Mar 27, 2024
CVE-2024-29772 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7. -- Mar 27, 2024
CVE-2024-29771 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8. -- Mar 27, 2024
CVE-2024-29770 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2. -- Mar 27, 2024
CVE-2024-29769 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6. -- Mar 27, 2024
CVE-2024-29768 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4. -- Mar 27, 2024
CVE-2024-29767 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2. -- Mar 27, 2024
CVE-2024-29766 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5. -- Mar 27, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online