Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216535 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-30234 Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. -- Mar 26, 2024 n/a
CVE-2024-30233 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. -- Mar 26, 2024 n/a
CVE-2024-30232 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9. -- Mar 26, 2024 n/a
CVE-2024-30231 Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. -- Mar 26, 2024 n/a
CVE-2024-30230 Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7. -- Mar 28, 2024 n/a
CVE-2024-30229 Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2. -- Mar 28, 2024 n/a
CVE-2024-30228 Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. -- Mar 28, 2024 n/a
CVE-2024-30227 Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. -- Mar 28, 2024 n/a
CVE-2024-30226 Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. -- Mar 28, 2024 n/a
CVE-2024-30225 Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. -- Mar 28, 2024 n/a
CVE-2024-30224 Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. -- Mar 28, 2024 n/a
CVE-2024-30223 Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. -- Mar 28, 2024 n/a
CVE-2024-30222 Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. -- Mar 28, 2024 n/a
CVE-2024-30221 Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. -- Mar 28, 2024 n/a
CVE-2024-30205 In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. -- Mar 25, 2024 n/a
CVE-2024-30204 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. -- Mar 25, 2024 n/a
CVE-2024-30203 In Emacs before 29.3, Gnus treats inline MIME contents as trusted. -- Mar 25, 2024 n/a
CVE-2024-30202 In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. -- Mar 25, 2024 n/a
CVE-2024-30201 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4. -- Mar 27, 2024 n/a
CVE-2024-30200 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2. -- Mar 28, 2024 n/a
CVE-2024-30199 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8. -- Mar 27, 2024 n/a
CVE-2024-30198 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5. -- Mar 27, 2024 n/a
CVE-2024-30197 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26. -- Mar 27, 2024 n/a
CVE-2024-30196 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4. -- Mar 27, 2024 n/a
CVE-2024-30195 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through 3.4.2. -- Mar 27, 2024 n/a
CVE-2024-30194 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. -- Mar 27, 2024 n/a
CVE-2024-30193 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17. -- Mar 27, 2024 n/a
CVE-2024-30192 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. -- Mar 27, 2024 n/a
CVE-2024-30187 Anope before 2.0.15 does not prevent resetting the password of a suspended account. -- Mar 25, 2024 n/a
CVE-2024-30186 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1. -- Mar 27, 2024 n/a
CVE-2024-30185 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. -- Mar 27, 2024 n/a
CVE-2024-30184 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6. -- Mar 27, 2024 n/a
CVE-2024-30183 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7. -- Mar 27, 2024 n/a
CVE-2024-30182 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3. -- Mar 27, 2024 n/a
CVE-2024-30181 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30. -- Mar 27, 2024 n/a
CVE-2024-30180 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3. -- Mar 27, 2024 n/a
CVE-2024-30179 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6. -- Mar 27, 2024 n/a
CVE-2024-30178 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3. -- Mar 27, 2024 n/a
CVE-2024-30177 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8. -- Mar 27, 2024 n/a
CVE-2024-30161 In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer. -- Mar 25, 2024 n/a
CVE-2024-30156 Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. -- Mar 25, 2024 n/a
CVE-2024-29946 In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. -- Mar 27, 2024 n/a
CVE-2024-29945 In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. -- Mar 27, 2024 n/a
CVE-2024-29944 An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. -- Mar 25, 2024 n/a
CVE-2024-29943 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. -- Mar 22, 2024 n/a
CVE-2024-29936 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4. -- Mar 27, 2024 n/a
CVE-2024-29935 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0. -- Mar 27, 2024 n/a
CVE-2024-29934 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25. -- Mar 27, 2024 n/a
CVE-2024-29933 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. -- Mar 27, 2024 n/a
CVE-2024-29932 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. -- Mar 27, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online