The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-34250 | A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the wasm_loader_check_br function in core/iwasm/interpreter/wasm_loader.c. | -- | May 6, 2024 |
| CVE-2024-34249 | wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function DeallocateSlot in wasm3/source/m3_compile.c. | -- | May 6, 2024 |
| CVE-2024-34246 | wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function main in wasm3/platforms/app/main.c. | -- | May 6, 2024 |
| CVE-2024-34245 | An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. | -- | May 14, 2024 |
| CVE-2024-34244 | libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | -- | May 9, 2024 |
| CVE-2024-34243 | Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. | -- | May 14, 2024 |
| CVE-2024-34231 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | -- | May 14, 2024 |
| CVE-2024-34230 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | -- | May 14, 2024 |
| CVE-2024-34226 | SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. | -- | May 14, 2024 |
| CVE-2024-34225 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | -- | May 14, 2024 |
| CVE-2024-34224 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | -- | May 14, 2024 |
| CVE-2024-34223 | Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | -- | May 14, 2024 |
| CVE-2024-34222 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | -- | May 14, 2024 |
| CVE-2024-34221 | Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | -- | May 14, 2024 |
| CVE-2024-34220 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the \'leave\' parameter. | -- | May 14, 2024 |
| CVE-2024-34219 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | -- | May 14, 2024 |
| CVE-2024-34218 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | -- | May 14, 2024 |
| CVE-2024-34217 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. | -- | May 14, 2024 |
| CVE-2024-34215 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. | -- | May 14, 2024 |
| CVE-2024-34213 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. | -- | May 14, 2024 |
| CVE-2024-34212 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. | -- | May 14, 2024 |
| CVE-2024-34211 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | -- | May 14, 2024 |
| CVE-2024-34210 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | -- | May 14, 2024 |
| CVE-2024-34209 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. | -- | May 14, 2024 |
| CVE-2024-34207 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | -- | May 14, 2024 |
| CVE-2024-34206 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | -- | May 14, 2024 |
| CVE-2024-34205 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | -- | May 14, 2024 |
| CVE-2024-34204 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | -- | May 14, 2024 |
| CVE-2024-34203 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. | -- | May 14, 2024 |
| CVE-2024-34202 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. | -- | May 14, 2024 |
| CVE-2024-34201 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. | -- | May 14, 2024 |
| CVE-2024-34200 | TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. | -- | May 14, 2024 |
| CVE-2024-34199 | TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. | -- | May 14, 2024 |
| CVE-2024-34196 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The boa program allows attackers to modify the value of the vwlan_idx field via formMultiAP. This can lead to a stack overflow through the formWlEncrypt CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks. | -- | May 14, 2024 |
| CVE-2024-34191 | htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. | -- | May 14, 2024 |
| CVE-2024-34149 | In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective). | -- | May 1, 2024 |
| CVE-2024-34148 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property \'hudson.model.ParametersAction.keepUndefinedParameters\'. | -- | May 2, 2024 |
| CVE-2024-34147 | Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | -- | May 2, 2024 |
| CVE-2024-34146 | Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | -- | May 2, 2024 |
| CVE-2024-34145 | A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | -- | May 2, 2024 |
| CVE-2024-34144 | A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | -- | May 2, 2024 |
| CVE-2024-34101 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34100 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34099 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34098 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34097 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34096 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34095 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34094 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 15, 2024 |
| CVE-2024-34093 | An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. | -- | May 6, 2024 |
