The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-33592 | Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | -- | Apr 25, 2024 |
| CVE-2024-33591 | Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10. | -- | Apr 29, 2024 |
| CVE-2024-33590 | Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. | -- | Apr 29, 2024 |
| CVE-2024-33589 | Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0. | -- | Apr 29, 2024 |
| CVE-2024-33588 | Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. | -- | Apr 29, 2024 |
| CVE-2024-33587 | Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0. | -- | Apr 29, 2024 |
| CVE-2024-33586 | Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. | -- | Apr 29, 2024 |
| CVE-2024-33585 | Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1. | -- | Apr 29, 2024 |
| CVE-2024-33584 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4. | -- | Apr 29, 2024 |
| CVE-2024-33575 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. | -- | Apr 29, 2024 |
| CVE-2024-33571 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a through 1.5.6. | -- | Apr 29, 2024 |
| CVE-2024-33566 | Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | -- | Apr 29, 2024 |
| CVE-2024-33562 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5. | -- | Apr 29, 2024 |
| CVE-2024-33559 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | -- | Apr 29, 2024 |
| CVE-2024-33558 | Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | -- | Apr 29, 2024 |
| CVE-2024-33554 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5. | -- | Apr 29, 2024 |
| CVE-2024-33553 | Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | -- | Apr 29, 2024 |
| CVE-2024-33551 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. | -- | Apr 29, 2024 |
| CVE-2024-33548 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. | -- | Apr 29, 2024 |
| CVE-2024-33546 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | -- | Apr 29, 2024 |
| CVE-2024-33544 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | -- | Apr 29, 2024 |
| CVE-2024-33542 | Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5. | -- | Apr 29, 2024 |
| CVE-2024-33540 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6. | -- | Apr 29, 2024 |
| CVE-2024-33539 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35. | -- | Apr 29, 2024 |
| CVE-2024-33538 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1. | -- | Apr 29, 2024 |
| CVE-2024-33537 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4. | -- | Apr 29, 2024 |
| CVE-2024-33531 | cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. | -- | Apr 24, 2024 |
| CVE-2024-33530 | In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby. | -- | May 2, 2024 |
| CVE-2024-33522 | In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. | -- | Apr 29, 2024 |
| CVE-2024-33518 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 |
| CVE-2024-33517 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 |
| CVE-2024-33516 | An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller. | -- | May 1, 2024 |
| CVE-2024-33515 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 |
| CVE-2024-33514 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 |
| CVE-2024-33513 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 |
| CVE-2024-33512 | There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\'s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | -- | May 1, 2024 |
| CVE-2024-33511 | There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\'s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | -- | May 1, 2024 |
| CVE-2024-33465 | Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. | -- | Apr 30, 2024 |
| CVE-2024-33449 | An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter | -- | Apr 29, 2024 |
| CVE-2024-33445 | An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. | -- | Apr 29, 2024 |
| CVE-2024-33444 | SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. | -- | Apr 29, 2024 |
| CVE-2024-33443 | An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. | -- | Apr 29, 2024 |
| CVE-2024-33442 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. | -- | May 1, 2024 |
| CVE-2024-33438 | File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | -- | Apr 29, 2024 |
| CVE-2024-33437 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. | -- | May 1, 2024 |
| CVE-2024-33436 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables | -- | May 1, 2024 |
| CVE-2024-33435 | Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend function | -- | Apr 29, 2024 |
| CVE-2024-33431 | An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33430 | An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | -- | May 1, 2024 |
| CVE-2024-33429 | Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. | -- | May 1, 2024 |
