The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-32343 | A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | -- | Apr 18, 2024 |
| CVE-2024-32342 | A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. | -- | Apr 18, 2024 |
| CVE-2024-32341 | Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | -- | Apr 18, 2024 |
| CVE-2024-32340 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module. | -- | Apr 18, 2024 |
| CVE-2024-32339 | Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | -- | Apr 18, 2024 |
| CVE-2024-32338 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. | -- | Apr 18, 2024 |
| CVE-2024-32337 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | -- | Apr 18, 2024 |
| CVE-2024-32335 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. | -- | Apr 18, 2024 |
| CVE-2024-32334 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | -- | Apr 18, 2024 |
| CVE-2024-32333 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | -- | Apr 18, 2024 |
| CVE-2024-32332 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | -- | Apr 18, 2024 |
| CVE-2024-32327 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | -- | Apr 18, 2024 |
| CVE-2024-32326 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | -- | Apr 18, 2024 |
| CVE-2024-32325 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | -- | Apr 18, 2024 |
| CVE-2024-32320 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. | -- | Apr 17, 2024 |
| CVE-2024-32318 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. | -- | Apr 17, 2024 |
| CVE-2024-32317 | Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32316 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. | -- | Apr 17, 2024 |
| CVE-2024-32315 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32314 | Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32313 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32312 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32311 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
| CVE-2024-32310 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32307 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32306 | Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32305 | Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32303 | Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32302 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32301 | Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32299 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
| CVE-2024-32293 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. | -- | Apr 17, 2024 |
| CVE-2024-32292 | Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32291 | Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. | -- | Apr 17, 2024 |
| CVE-2024-32290 | Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. | -- | Apr 17, 2024 |
| CVE-2024-32288 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. | -- | Apr 17, 2024 |
| CVE-2024-32287 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. | -- | Apr 17, 2024 |
| CVE-2024-32286 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. | -- | Apr 17, 2024 |
| CVE-2024-32285 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. | -- | Apr 17, 2024 |
| CVE-2024-32283 | Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32282 | Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32281 | Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
| CVE-2024-32258 | The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. | -- | Apr 23, 2024 |
| CVE-2024-32256 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. | -- | Apr 16, 2024 |
| CVE-2024-32254 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image. | -- | Apr 16, 2024 |
| CVE-2024-32238 | H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router\'s management system can be accessed via the management system page login interface. | -- | Apr 23, 2024 |
| CVE-2024-32206 | A stored cross-site scripting (XSS) vulnerability in the component \\affiche\\admin\\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter. | -- | Apr 19, 2024 |
| CVE-2024-32205 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 22, 2024 |
| CVE-2024-32166 | Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation). | -- | Apr 19, 2024 |
| CVE-2024-32163 | CMSeasy 7.7.7.9 is vulnerable to code execution. | -- | Apr 17, 2024 |
