The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-34574 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1. | -- | May 8, 2024 | n/a |
| CVE-2024-34573 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1. | -- | May 8, 2024 | n/a |
| CVE-2024-34572 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2. | -- | May 8, 2024 | n/a |
| CVE-2024-34571 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0. | -- | May 8, 2024 | n/a |
| CVE-2024-34570 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3. | -- | May 8, 2024 | n/a |
| CVE-2024-34569 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9. | -- | May 8, 2024 | n/a |
| CVE-2024-34568 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1. | -- | May 8, 2024 | n/a |
| CVE-2024-34566 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0. | -- | May 8, 2024 | n/a |
| CVE-2024-34565 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10. | -- | May 8, 2024 | n/a |
| CVE-2024-34564 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1. | -- | May 8, 2024 | n/a |
| CVE-2024-34563 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9. | -- | May 8, 2024 | n/a |
| CVE-2024-34562 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0. | -- | May 8, 2024 | n/a |
| CVE-2024-34561 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71. | -- | May 8, 2024 | n/a |
| CVE-2024-34560 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GOMO gee Search Plus allows Stored XSS.This issue affects gee Search Plus: from n/a through 1.4.4. | -- | May 8, 2024 | n/a |
| CVE-2024-34558 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | -- | May 8, 2024 | n/a |
| CVE-2024-34553 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1. | -- | May 8, 2024 | n/a |
| CVE-2024-34548 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8. | -- | May 8, 2024 | n/a |
| CVE-2024-34547 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34. | -- | May 8, 2024 | n/a |
| CVE-2024-34546 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HabibCoder Sticky Social Link allows Stored XSS.This issue affects Sticky Social Link: from n/a through 1.0.0. | -- | May 8, 2024 | n/a |
| CVE-2024-34538 | Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. | -- | May 6, 2024 | n/a |
| CVE-2024-34534 | A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. | -- | May 7, 2024 | n/a |
| CVE-2024-34533 | A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | -- | May 7, 2024 | n/a |
| CVE-2024-34532 | A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | -- | May 7, 2024 | n/a |
| CVE-2024-34529 | Nebari through 2024.4.1 prints the temporary Keycloak root password. | -- | May 6, 2024 | n/a |
| CVE-2024-34528 | WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. | -- | May 6, 2024 | n/a |
| CVE-2024-34527 | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | -- | May 6, 2024 | n/a |
| CVE-2024-34525 | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. | -- | May 6, 2024 | n/a |
| CVE-2024-34524 | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. | -- | May 6, 2024 | n/a |
| CVE-2024-34523 | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | May 7, 2024 | n/a |
| CVE-2024-34519 | Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have. | -- | May 5, 2024 | n/a |
| CVE-2024-34517 | The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges. | -- | May 7, 2024 | n/a |
| CVE-2024-34515 | image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). | -- | May 5, 2024 | n/a |
| CVE-2024-34511 | Component Server in Gradio before 4.13 does not properly consider _is_server_fn for functions. | -- | May 5, 2024 | n/a |
| CVE-2024-34510 | Gradio before 4.20 allows credential leakage on Windows. | -- | May 5, 2024 | n/a |
| CVE-2024-34509 | dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | -- | May 5, 2024 | n/a |
| CVE-2024-34508 | dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | -- | May 5, 2024 | n/a |
| CVE-2024-34507 | An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. | -- | May 5, 2024 | n/a |
| CVE-2024-34506 | An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. | -- | May 5, 2024 | n/a |
| CVE-2024-34502 | An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. | -- | May 5, 2024 | n/a |
| CVE-2024-34500 | An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class. | -- | May 5, 2024 | n/a |
| CVE-2024-34490 | In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | -- | May 5, 2024 | n/a |
| CVE-2024-34489 | OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34488 | OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34487 | OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34486 | OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34484 | OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34483 | OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34478 | btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds. | -- | May 5, 2024 | n/a |
| CVE-2024-34476 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len. | -- | May 5, 2024 | n/a |
| CVE-2024-34475 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. | -- | May 5, 2024 | n/a |
