The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-31114 | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | -- | Apr 1, 2024 |
| CVE-2024-31112 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4. | -- | Apr 1, 2024 |
| CVE-2024-31110 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2. | -- | Apr 1, 2024 |
| CVE-2024-31109 | Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0. | -- | Apr 2, 2024 |
| CVE-2024-31108 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2. | -- | Apr 1, 2024 |
| CVE-2024-31107 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1. | -- | Apr 1, 2024 |
| CVE-2024-31106 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Yooslider Yoo Slider allows Reflected XSS.This issue affects Yoo Slider: from n/a through 2.1.1. | -- | Apr 1, 2024 |
| CVE-2024-31105 | Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5. | -- | Apr 2, 2024 |
| CVE-2024-31104 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33. | -- | Apr 1, 2024 |
| CVE-2024-31103 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | -- | Apr 1, 2024 |
| CVE-2024-31102 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scimone Ignazio Prenotazioni allows Stored XSS.This issue affects Prenotazioni: from n/a through 1.7.4. | -- | Apr 1, 2024 |
| CVE-2024-31101 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through 2.4. | -- | Apr 1, 2024 |
| CVE-2024-31100 | Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Cart Lite for WooCommerce.This issue affects Popup Cart Lite for WooCommerce: from n/a through 1.1. | -- | Apr 1, 2024 |
| CVE-2024-31099 | Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.5. | -- | Apr 1, 2024 |
| CVE-2024-31097 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through 3.5.9. | -- | Apr 1, 2024 |
| CVE-2024-31096 | Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. | -- | Apr 1, 2024 |
| CVE-2024-31095 | Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0. | -- | Apr 1, 2024 |
| CVE-2024-31094 | Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | -- | Apr 1, 2024 |
| CVE-2024-31092 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15. | -- | Apr 1, 2024 |
| CVE-2024-31091 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1. | -- | Apr 1, 2024 |
| CVE-2024-31090 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ???? Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6. | -- | Apr 1, 2024 |
| CVE-2024-31089 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through 2.4.0. | -- | Apr 1, 2024 |
| CVE-2024-31087 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joel Starnes pageMash > Page Management allows Reflected XSS.This issue affects pageMash > Page Management: from n/a through 1.3.0. | -- | Apr 1, 2024 |
| CVE-2024-31085 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1. | -- | Apr 1, 2024 |
| CVE-2024-31084 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19. | -- | Apr 1, 2024 |
| CVE-2024-31033 | JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the ignores behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date. | -- | Apr 1, 2024 |
| CVE-2024-31032 | An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | -- | Apr 1, 2024 |
| CVE-2024-31005 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment | -- | Apr 2, 2024 |
| CVE-2024-31004 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment. | -- | Apr 2, 2024 |
| CVE-2024-31003 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | -- | Apr 2, 2024 |
| CVE-2024-31002 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. | -- | Apr 2, 2024 |
| CVE-2024-30965 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. | -- | Apr 2, 2024 |
| CVE-2024-30946 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. | -- | Apr 2, 2024 |
| CVE-2024-30872 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php. | -- | Apr 1, 2024 |
| CVE-2024-30871 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php. | -- | Apr 1, 2024 |
| CVE-2024-30870 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php. | -- | Apr 1, 2024 |
| CVE-2024-30868 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | -- | Apr 1, 2024 |
| CVE-2024-30867 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php. | -- | Apr 2, 2024 |
| CVE-2024-30866 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php. | -- | Apr 1, 2024 |
| CVE-2024-30865 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php. | -- | Apr 1, 2024 |
| CVE-2024-30864 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php. | -- | Apr 1, 2024 |
| CVE-2024-30863 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php. | -- | Apr 2, 2024 |
| CVE-2024-30862 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php. | -- | Apr 2, 2024 |
| CVE-2024-30861 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php. | -- | Apr 2, 2024 |
| CVE-2024-30860 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php. | -- | Apr 2, 2024 |
| CVE-2024-30859 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php. | -- | Apr 2, 2024 |
| CVE-2024-30858 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | -- | Apr 2, 2024 |
| CVE-2024-30809 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | -- | Apr 2, 2024 |
| CVE-2024-30808 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | -- | Apr 2, 2024 |
| CVE-2024-30807 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | -- | Apr 2, 2024 |
