The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-33438 | File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | -- | Apr 29, 2024 |
| CVE-2024-33437 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. | -- | May 1, 2024 |
| CVE-2024-33436 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables | -- | May 1, 2024 |
| CVE-2024-33435 | Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend function | -- | Apr 29, 2024 |
| CVE-2024-33434 | An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. | -- | May 7, 2024 |
| CVE-2024-33431 | An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33430 | An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33429 | Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33428 | Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33424 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. | -- | May 1, 2024 |
| CVE-2024-33423 | Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section. | -- | May 2, 2024 |
| CVE-2024-33411 | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | -- | May 6, 2024 |
| CVE-2024-33410 | SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | -- | May 6, 2024 |
| CVE-2024-33409 | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. | -- | May 6, 2024 |
| CVE-2024-33408 | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | -- | May 6, 2024 |
| CVE-2024-33407 | SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | -- | May 6, 2024 |
| CVE-2024-33406 | SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | -- | May 6, 2024 |
| CVE-2024-33405 | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | -- | May 6, 2024 |
| CVE-2024-33404 | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | -- | May 6, 2024 |
| CVE-2024-33403 | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. | -- | May 6, 2024 |
| CVE-2024-33401 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. | -- | Apr 29, 2024 |
| CVE-2024-33398 | There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | -- | May 3, 2024 |
| CVE-2024-33396 | An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 3, 2024 |
| CVE-2024-33394 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 3, 2024 |
| CVE-2024-33393 | An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 1, 2024 |
| CVE-2024-33383 | Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. | -- | May 1, 2024 |
| CVE-2024-33382 | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | -- | May 9, 2024 |
| CVE-2024-33371 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | -- | May 1, 2024 |
| CVE-2024-33350 | Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | -- | Apr 29, 2024 |
| CVE-2024-33345 | D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. | -- | Apr 29, 2024 |
| CVE-2024-33344 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | -- | Apr 26, 2024 |
| CVE-2024-33343 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | -- | Apr 26, 2024 |
| CVE-2024-33342 | D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | -- | Apr 26, 2024 |
| CVE-2024-33339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 29, 2024 |
| CVE-2024-33338 | Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | -- | Apr 29, 2024 |
| CVE-2024-33332 | An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | -- | May 1, 2024 |
| CVE-2024-33331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33891. Reason: This candidate is a reservation duplicate of CVE-2024-33891. Notes: All CVE users should reference CVE-2024-33891 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Apr 28, 2024 |
| CVE-2024-33309 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | -- | May 5, 2024 |
| CVE-2024-33308 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | -- | May 5, 2024 |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via Last Name parameter in Create User. | -- | May 2, 2024 |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via First Name parameter in Create User. | -- | May 2, 2024 |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via Middle Name parameter in Create User. | -- | May 2, 2024 |
| CVE-2024-33304 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via Last Name under Add Users. | -- | May 1, 2024 |
| CVE-2024-33303 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via First Name under Add Users. | -- | May 2, 2024 |
| CVE-2024-33302 | SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via Middle Name under Add Users. | -- | May 2, 2024 |
| CVE-2024-33300 | Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | -- | May 1, 2024 |
| CVE-2024-33294 | An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | -- | May 6, 2024 |
| CVE-2024-33292 | SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | -- | May 1, 2024 |
| CVE-2024-33276 | SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. | -- | Apr 29, 2024 |
| CVE-2024-33275 | SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | -- | Apr 30, 2024 |
