The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-33871 | -- | May 10, 2024 | |
| CVE-2024-33870 | -- | May 10, 2024 | |
| CVE-2024-33869 | -- | May 10, 2024 | |
| CVE-2024-33868 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. | -- | May 14, 2024 |
| CVE-2024-33867 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. | -- | May 14, 2024 |
| CVE-2024-33866 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | -- | May 14, 2024 |
| CVE-2024-33865 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. | -- | May 14, 2024 |
| CVE-2024-33864 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. | -- | May 14, 2024 |
| CVE-2024-33863 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. | -- | May 14, 2024 |
| CVE-2024-33860 | An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | -- | May 7, 2024 |
| CVE-2024-33859 | An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn\'t being escaped in the Interesting Field Web UI, leading to XSS. | -- | May 7, 2024 |
| CVE-2024-33858 | An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. | -- | May 7, 2024 |
| CVE-2024-33857 | An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | -- | May 7, 2024 |
| CVE-2024-33856 | An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. | -- | May 7, 2024 |
| CVE-2024-33851 | phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.) | -- | Apr 29, 2024 |
| CVE-2024-33844 | The \'control\' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | -- | May 3, 2024 |
| CVE-2024-33835 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function. | -- | May 1, 2024 |
| CVE-2024-33832 | OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. | -- | Apr 30, 2024 |
| CVE-2024-33831 | A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field. | -- | Apr 30, 2024 |
| CVE-2024-33830 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | -- | May 6, 2024 |
| CVE-2024-33829 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | -- | May 6, 2024 |
| CVE-2024-33820 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | -- | May 1, 2024 |
| CVE-2024-33819 | Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function. | -- | May 14, 2024 |
| CVE-2024-33818 | Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. | -- | May 14, 2024 |
| CVE-2024-33793 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | -- | May 3, 2024 |
| CVE-2024-33792 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | -- | May 3, 2024 |
| CVE-2024-33791 | A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | -- | May 3, 2024 |
| CVE-2024-33789 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | -- | May 3, 2024 |
| CVE-2024-33788 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | -- | May 6, 2024 |
| CVE-2024-33787 | Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx. | -- | May 3, 2024 |
| CVE-2024-33786 | An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. | -- | May 3, 2024 |
| CVE-2024-33783 | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | -- | May 7, 2024 |
| CVE-2024-33782 | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | -- | May 7, 2024 |
| CVE-2024-33781 | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | -- | May 7, 2024 |
| CVE-2024-33780 | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | -- | May 7, 2024 |
| CVE-2024-33775 | An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | -- | May 2, 2024 |
| CVE-2024-33774 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter webpage. | -- | May 14, 2024 |
| CVE-2024-33773 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter webpage. | -- | May 14, 2024 |
| CVE-2024-33772 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter curTime. | -- | May 14, 2024 |
| CVE-2024-33771 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter webpage. | -- | May 14, 2024 |
| CVE-2024-33768 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. | -- | May 1, 2024 |
| CVE-2024-33767 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. | -- | May 1, 2024 |
| CVE-2024-33766 | lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0. | -- | May 1, 2024 |
| CVE-2024-33764 | lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. | -- | May 1, 2024 |
| CVE-2024-33763 | lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp. | -- | May 1, 2024 |
| CVE-2024-33753 | Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. | -- | May 6, 2024 |
| CVE-2024-33752 | An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. | -- | May 6, 2024 |
| CVE-2024-33749 | DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. | -- | May 6, 2024 |
| CVE-2024-33748 | Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier. | -- | May 7, 2024 |
| CVE-2024-33697 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rimes Gold CF7 File Download – File Download for CF7 allows Stored XSS.This issue affects CF7 File Download – File Download for CF7: from n/a through 2.0. | -- | Apr 26, 2024 |
