The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-6191 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | Mar 29, 2024 |
| CVE-2023-6154 | A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\'s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. | -- | Apr 1, 2024 |
| CVE-2023-6047 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2. | -- | Mar 29, 2024 |
| CVE-2022-47153 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1. | -- | Apr 1, 2024 |
| CVE-2022-4966 | A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 7.0.0-beta.1 is able to address this issue. The patch is identified as 0043a6b1e6e0f5abc9557e73f9ffc524fc5d609d. It is recommended to upgrade the affected component. VDB-258782 is the identifier assigned to this vulnerability. | -- | Apr 1, 2024 |
| CVE-2020-36828 | A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612. | -- | Apr 1, 2024 |
| CVE-2017-20191 | A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability. | -- | Apr 1, 2024 |
| CVE-2016-15038 | A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | -- | Apr 1, 2024 |
| CVE-2015-10131 | A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620. | -- | Apr 1, 2024 |
| CVE-2014-125110 | A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.4.4 is able to address this issue. The identifier of the patch is c846327df030a0a97da036a2f07c769ab9284ddb. It is recommended to upgrade the affected component. The identifier VDB-258781 was assigned to this vulnerability. | -- | Apr 1, 2024 |
| CVE-2024-31140 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | -- | Mar 28, 2024 |
| CVE-2024-31139 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | -- | Mar 28, 2024 |
| CVE-2024-31138 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | -- | Mar 28, 2024 |
| CVE-2024-31137 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | -- | Mar 28, 2024 |
| CVE-2024-31136 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | -- | Mar 28, 2024 |
| CVE-2024-31135 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | -- | Mar 28, 2024 |
| CVE-2024-31134 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | -- | Mar 28, 2024 |
| CVE-2024-31065 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | -- | Mar 28, 2024 |
| CVE-2024-31064 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. | -- | Mar 28, 2024 |
| CVE-2024-31063 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. | -- | Mar 28, 2024 |
| CVE-2024-31062 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | -- | Mar 28, 2024 |
| CVE-2024-31061 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. | -- | Mar 28, 2024 |
| CVE-2024-30612 | Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. | -- | Mar 28, 2024 |
| CVE-2024-30607 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 |
| CVE-2024-30606 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. | -- | Mar 28, 2024 |
| CVE-2024-30604 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. | -- | Mar 28, 2024 |
| CVE-2024-30603 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 |
| CVE-2024-30602 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | -- | Mar 28, 2024 |
| CVE-2024-30601 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 |
| CVE-2024-30600 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | -- | Mar 28, 2024 |
| CVE-2024-30599 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | -- | Mar 28, 2024 |
| CVE-2024-30598 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | -- | Mar 28, 2024 |
| CVE-2024-30597 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | -- | Mar 28, 2024 |
| CVE-2024-30596 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. | -- | Mar 28, 2024 |
| CVE-2024-30595 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. | -- | Mar 28, 2024 |
| CVE-2024-30594 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | -- | Mar 28, 2024 |
| CVE-2024-30593 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. | -- | Mar 28, 2024 |
| CVE-2024-30592 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. | -- | Mar 28, 2024 |
| CVE-2024-30591 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 |
| CVE-2024-30590 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | -- | Mar 28, 2024 |
| CVE-2024-30589 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. | -- | Mar 28, 2024 |
| CVE-2024-30588 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | -- | Mar 28, 2024 |
| CVE-2024-30587 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 |
| CVE-2024-30586 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | -- | Mar 28, 2024 |
| CVE-2024-30585 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 |
| CVE-2024-30584 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | -- | Mar 28, 2024 |
| CVE-2024-30583 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. | -- | Mar 28, 2024 |
| CVE-2024-30422 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. | -- | Mar 28, 2024 |
| CVE-2024-30421 | Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. | -- | Mar 28, 2024 |
| CVE-2024-30245 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0. | -- | Mar 28, 2024 |
