The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-33612 | An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | May 8, 2024 | n/a |
| CVE-2024-33608 | When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | May 8, 2024 | n/a |
| CVE-2024-33604 | A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | -- | May 8, 2024 | n/a |
| CVE-2024-33576 | Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | -- | May 7, 2024 | n/a |
| CVE-2024-33574 | Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | -- | May 8, 2024 | n/a |
| CVE-2024-33573 | Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | -- | May 8, 2024 | n/a |
| CVE-2024-33570 | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3. | -- | May 7, 2024 | n/a |
| CVE-2024-33434 | An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. | -- | May 7, 2024 | n/a |
| CVE-2024-33411 | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33410 | SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33409 | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33408 | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33407 | SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33406 | SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33405 | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33404 | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33403 | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. | -- | May 6, 2024 | n/a |
| CVE-2024-33382 | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | -- | May 9, 2024 | n/a |
| CVE-2024-33294 | An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | -- | May 6, 2024 | n/a |
| CVE-2024-33164 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | -- | May 7, 2024 | n/a |
| CVE-2024-33161 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | -- | May 7, 2024 | n/a |
| CVE-2024-33155 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | -- | May 7, 2024 | n/a |
| CVE-2024-33153 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | -- | May 7, 2024 | n/a |
| CVE-2024-33149 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | -- | May 7, 2024 | n/a |
| CVE-2024-33148 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. | -- | May 7, 2024 | n/a |
| CVE-2024-33147 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. | -- | May 7, 2024 | n/a |
| CVE-2024-33146 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. | -- | May 7, 2024 | n/a |
| CVE-2024-33144 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | -- | May 7, 2024 | n/a |
| CVE-2024-33139 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | -- | May 7, 2024 | n/a |
| CVE-2024-33124 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. | -- | May 7, 2024 | n/a |
| CVE-2024-33122 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. | -- | May 7, 2024 | n/a |
| CVE-2024-33121 | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the \'s\' parameter in the search() function. | -- | May 7, 2024 | n/a |
| CVE-2024-33120 | Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. | -- | May 7, 2024 | n/a |
| CVE-2024-33118 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. | -- | May 7, 2024 | n/a |
| CVE-2024-33117 | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. | -- | May 7, 2024 | n/a |
| CVE-2024-33113 | D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | -- | May 6, 2024 | n/a |
| CVE-2024-33112 | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | -- | May 6, 2024 | n/a |
| CVE-2024-33111 | D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. | -- | May 6, 2024 | n/a |
| CVE-2024-33110 | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | -- | May 6, 2024 | n/a |
| CVE-2024-32982 | Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4. | -- | May 6, 2024 | n/a |
| CVE-2024-32980 | Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application\'s component handling the incoming request is configured with an `allow_outbound_hosts` list containing `self`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn\'t include the hostname/port. Spin 2.4.3 has been released to fix this issue. | -- | May 8, 2024 | n/a |
| CVE-2024-32972 | go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards. | -- | May 6, 2024 | n/a |
| CVE-2024-32886 | Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7. | -- | May 8, 2024 | n/a |
| CVE-2024-32807 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. | -- | May 6, 2024 | n/a |
| CVE-2024-32761 | Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker\'s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | -- | May 8, 2024 | n/a |
| CVE-2024-32674 | Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | -- | May 8, 2024 | n/a |
| CVE-2024-32371 | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | -- | May 7, 2024 | n/a |
| CVE-2024-32370 | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. | -- | May 7, 2024 | n/a |
| CVE-2024-32369 | SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. | -- | May 7, 2024 | n/a |
| CVE-2024-32113 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | -- | May 8, 2024 | n/a |
