The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-34032 | Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. | -- | May 3, 2024 | n/a |
CVE-2024-34031 | Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. | -- | May 3, 2024 | n/a |
CVE-2024-34020 | A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. | -- | Apr 29, 2024 | n/a |
CVE-2024-34011 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | -- | Apr 29, 2024 | n/a |
CVE-2024-34010 | Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | -- | Apr 29, 2024 | n/a |
CVE-2024-33949 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a through 2.0.0. | -- | May 2, 2024 | n/a |
CVE-2024-33948 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pixel Industry TweetScroll Widget allows Stored XSS.This issue affects TweetScroll Widget: from n/a through 1.3.7. | -- | May 2, 2024 | n/a |
CVE-2024-33947 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0. | -- | May 3, 2024 | n/a |
CVE-2024-33946 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a through 4.0.10. | -- | May 3, 2024 | n/a |
CVE-2024-33945 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8. | -- | May 3, 2024 | n/a |
CVE-2024-33944 | Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. | -- | May 2, 2024 | n/a |
CVE-2024-33943 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.This issue affects Ultimate Under Construction: from n/a through 1.9.3. | -- | May 3, 2024 | n/a |
CVE-2024-33941 | Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1. | -- | May 3, 2024 | n/a |
CVE-2024-33940 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14. | -- | May 3, 2024 | n/a |
CVE-2024-33937 | Missing Authorization vulnerability in Nico Martin Progressive WordPress (PWA).This issue affects Progressive WordPress (PWA): from n/a through 2.1.13. | -- | May 3, 2024 | n/a |
CVE-2024-33936 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10. | -- | May 3, 2024 | n/a |
CVE-2024-33935 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0. | -- | May 3, 2024 | n/a |
CVE-2024-33934 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1. | -- | May 3, 2024 | n/a |
CVE-2024-33932 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0. | -- | May 3, 2024 | n/a |
CVE-2024-33931 | Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3. | -- | May 3, 2024 | n/a |
CVE-2024-33930 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | -- | May 2, 2024 | n/a |
CVE-2024-33929 | Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6. | -- | May 3, 2024 | n/a |
CVE-2024-33928 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodeBard CodeBard\'s Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard\'s Patron Button and Widgets for Patreon: from n/a through 2.2.0. | -- | May 3, 2024 | n/a |
CVE-2024-33927 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Team GIPHY Giphypress allows Stored XSS.This issue affects Giphypress: from n/a through 1.6.2. | -- | May 3, 2024 | n/a |
CVE-2024-33926 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0. | -- | May 3, 2024 | n/a |
CVE-2024-33925 | Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. | -- | May 3, 2024 | n/a |
CVE-2024-33924 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Realtyna Realtyna Organic IDX plugin allows Reflected XSS.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. | -- | May 3, 2024 | n/a |
CVE-2024-33923 | Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. | -- | May 3, 2024 | n/a |
CVE-2024-33922 | Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | -- | May 2, 2024 | n/a |
CVE-2024-33921 | Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | -- | May 3, 2024 | n/a |
CVE-2024-33920 | Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3. | -- | May 3, 2024 | n/a |
CVE-2024-33919 | Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. | -- | May 3, 2024 | n/a |
CVE-2024-33918 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23. | -- | May 3, 2024 | n/a |
CVE-2024-33916 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0. | -- | May 3, 2024 | n/a |
CVE-2024-33915 | Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. | -- | May 3, 2024 | n/a |
CVE-2024-33914 | Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | -- | May 3, 2024 | n/a |
CVE-2024-33913 | Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | -- | May 2, 2024 | n/a |
CVE-2024-33912 | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | -- | May 6, 2024 | n/a |
CVE-2024-33911 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. | -- | May 2, 2024 | n/a |
CVE-2024-33910 | Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | -- | May 6, 2024 | n/a |
CVE-2024-33908 | Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | -- | May 7, 2024 | n/a |
CVE-2024-33907 | Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. | -- | May 7, 2024 | n/a |
CVE-2024-33905 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. | -- | Apr 29, 2024 | n/a |
CVE-2024-33904 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. | -- | Apr 29, 2024 | n/a |
CVE-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. | -- | Apr 29, 2024 | n/a |
CVE-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. | -- | Apr 29, 2024 | n/a |
CVE-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute. | -- | Apr 29, 2024 | n/a |
CVE-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | -- | Apr 29, 2024 | n/a |
CVE-2024-33871 | -- | May 10, 2024 | n/a | |
CVE-2024-33870 | -- | May 10, 2024 | n/a |