The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2024-32326 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | -- | Apr 18, 2024 |
CVE-2024-32325 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | -- | Apr 18, 2024 |
CVE-2024-32324 | Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. | -- | Apr 25, 2024 |
CVE-2024-32320 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. | -- | Apr 17, 2024 |
CVE-2024-32318 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. | -- | Apr 17, 2024 |
CVE-2024-32317 | Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
CVE-2024-32316 | Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. | -- | Apr 17, 2024 |
CVE-2024-32315 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
CVE-2024-32314 | Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
CVE-2024-32313 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. | -- | Apr 17, 2024 |
CVE-2024-32312 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. | -- | Apr 17, 2024 |
CVE-2024-32311 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | -- | Apr 17, 2024 |
CVE-2024-32310 | Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32307 | Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32306 | Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32305 | Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32303 | Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32302 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32301 | Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32299 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | -- | Apr 17, 2024 |
CVE-2024-32293 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. | -- | Apr 17, 2024 |
CVE-2024-32292 | Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
CVE-2024-32291 | Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. | -- | Apr 17, 2024 |
CVE-2024-32290 | Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. | -- | Apr 17, 2024 |
CVE-2024-32288 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. | -- | Apr 17, 2024 |
CVE-2024-32287 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. | -- | Apr 17, 2024 |
CVE-2024-32286 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. | -- | Apr 17, 2024 |
CVE-2024-32285 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. | -- | Apr 17, 2024 |
CVE-2024-32283 | Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
CVE-2024-32282 | Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
CVE-2024-32281 | Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | -- | Apr 17, 2024 |
CVE-2024-32258 | The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. | -- | Apr 23, 2024 |
CVE-2024-32256 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. | -- | Apr 16, 2024 |
CVE-2024-32254 | Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image. | -- | Apr 16, 2024 |
CVE-2024-32238 | H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router\'s management system can be accessed via the management system page login interface. | -- | Apr 23, 2024 |
CVE-2024-32236 | An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. | -- | Apr 25, 2024 |
CVE-2024-32206 | A stored cross-site scripting (XSS) vulnerability in the component \\affiche\\admin\\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter. | -- | Apr 19, 2024 |
CVE-2024-32205 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 22, 2024 |
CVE-2024-32166 | Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation). | -- | Apr 19, 2024 |
CVE-2024-32163 | CMSeasy 7.7.7.9 is vulnerable to code execution. | -- | Apr 17, 2024 |
CVE-2024-32162 | CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. | -- | Apr 17, 2024 |
CVE-2024-32161 | jizhiCMS 2.5 suffers from a File upload vulnerability. | -- | Apr 17, 2024 |
CVE-2024-32149 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5. | -- | Apr 15, 2024 |
CVE-2024-32147 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23. | -- | Apr 15, 2024 |
CVE-2024-32145 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0. | -- | Apr 15, 2024 |
CVE-2024-32142 | Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0. | -- | Apr 18, 2024 |
CVE-2024-32141 | Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | -- | Apr 15, 2024 |
CVE-2024-32140 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | -- | Apr 15, 2024 |
CVE-2024-32139 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12. | -- | Apr 15, 2024 |
CVE-2024-32138 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8. | -- | Apr 15, 2024 |